I am developing a dynamic web application in Eclipse.
I am using Struts2 as my framework along with Hibernate as my ORM.
I need to implement role based access control for which I found Spring Security to be ideal.
However, I am having difficulty integrating it to my project.
I need help integrating, for which any help/advice/tutorial would be humbly accepted.
I found this website to be quite useful for beginners dealing with web development technologies
Related
Im trying to create a SP using SAML2, I see there is a good spring security extension for SAML, however the project that I'm working on does not have spring and I need to implement a SSO.
Reading at the extension documentation, seems that it can be use to no-spring projects, do you guys know if there are any code samples showing how to integrate both?
Thanks in advance...
there's an excellent blog (http://blog.samlsecurity.com/) which deals with Java and OpenSAML which i've used as a resource for much of my IdP implementation to test SAML/Spring (when using for the ServiceProvider)
I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
Have you looked at Thinktecture.IdentityServer v3? I'm at the moment using it and very simple to use.
It is still in Beta but RTM will be available soon. It has good documentation and samples too.
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki
Update:
Identity Server 4 is also available. It supports cross-platform deployment with .NET Core.
https://github.com/IdentityServer/IdentityServer4/
Have you looked at the MSDN article by Michele Leroux Bustamante?
It's a little old and based on WCF, but it has code accompanying it.
Building A Custom Security Token Service
If you want ASP.NET based example, Microsoft published this:
ASP.NET Security Token Service Web Site
There's also this STS project on CodePlex.
What options do I have to enforce authentication/authorization in a java web app ?
From my research, there's:
JAAS
JNDI
Spring security
Any others ? Does JEE5 or JEE6 have anything new ?
if you do not want to implement the identity-provider by yourself, you can consider using OpenID. This way, you can use any OpenID provider to provide the authentication/authorization.
In addition, you can consider OAuth2.
Do not mix between the two, there are many posts here that can explain the differences...
See Securing Web Applications chapiter for JEE6. Also you can consider Apache Shiro as alternative for Spring Security. If you already use Spring Framework then just go with Spring Security.
Java EE 6 security currently leaves much to be desired (for me that's just saying), I however stumbled upon Apache Shiro and Spring Security as more popular security frameworks for the Java enterprise.
I am more inclined to go the Spring Security direction because of non existent tag library for the Apache Shiro alternative.
However surprisingly, I cannot find any tutorial that details how to integrate spring security with the Java EE 6 stack. Do you have any recommendations?
As a variant: this filter wraps request implementing the servlet API security methods. So app level frameworks may work with requests security using standard API.
Weblogic AS has it's own guidelines for such integration.
I have decided to go the Apache Shiro partway. Tag library exists in www.github.com. And documentation seems appropriate enough
I started with Spring and Spring ROO as job switched with no past experience in Java Development. From last 1.5 year experience doing development in Ruby on Rails. So my new company want me to work with Spring and Spring ROO no Grails/Groovy:(. As no past experience in JAVA DEVELOPMENT struggling a lot with understanding of configuration of XML and Annotation support. Although i covered basics of but Now i was looking to find a way that Spring have such support of Ajax call CRUD operations of entities or Javascript call to execute script which i get as result of remote true URL click. As Rails framework (rails.js).
Hopefuly the person who work with ROR and Spring ROO may be best person to answer my question. Thanks in Advance.
To implement CRUD operations, I may suggest you to use REST service. It is easy to create with Spring MVC.
Spring blog
Good example
Another fast example
And ofcourse Spring documentation
This is copied part of my previous answer :
My advice to you would be to download the spring source(eclipse like IDE) :
http://www.springsource.org/springsource-tool-suite-download
After downloading it you can simply go to File > New > Spring Template Project > Spring MVC project
After you're done with creating project, the working template project(structured project, example controller file, example view, pom.xml etc.) will be created for you. You can just build it and deploy it to tomcat or whatever.
Btw. check this out :
https://github.com/SpringSource/spring-mvc-showcase/blob/master/MasteringSpringMVC3.pdf?raw=true
It is enough to get you started well off with Spring MVC.
I once had the same problem to you (I used to develope Groovy/Grails, then switch to Spring MVC). Unfortunately, I don't think there's an easy way to make what you ask in Spring. Spring doesn't have much productivity-enhanced functions,but it enables flexibility instead.
In short, you will be able to do Ajax, but with a lot more manual configuration (pure html/javascript-jQuery and java code) - like in Vacuum answer.
Jquery ajax might be the best solution you can find though it only help you send the the CRUD requests to server side. You must write java code at server to process those requests.