I have the Grails Spring Security ldap plugin working and connecting to my Active Directory. Now I am trying to add the Spring Security UI plugin to manage my AD users and roles. Is this possible?
It appears that the spring security ui plugin controllers only handle database user/role crud.
Right, there's no support for managing LDAP in the UI plugin. I'm not sure how well-maintained it is, but the http://grails.org/plugin/ldap can manage LDAP.
Related
I was wondering about the best way to secure your spring boot application in a dynamic way,
I am using my own authorization server using spring security with one client (app) now I should configure again to have dynamic clients,
It's not that hard but it made me questioning whether the spring auth server is the best option or I should go to Keycloak for example ?
best way to secure your spring boot application
The best way to use authentication in spring based application is using spring security. Now it depends on your use-case that you should authenticate user from application database, LDAP or Active Directory, in-memory authentication.
using my own authorization server using spring security with one client (app) now I should configure again to have dynamic clients
I believe you meant authentication instead of authorization in above line. You can stick to spring security by building admin console for user management. Both authentication and authorization can be managed from admin console. But as said before it is completely your use-case.
If your usecase says that app-users are already logging in
centralized Active Directory and they dont need to login again for
your application, implement Spring security with LDAP and SSO.
If your usecase say that there is no centralized authentication server and appuser details are very specific to you application, implement Spring securirty with database authentication
I'm just prototyping the migration from Spring MVC to Spring WebFlux using the latest milestone releases (also Spring Boot, Spring Data, and Spring Security). Using the Maven module spring-security-webflux I was able to setup BASIC authentication. However, I didn't find how to define a realm. Any hint is appreciated.
I am developing the webapi using jaxrs plugin in a Grails project (existing) in which there is Spring Security configured which is not allowing me to access the api urls i.e /api/**
I am getting You are not authorised to access this page though I have logged in as Admin but I am not able to configure the access to this path with/without authentication.
I guess you're using spring security?
Authentication is generally handled a little differently when implementing a rest api. Check out the excellent Spring Security REST Plugin. There's some really nice documentation here that explains the authentication lifecycle.
I want to get the list of all users in a specific group of an LDAP directory, and also I'm using Spring Security LDAP; and I cant find any thing that could solve my issue.
I'm already have Spring Security LDAP and I can get context and principal and so on.
I also read my Spring Security LDAP plugin functions but found nothing to get list of all users.
What should I do? Did I have to make a query? If yes, how?
In context of spring security, the framework only aims to find the LDAP user and then verifies if the passwords are correct.
The loading of roles can be done multiple ways, but usually boils down to:
Specifying which LDAP User attributes should be loaded as Roles
Provide your own custom 'role' mapper, as described in Handling roles when authenticated to active directory with spring security 3.1
If you want to do some plain LDAP Search outside of the Spring security context, I would suggest you take a look at the example in chapter 1.2 of the Spring LDAP Reference guide.
http://docs.spring.io/spring-ldap/docs/current-SNAPSHOT/reference/#traditional-java-ldap-v-s-ldaptemplate
I need to have certain URLs (actions) in my app where I receive Credit Card information be SSL/https. I'm using the new set of Grails security plugins, i.e. Spring Security Core, and Spring Security UI. These apparently replace the ACEGI security plugin, which I understand had some SSL configuration capabilities at the controller level.
Can you tell me what the current recommendation is for switching to https for certain controllers/actions? Do I need to resolve everything in Tomcat?
Thanks
See section "17 Channel Security" in the Spring Security Core plugin docs: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/