Java EE 6 security currently leaves much to be desired (for me that's just saying), I however stumbled upon Apache Shiro and Spring Security as more popular security frameworks for the Java enterprise.
I am more inclined to go the Spring Security direction because of non existent tag library for the Apache Shiro alternative.
However surprisingly, I cannot find any tutorial that details how to integrate spring security with the Java EE 6 stack. Do you have any recommendations?
As a variant: this filter wraps request implementing the servlet API security methods. So app level frameworks may work with requests security using standard API.
Weblogic AS has it's own guidelines for such integration.
I have decided to go the Apache Shiro partway. Tag library exists in www.github.com. And documentation seems appropriate enough
Related
I have Rest API which require authentication. The application is completely written in java. Is there any libraries present for oauth server side implementation for Rest API ?
I have already checked the spring ouath2 security but I am not sure about the support towards Jersey library as I am using it for development. Can you suggest libraries or documentation for ouath authentication in java
Spring Security appears to be the only framework that provides complete implementation for Oauth 2.0 specifications. Spring supports almost all of JAX-RS implementations (including Jersey).
You might need to tweak these Jersey properties to suit your needs.
Check out this known customization required when using Jersey.
Spring Security OAuth 2.0 developer guide.
I got a Spring Boot 2 Reactive Web Application that currently has a JWT-based authentication system. Now I would like to add a LDAP backend for authentication and allow Single-Sign On (SSO) via Kerberos.
It seems Kerberos and LDAP support is currently limited to webmvc and no dedicated reactive version is available.
Since documentation about integrating all 3 components (WebFlux, LDAP + Kerberos) together in one application is quiet rare I would like to ask if someone of you already took the attempt to set-up such an infrastructure and is willing to share an example how to do.
I ran into the same issues with SAML. I haven't seen any progress on porting these sub projects to be supported in a webflux environment. The obvious approach seems to me to rewrite all servlet filters to WebFilters.
I have site in grails, and now I need to add API support. Third party application will be using it to access resources. I thought of using Spring Security OAuth2 plugin (Plugin link) for that, but I would like, for now, to skip asking user to authorise application (Is that possible?).
Also, I found Spring Security REST (Plugin link).
I have in plan creating also my own mobile application, so I am not sure what is the better solution. Or is it better to use OAuth2 for third party applications and then REST plugin for my own app? What are benefits of one plugin compared to the other?
I am developing a dynamic web application in Eclipse.
I am using Struts2 as my framework along with Hibernate as my ORM.
I need to implement role based access control for which I found Spring Security to be ideal.
However, I am having difficulty integrating it to my project.
I need help integrating, for which any help/advice/tutorial would be humbly accepted.
I found this website to be quite useful for beginners dealing with web development technologies
What options do I have to enforce authentication/authorization in a java web app ?
From my research, there's:
JAAS
JNDI
Spring security
Any others ? Does JEE5 or JEE6 have anything new ?
if you do not want to implement the identity-provider by yourself, you can consider using OpenID. This way, you can use any OpenID provider to provide the authentication/authorization.
In addition, you can consider OAuth2.
Do not mix between the two, there are many posts here that can explain the differences...
See Securing Web Applications chapiter for JEE6. Also you can consider Apache Shiro as alternative for Spring Security. If you already use Spring Framework then just go with Spring Security.