How would I achieve Spring Boot + Keycloak authentication with PostgreSQL database having users and user role tables already built from the Django application?
configure Keycloak to use your existing database (plenty of answers / articles / doc on the subject)
configure Spring API applications as resource-servers
configure UI applications as OpenID clients (with a help of an OpenID client lib)
Let me understand your scenario first.Then maybe I or someone else can help you. Do you have a set of users and user roles in an existing system that is built using Django application and Postgres DB ? And you want to use the same database as your keycloak database in a Spring Boot + Keycloak authentication system ?
Keycloak generally as it's own structure for database management. You can't just use any existing database used on another authentication system that doesn't follow the exact same ways like keycloak. IMO, what you can do is migrate your existing users and user role data in keycloak database using any migration script or api. Keycloak has a hell lot of apis for almost all sorts of needs. This link has a lot of api examples. You can also follow their api documentation.
Related
in a project for my internship I have a spring boot application that manages some products, orders, and users.
I chose to use keycloak for authentication and authorization I achieved a good part of the job but now I'm facing a problem that makes the whole usage of keycloak in such a project a question.
So briefly the user authenticates in keycloak and I got the token in spring I extract the Infos and if the user is not in my database (the one related to spring which is different from keycloak database ) I create a new one but now when I'm thinking if a user is deleted from keycloak it will remain in my application database and even the update of users is gonna be difficult.
So my question is should I continue searching for a solution (calling keycloak endpoint from spring is one of them but still thinking about it ) or just go for a JWT implementation .
I chose keycloak cause it's a tested solution and got many features that are easy to use if I needed them in the future but now I got these problems with it.
THANKS for the help !!
Have you considered to configure Keycloak with a custom provider (external user database)?
Something like that: https://www.baeldung.com/java-keycloak-custom-user-providers.
This way, your spring services keep complete control over users database.
I am developing a back-end application, but my application is only part of the whole project, there exists a cookies login application so that the authentication is done and not my control.
In this app, i have to design a file sharing system, some types of clients, file sharing between clients.
I can only get the cookie(custom logic and not standard) which contains all data i need.
My manager advices me to use spring security to do only authorization and then code the acl logic in the authorization. I doubt if it is a good idea.
i have read the spring security doc in brief, cant find any idea about my situation.
Finally sorry for my poor english.
Its up to you. But I would suggest Spring Security.It is a flexible and powerful authentication and access control framework to secure Spring-based Java web application.
I am working on a java application having Database authentication using spring-security.
It is very usual that, this application is used with other applications on similar domain.
Requirement: The need is that all such partner apps should be able to share common authentication with my application.
Also it is required to continue supporting DB authentication as well.
One way I found is to embed LDAP server like ApacheDS in my application so that other partner apps can use it to get authenticated.
In this case, I need to load ApacheDS with related Database records and keep it in sync programmatically.
But disadvantage on this is to have redundant copy of authentication data - one at DB and another at ApacheDS LDAP.
Question: Is there any way to avoid such duplication. By googling, I found option of having virtual directory server Penrose or Oracle Virtual Directory. But unfortunately they cannot be embedded in application. Is there any way to provide embedded LDAP support on top of existing Database authentication?
Disclaimer: I know very little about Spring Framework and even less of Spring Security
Having said that. I did face a similar situation, in my case, it was Apache DS as my app authentication source and client AD as the other.
My deployment environment was Tomcat and I used Tomcat Combined realm, which nests more than one realm for authentication. My app realm was configured to be one and client's AD was configured to be another.
Users could authenticate from any one of the realm, it worked. However, I did have to replicate client's AD users every night (including AD tombstones to mark them inactive), for authentication is one thing but other client information was also required, e.g. email, roles etc. and inclusion of new users.
I am kind of sure that Spring Security will also have the concept of Combined Realm.
I understand that this answer is not really an answer and more of design approach and many years too late at that; however, I wished to share my experience.
Currently I have a requirement from a client where the user may belong to an LDAP server for authentication, or they may belong in an authentication database table.
I want to implement authorisation on my web-service methods with a two step process whereby, (a) the user is first checked against the LDAP server. If the user is not in the LDAP server then (b) check the database table for the user.
In other words it is a cascading two step process. Can this be done in any application server such as Glassfish? I've heard that JBoss can do this.
I don't think it depends on the server, it has to do with whatever security mechanism you choose (like Spring Security etc). I was able to achieve this on Tomcat with Spring Security.
EDIT: you might wanna read this: How to use both database and LDAP authentication in Spring security?
We are currently implementing a portal to our web based services. The portal and services are written with Seam and we are using OpenLDAP to store the security data such as users, groups and permissions. So far we have looked at writing our own code to access LDAP but are there any existing APIs that we could use?
If you're a Spring user, I'd look into the Spring LDAP modules. They're beautifully done; they follow the idiom laid down by their JDBC implementation. Very clean, very nice.
We did this for our web application a while ago and investigated the following:
http://developers.sun.com/sw/docs/examples/appserver/ldap.html
However, we ended up just using the LDAP support built in to Tomcat, since basic authentication was enough for us.
Here is an example on how we set up out authentication in tomcat:
http://blog.mc-thias.org/?c=1&more=1&pb=1&tb=1&title=tomcat_ldap_authentication
JLDAP
The LDAP Class Libraries for Java (JLDAP) allow you to write applications to access, manage, update, and search for information stored in directories accessible using LDAPv3.