I need to build microservice architecture like in the image. The question is how do I must authenticate users in resource service using keycloack. Do I must to get the token from UI app and add this token manually in the app or there is some automatic method using spring app to get info from the resource service?
If I need to add it manually then how can I get this token inside the app?
Keycloak provides spring security integration module. It renders login form for your UI application that authenticates user against keycloak. The token is stored then in session. Keycloak plugin is responsible to validate the token against keycloak server.
https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/spring-security-adapter.adoc
Related
Current Model
I have one Angular application that calls a Java rest service (not a spring boot application) that have multiple rest end points. Initially the login will be called using username and password to acquire a JSESSIONID and this id will be passed in Authorization header of all subsequent rest calls.
New Model
Now I need to change the login scenario using Azure AD.
Angular will call the AAD login and this is working by registering the app as a SPA in Azure. Now how to implement the Rest calls flow using the token.
Do I need to register the Rest API also in Azure?
Is there a way to validate the token in java back end manually.?
Rest application Java - most of the samples uses Spring or spring boot. Is there any samples other than spring / spring security.
I would say that the best practice is to register the API and UI as a separate application in Azure AD.
You will have to grant the web application permissions to the web API and request an access token for it. Here is a good reading (the article is about Azure AD B2C, but it is the same for Azure AD):
Configure authentication in a sample single-page application
can somebody show how to configure a SPRING-BOOT back-end (web app) to work with a JWT token, that is valid and issued for the back-end by google. I cannot find any example. The spring security configuration is missing something.
I've configured the Spring boot adapter to work with a web application. But it's a different flow. The redirects for Android for example do not pass through the back-end. And so a new user that is logging in from a mobile device has a valid token but doesn't trigger a login or registration process.
Kind Regards :)
I have a java application running on wildfly server, that uses ejbs and Servlet HttpSecurity. There is no Spring Boot implemented. I am working on a task where access control of the application must be handled by Okta. Basically when user hits the url to access the application, they must be redirected to Okta log in page, where they provide the credentials. And after authentication, user can access the app.
Is there any way this task can be done without using Spring Boot?
I tried https://github.com/okta/okta-auth-java#usage-guide but it requires username and password to be provided in the code itself which is not the requirement.
I have access to a web application which has a link to another application I'm developing. When that link is clicked the URL is filled with two parameters: user, and token.
This token is generated per every user login on that very same web application.
I want to use that token and user to authenticate someone in the application I'm developing!
I have access to the source app's database in order to query against the token and username.
However I need help finding a way to implement this logic with Spring-Boot. Do I need a custom filter / authentication provider? How to wire these things up with Spring?
I want to stick to the framework rather than developing my own solution for this.
TL;DR: I need help securing a RESTful controller with a token I obtain through GET
Thank you!
Yes, you could write filter to authenticate token.
If you want make architecture a bit better I would recommend creating gateway (i.e. Zuul) and invoke second application through gateway. Implement gateway to authenticate requests. In my architecture I create separate Auth component to generate token and validate token. Gateway could call Auth to validate token.
I have a web application that contains ui based on jsf 2.0 and a set of rest apis.
The ui side of the application is accessed from a browser and rest apis are invoked from a mobile app.
For the authentication for the UI is managed by jsf , (no form nothing, jsf manages everything). Now, I want the user to be authenticated before he/she can access the rest apis.
Can I set up the web application to have Basic authentication so that I can set the username and password in the header when calling the rest apis?
You will need to have a security filter for your web application. (this can be done with spring security - Integrating Spring security with JSF 2 )
The user will have to pass a username and password to your application.
Then, you just need to configure your rest api to work with basic authentication. Since basic authentication is a HTTP feature, every time you call the rest service, you will need to pass the username/password in the request.