I am in desperate need of help. So as a prerequisite I am tasked with creating a simple web application. The application requirements are to create a simple web form that collects user data and then sends an email verification to the user that just provided information. The difficult aspect of this project is CAS Integration with the Marist College CAS authentication system. A requirement of this project was that I use Spring Boot to create the project. At the moment I have already implemented Spring Security to authenticate users. I have been trying everything online to integrate CAS with my existing project. I was hoping that someone on StackOverflow may have more knowledge on how to integrate CAS with SpringSecurtiy. Also please don't be harsh on me I have never used the spring framework before this project and this is all new to me. The Url of the CAS server is "https://login.marist.edu/cas/". I have looked into https://github.com/apereo/java-cas-client spring support I just don't know how to integrate it with my current application. Thank you to anyone in advance that lends me a hand with this.
As I previously stated I would provide the solution to the problem that I experienced during the processes of integrating a spring application with the Marist CAS 2.0 Authentication System. As Stated above there is a Spring Boot AutoConfiguration that can be used. While this may not be the best method for securing your application it satisfied my needs for the project that I was working on. The Steps to configure your spring application with CAS 2.0 are bellow.
Add Maven Dependency
Maven:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-support-springboot</artifactId>
<version>${java.cas.client.version}</version>
</dependency>
Add the following required properties in Spring Boot's application.properties or application.yml
cas.server-url-prefix=https://cashost.com/cas
cas.server-login-url=https://cashost.com/cas/login
cas.client-host-url=https://casclient.com
3)Annotate Spring Boot application (or any #Configuration class) with #EnableCasClient annotation
#SpringBootApplication
#Controller
#EnableCasClient
public class MyApplication { .. }
4)For CAS3 protocol (authentication and validation filters) - which is default if nothing is specified
cas.validation-type=CAS3
For CAS2 protocol (authentication and validation filters)
cas.validation-type=CAS
For SAML protocol (authentication and validation filters)
cas.validation-type=SAML
Related
I have a web application NOT implemented on Spring Boot or Spring itself. It has no Spring whatsoever, it was made using RESTEasy running on Tomcat.
I'm supposed to add ADFS authentication to this web application through the use of Spring's Security SAML Extension.
I've seen a lot of projects online that implement this feature but all of them use Spring Boot or run on Spring. At the same time I've seen mentions of being able to implement Spring SAML without having a Spring project. So I'm a little confused now.
Is this feat achievable?
If so, could you guide me on how to do it?
Which Maven dependencies do I need exactly?
Which web.xml configs do I need?
Which Beans do I need to implement?
Thank you in advance.
I'm setting up a microservice architecture using Spring Boot and Eureka. I followed several tutorials. However, the Eureka server is showing a login when trying to open the dashboard. Also, registration of a client fails (I think because of the enabled security).
How can I disable the security?
This is my configuration:
eureka.instance.hostname=localhost
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=false
eureka.environment=dev
server.port=1112
I'm using a .properties file instead of .yml. What I tried is to add the property
security.basic.enabled=false
but the result was the same. So I tried to configure Spring Boot Security by myself but this caused 404 HTTP errors because the '/login'-controller was not found (and I don't want to develop this at the moment).
You have added two starter security dependencies in your Gradle. Those are configuring basic username password security. Please remove them.
you can also exclude the SecurityAutoConfiguration in your spring application main class
#SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
We have a existing java web based application built on Jersey framework and looking to provide SSO support using Okta or any other IDP. I have seen many example applications for saml support for spring based applications. Is there any framework which can provide saml support for Jersey based applications? Or Spring SAML extensions can be tweaked to provide support for non-spring baed applications?
Please provide any links or pointers.
Thanks in advance!
It's possible to apply the Spring Security SAML extension on a non-Spring application. We are using Spring SAML with a Wicket web application.
I built a prototype with ADFS as an IdP to check feasibility, before we implemented this approach on the project. You can find the prototype in my Bitbucket repository: blog-spring-security.
Basically, you can use AbstractSecurityWebApplicationInitializer which should transparently enable Spring Security in your application.
public class WebAppInitializer extends AbstractSecurityWebApplicationInitializer {
public WebAppInitializer() {
super(SecurityConfiguration.class);
}
}
Spring configuration for SAML is quite extensive (couple of pages of source code), so I won't paste it here, but if you are going to use Java configuration you can utilize my SecurityConfiguration.java.
In case of XML configuration, I would recommend to follow either Reference Documentation, or sample project securityContext.xml.
1) I have successfully integrated "embedded-spring-rest" example Camunda project with Spring Security. Now I am struggling how to integrate Camunda Tasklist/Cockpit/Admin modules with the former ("embedded-spring-rest" + Spring security). I can't find any examples.
2) I am also trying to bypass Camunda user authentication in order to use user context (login) from Spring Security.
Has somebody achieved to do something similar in 1) or 2) or are there any related examples?
I am not completly sure what you exactly want to package - and how. But the Spring Boot Starter Community Extension (https://github.com/camunda/camunda-bpm-spring-boot-starter) could give some guidance. It starts the Camunda Webapp via Webjar as part of Spring Boot.
Cheers
Bernd
I have a simple web application which I am writing using spring-boot and storm path for user authentication. (I'm actually using spring-boot-starter-stormpath-thymeleaf)
I have a have the following request mapping in my controller
#RequestMapping(value = "/secure", method = RequestMethod.GET)
public String secure(Model mode, HttpServletRequest request) {
Account account = AccountResolver.INSTANCE.getAccount(request);
if (account != null)
return "secure";
else
return "redirect:/login?next=secure";
}
which forces a user to login to view the secure page. It works, but it doesn't feel like it is the most elegant of solutions. Is there a better way? I think a solution with filters should be possible but I cannot figure it out.
The current Stormpath Spring Boot starter does not (yet) have an authentication filter, but it will on future releases for those that want an out-of-the-box experience without having to use Spring Security or Apache Shiro.
That said, we're currently working on natively supporting Spring Security and Apache Shiro as Spring Boot starters that 'just work' with the Stormpath Spring Boot starter. Until we can release those, creating a custom servlet filter as you indicate is the best approach.
Are you also using the Stormpath Servlet as well?
If so, you could do what you need following this piece of documentation. This way you will only need to declare which are the resources of your application that you want to secure and Stormpath's authc filter will prompt for authentication when required.
If you're using Spring MVC, you should use Spring Security and have Stormpath acting as an authentication provider. Then use the standard Spring Security tools to declare access rules and inject the current user where needed.