I am trying to integrate SAML OKTA in a spring boot application. I need to use the the following bean setup in spring boot:
Can any one please help me setting the responseSkew property in webSSOprofileConsumer bean in Spring boot.I just need an equivalent spring injection technique of the xml configuration that I mentioned above in annotation based spring boot injection.
I have already gone through the link :
http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html
There it is mentioned about setting responseSkew but it is not mentioned how to do it in java based annotated configuration in a spring boot application.
Thanks in advance.
If you're using a child class of AbstractProfileBase (e.g. WebSSOProfileConsumerImpl) you simply can use its setter:
setResponseSkew(int responseSkew)
For xml configuration of spring boot I dunno how to achieve this because I never got used to it.
Related
Spring Boot doc states "Absolutely no code generation and no requirement for XML configuration."
What is "code generation" in that context?
It states that Spring Boot doesn't generate or edit code
Spring Boot does not generate code or make edits to your files. Instead, when you start your application, Spring Boot dynamically wires up beans and settings and applies them to your application context.
It means no extra code is generated and executed except your code and spring boot dependencies you added
TL;DR
Is there a way to mix Spring Web Security configuration with both annotations and xml?
Full Story
For our legacy spring web application we are looking into using annotation driven configuration for part of our web security.
Currently all our web security (<security:http>) is driven by xml based configuration. But we are adding a new login mechanism (SAML 2.0) that seems like it would be much easier to configure via annotations than xml.
We have been attempting to mix the use of annotations and xml, but it seems as though only one or the other works. Meaning that when any xml based web security is referenced, either via an xml (<import resource="classpath:web-security.xml"/> or via the #ImportResource annotation, the annotation based web security is ignored.
If we remove references to the xml based configuration our annotation configuration gets called.
Any friendly suggestions or advice is appreciated.
Mixing the Spring Web Security XML and annotation configurations would mean that that the same bean instance, viz., security:http is being configured via XML as well as JavaConfig. It would be configured with some intercept URL patterns using XML and some other Ant matchers using JavaConfig. But please note that intercept URL patterns are always evaluated in the order they are defined and also the matchers are considered in order. So, Spring Security only considers the XML configurations and ignores the JavaConfig ones as, if it considers both, it won't have any sense of order of URL definitions. I couldn't find any documentation that directly supports this theory. If you share the Spring Boot log statements that are produced when the application boots up, we may get a better view of what Spring Boot is doing.
So, I don't think that you can mix Spring Annotations with XML Configuration when configuring Spring Web Security and will advise to migrate legacy XML configurations to JavaConfig.
How to set multiple view resolver in Spring Boot MVC application using the application.properties file?
I know how to set multiple view resolver in Spring MVC application using the XML configuration. But want to know that is it possible to set it while using the Spring Boot and the configurations are stored in the application.properties file.
If not is there any other way to achieve the goal in Spring Boot MVC application.
Multiple views resolving using the application.properties file is not possible, But using the java configuration you can achieve this. I have found the ref article using you can achieve the desired goal.
The solution is pretty much lengthy and has many code snippets involving it. So I am providing the ref link to the solution:
https://o7planning.org/en/11257/using-multiple-viewresolvers-in-spring-boot
Anyone know how to get a reference of the current proxy in a class with #Service annotation in Spring boot?
AopContext.currentProxy() doesn't work, it says that need to set exposeProxy to true, but I've no idea how to do it with Spring boot.
There was a bug related but it was resolved on Spring 4.3.1.
Now you can set #EnableAspectJAutoProxy(exposeProxy=true)
i am just migrating a spring 3 application from xml-configuration to java config.
We are using spring 3.2.8 + spring security 3.2.4.
I am wondering how to move the following XML config to java.
<oauth:client id="oauth2ClientFilter" />
Any idea?
Ok, so it seems (if you are not using spring boot) right now there is no direct possibility of doing a full java-configuration for SSO/OAuth2.
I got around it by using #import to load my old XML-based configuration-
#Configuration
#EnableWebSecurity
#ImportResource({"classpath*:spring-security-RSA.xml"})
public class SecurityRSAStrategyConfiguration {
...
}
I have exactly the opposite problem, I have a spring (not boot) application and need to authenticate to an external oauth2 IDP (in this case Azure AD), just using spring-security 3.2.1, spring fwork 4.3.18. Finding directions without spring boot is a challenge!