I've been looking for a very basic example of using LDAP authentication in Spring 3.1. In the docs for the security download I found a page similar to this one
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/sample-apps.html
3.3 LDAP Sample
The LDAP sample application provides a basic configuration and sets up
both a namespace configuration and an equivalent configuration using
traditional beans, both in the same application context file. This
means there are actually two identical authentication providers
configured in this application.
Trouble is, it is not there in the distribution or I am having a brain fart. Can anyone tell where I can find it or another modern Spring LDAP sample?
Thanks in advance
Steve
It's only in svn. You can find it in this URL. Take a look to /samples/samples-utils/ directory.
As it says at the start of the Spring Security samples chapter that you refer to:
To avoid an overly large download, only the "tutorial" and "contacts" samples are included in the distribution zip file. The others can be built directly from the source which you can obtain as described in the introduction.
So you need to use git to clone the repository and build the samples to get the LDAP authentication sample.
Not that Spring LDAP is a different project from Spring Security. Spring Security uses Spring LDAP for LDAP integration.
Related
I finished studying OpenID to understand its main features. The next step is an OpenID Provider program for my clients. My goal is to develop with SpringBoot (without using Spring Security).
I noticed that I have OpenID Connect, MITREid as options. But none presents a tutorial on how to create a customer and supplier of one.
On another topic, found links from IBM, however, are all out of thin air.
It would be of great importance a simple tutorial as a kick start for the OpenID Provider development for my application.
I appreciate that this is a year after the OP's question, but I found some more information whilst doing my own research into the same subject.
There is a Spring Boot port of MitreId available here
which I found very useful as a working example.
I also want to mention that the Mitre is available as a Maven Dependency
I hope this helps the next person visiting this page !
Update 2022
Spring Authorization Server is a supported Spring Security project that should go GA in November 2022
Original
It rarely makes sense for someone to roll-their-own OpenID Connect Provider. It's not trivial. MitreID Connect even uses Spring Security for part of their code. If you want to use MitreID Connect but as "spring-boot", you can look at some ports of mitreid connect to spring-boot and java config...but I'm not certain they are maintained.
By the way, what do you mean by
none presents a tutorial on how to create a customer and supplier of one.
Do you mean how to use mitreid connect?
Documentation
Example provider
Example client
Anyway, unless you really know what you're doing, I'd recommend working with an existing OpenID Connect Provider. See: http://openid.net/developers/certified/
Meanwhile there is a Spring communtity-driven project: Spring Authorization Server it was announced in April 2020 on Spring Blog.
<dependency>
<groupId>org.springframework.security.experimental</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.1.1</version>
</dependency>
Its current version is 0.1.1 available since May 2021. (Version 0.1.0 is available since February 2021)
Tuturial: Baeldung Spring Security OAuth Authorization Server
I have project based on JHipster and I have to implement CAS authentication to have SSO to 2 applications (one is this java jHipster project and another is php app). I found sample configuration in spring docs, but it uses xml configuration. Is there any existing implementation/tutorial using java configuration for CAS client? I'm totally new on this topic, so every hint will be useful.
I've just made a project example with jhipster and CAS auth : https://github.com/jgribonvald/demo-spring-cas-angular.git
feedback is welcome ;)
Was just wondering at the current point in time, what is a good combination of tools/frameworks/libraries for implementing a REST API on top of J2EE that integrates to a backend RDB and using OpenID for authentication.
What I am looking to implement is a server component that provides a set of services, all of which will utilise OpenID authentication, and the services will retrieve or update information to/from a backend relational database environment.
What I'm interested in are:
* application server options available (e.g. Tomcat, Glassfish etc.)
* IDE's (e.g. Eclipse, Netbeans, IntelliJ etc.)
* additional components useful for implementing REST (and JSON payloads)
* what is best practice/good technique/options available for database integration from the services (hibernate via spring, hibernate directly, raw jdbc connections ... )
* for integrating authentication via OpenID - what is an appropriate integration point for any custom authentication mechanism within the J2EE environment - are there any commonly used solutions/plug-ins available for OpenId etc.
Also any pointers to good, current tutorials, books etc.
Edit:
Unfortunately I haven't had as much time to research the results to this question as I'd have liked.
At this stage I've found that installing/setting up REST with Jersey was very quick and I believe I can use a ContainerRequestFilter to provide the OpenID support as per the article here: http://plaincode.blogspot.com/2011/07/openid-authentication-example-in-jersey.html
I intend on using OpenId4Java for the OpenId support, with the PAPE extensions to get users email address returned. I don't need OAuth as I don't need to access any of the users other OpenID details or info on their OpenID site from my server app.
I've had a look at the latest Spring, it looks very good and if I were needing to build a web client with my solution, or had more time to look at both, I could easily have ended up leaning that way.
Thanks for the good answers and replies, hard to pick a single correct answer. I've accepted yves answer because it is correct and the way I'm going at the moment with minimal time to research properly, but awarded the bounty to cfontes answer, as it is also correct, and he's replied with additional information and justification.
Make it simple and modern (Spring is neither one nor the other for RESTful web-services):
Jersey – the JAX-RS reference – defines resources and supports OAuth; its code is compact, easy to use & to plug to libraries (backends, etc...).
Take a look at this project on GitHub, it produces JSON from static data. Its web.xml and ProductResource are good places to start.
Every server will do the job, Jetty is my favorite, Tomcat, the standard
The choice of an IDE is up to you, the 3 you're giving are great, well integrated with Maven and source control tools. I use Eclipse from habit
I would go for
Spring 3: this can be useful to wire things up with Dependency
injection and other things.
Spring MVC: Restful support and Request mapping, a request based
framework that integrates very well with Spring
Apache Tiles: to make the HTML templates easier to make.
Spring Security: it's a JAAS implementation and for me it's better and
easier than Standard JAAS.( doesn't need a full web server, tomcat will do fine)
This can help you decide which Persistence provider you want : Persistence Provider comparison I would go for Hibernate, because it have a lot of great features like Criteria API, hibernate Search and it's widely used.
Of course your app should be using JPA 2 for the sake of interchangeability instead of using a Persistence provider directly ( it's not easy to chance from one to another but with JPA2 it's possible, also should be giving you a lot of trouble but it's possible)
I would go with NetBeans 7.0.1 and GlassFish as explained here
From the linked tutorial:
The IDE supports rapid development of RESTful web services using JSR 311 - Java API for RESTful Web Services (JAX-RS) and Jersey, the reference implementation for JAX-RS.
For authentication, I would use the GlassFish JDBC Realm (have a look at this tutorial) but I have never worked with OpenID, so I don't know if this approach can be used together with OpenID.
I come from an ASP.NET background. In ASP.NET, there is built-in support for users and roles. My question is, does JSP have anything similar or is everything built from scratch? I have not been able to find a good resource to answer this application structure type of question.
The Servlet API supports user/role based authentication and security. Tomcat (among others) includes built in support for authenticating using a variety of sources: xml file, database, LDAP, etc.
You could also consider using Spring MVC as a fairly lightweight web framework over JSP. Spring has a very capable authentication & authorization model (right down to method level on objects) using Spring Security (was Acegi) interceptors which can use the sorts of sources that Asaph talks about. You don't need to use Spring MVC in order to use Spring Security if you don't want to.
If you're going to be running your JSPs in a full J2EE server like JBoss, WebLogic or WebSphere there are a whole load of security options that come with such containers incl. integration with AD users and groups.
We are currently implementing a portal to our web based services. The portal and services are written with Seam and we are using OpenLDAP to store the security data such as users, groups and permissions. So far we have looked at writing our own code to access LDAP but are there any existing APIs that we could use?
If you're a Spring user, I'd look into the Spring LDAP modules. They're beautifully done; they follow the idiom laid down by their JDBC implementation. Very clean, very nice.
We did this for our web application a while ago and investigated the following:
http://developers.sun.com/sw/docs/examples/appserver/ldap.html
However, we ended up just using the LDAP support built in to Tomcat, since basic authentication was enough for us.
Here is an example on how we set up out authentication in tomcat:
http://blog.mc-thias.org/?c=1&more=1&pb=1&tb=1&title=tomcat_ldap_authentication
JLDAP
The LDAP Class Libraries for Java (JLDAP) allow you to write applications to access, manage, update, and search for information stored in directories accessible using LDAPv3.