The problem:
Convenient centralized management of SignalR connections on client side.
What I have is a Xamarin app that authorizes with Azure B2C and connects to the SignalR hub using acquired token.
The idea is that server side will have a multiple hubs (as end points/services) and app should connect to them all.
What I've done is created a base class that has essential hub connection creation logic, hub method calling and async callbacks registration and in this way I create multiple hub clients.
Problem is that I cannot start them on dependency registration to DI container as I need to authorize the user first.
How this could be managed? Does starting all connections one by one is the only possible way?
Related
I have an signalr hub with web socket transport and initially it is allowed for unauthenticated users to connect. What I am trying to achieve is to have events to be pushed from the hub to connected clients and user specific events only if there is an authenticated user on that connection.
The hub also exposes some methods that need authorization but the problem is that once hub connection is made there is no way to update current user/claims on that connection.
I am using Jwt Bearer tokens for authentication but I guess the authentication scheme don't play a role.
I have an authentication server using oauth2.
I use it for :
Authentication from the other services, subscription, change and retrieve password etc.
As resource server to store and retrieve more users and groups informations. I have a ManyToMany relationship between users and groups.
Should I seperate the second part of functionalities of this app on another standalone service that will work as resource server only. And only keep the authentication part on the authorization server?
That way I could horizontally scale these two services separately.
Yes, the better idea would be to have the configuration as a separate standalone service running on cloud. With configuration server as a separate service you can add all the authorization and other sort of details like DB details, API details, messaging queue configuration etc, and get connected to N number of services.
I have two Spring Boot web applications. Both applications have different databases and different sets of users. Also, both applications use Spring Security for authentication and authorisation which works properly.
At any given point I will have one instance of the first application running and multiple instances of the 2nd web application running.
I want to expose REST APIs from 1st web application (one instance running) and be able to use that REST APIs from 2nd web application (multiple instances running).
How do I make sure that REST APIs can be accessed securely with proper authentication and by instances of the 2nd applications only.
If you could change your security, I would recommend you to use OAUTH2. Basically it generates a token that is used in your APP2 instances to make the API calls.
You can see more here.
https://spring.io/guides/tutorials/spring-boot-oauth2/
http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/
But if you can't change your APP's security, you can continue using your current schema. In the APP1 you can create an user for the API calls, this user only has access to the API services. In your APP2 you need to store the credentials to access the APP1. Finally you do login into APP1 and invoke the API using HTTP client, you can use Spring RestTemplate or Apache HttpComponents Client.
SSL based authentication could be an option, if you seriously thinking about the security aspects.
Assume that you REST api exposed by App 1 is over HTTPs, then you can configure the App 1 to ask the client to give their SSL/TLS certificate when they try to access this REST API (exposed by App 1).
This will help us identify that the client is indeed a client from app 2.
Two More Cents:
In case if your App 1 REST API calls needs load balancing, NGINX should be your chose. The SSL client certificate based authentication can be offloaded to NGINX and Your Spring boot app no more worry about the SSL related configurations.
The solution we went with was to secure both using an OAuth2 client_credentials workflow. That is the OAuth2 flow where clients request a token on behalf of themselves, not a calling User.
Check out Spring Cloud Security
1) Secure your services using #EnableResourceServer
#SpringBootApplication
#EnableResourceServer
public class Application ...
2) Make calls from one service to another using an OAuth2RestTemplate
Check out Resource Server Token Relay in http://cloud.spring.io/spring-cloud-security/spring-cloud-security.html which will specify how to configure an Oauth2RestTemplate to forward on security context details (token) from one service to another.
3) Service A and Service B should be able to communicate using these techniques if they are configured using the same Oauth2 Client and Secret. This will be configured in the applications' application.properties file, hopefully injected by the environment. Oauth2 Scopes can be used as role identifiers. You could therefore say that only a Client with Scopes (api-read, api-write) should have access to Endpoint A in Service A. This is configurable using Spring Security's Authorization configuration as well as #EnableGlobalMethodSecurity
Cross-posting as advised from DeveloperWorks: https://developer.ibm.com/answers/questions/212469/can-an-application-hosted-outside-bluemix-access-s.html
I am exploring a scenario wherein I have an existing Java application hosted on-premises outside BlueMix. I want to make it horizontally scalable. As part of this change I would like to know if I can provision a BlueMix Session Cache service to store the application's session state externally. The application will continue to be hosted outside BlueMix but use BlueMix Session Cache for session state management.
It is not possible at the moment.
Although a person can setup a Liberty runtime with the right connection information copied from VCAP and runtime variables, and use it to host a web application that use session cache client, this machine is outside Bluemix and won't be trusted by the network. As a result, it won't be able to connect to the session cache within Bluemix.
I have a problem with my azure appfabric local development server. I'm using WCF REST and Comet architecture on my server. I have a service method calling "GetUpdates". When a client sends a GET request to this method, it waits until a server-side update notification releases it.
There are no problem with this azure server on the cloud, but my local development server does not respond to all requests after sending two concurrent open requests to "GetUpdates" method. (html pages, js files, images, webservice requests.. etc.)
How can I solve this issue on local development server. Any idea what is causing it?