i want to run webflux based web app using non blocking netty server and authentication using keycloak.
seems like keycloak does not support netty server. is there a way to override default behavior of keycloak and use netty instead of tomcat?
this is required becuase my webflux application does not work properly on other web servers.
i want to use keycloak for basic authentication but when i configure keycloak in my application and try to run it it does not come up on netty dependecies, only when i add tomcat to my webflux pom.xml then keycloak server comes up.
and idea how ot run keycloak on netty server?
Related
I have a keycloak server(v12) and I have an application server (tomcat+spring boot+keycloak adapter v16) with a confidential OAuth client configured.
Both servers are accessible by client, but no connection from one to the other server is possible (FW I cannot change)
application.properties:
spring.autoconfigure.exclude=
keycloak.enabled=true
keycloak.realm=my-realm
keycloak.realm-key=MIIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
keycloak.auth-server-url=https://keycloak-server/auth/
keycloak.ssl-required=all
keycloak.resource=my-app
keycloak.credentials.secret=xxxxxxx
keycloak.confidential-port=0
How do I convince spring boot and keycloak that it should use the defined realm-key, and not try to connect to the other server?
From my understanding it should be possible according to docu and OAuth2 standard.
I want to integrate Hazelcast with a web application running on a tomcat server. The backend is MongoDB. So far I have managed to integrate MongoDB with Hazelcast how do I integrate it with tomcat so that changes made to the DB through the UI can be seen in the IMaps used when i do a get call.
Not every get call will load from DB, only those keys that are not present in Hazelcast cluster will be loaded from the DB.
As for integrating with a web server, not sure what you meant there because the code that loads from DB runs on Hazelcast server. An application, whether it is a simple public static void main(...) or a web app running in a container or a web server, is a client to Hazelcast server - means, you will be required to use client proxies to connect to servers.
I am making an application. The clients runs in android.The clients use username and password for connecting. I am interested how to connect the android client to the j2ee backend and how to tracking login session. Something like Stateless or stateful EJB and Restful would be perfect. The big problem is how to manage login sessions in j2ee server.
i am using Glassfish , volley (Google Api for android), and my two hands for type the codes.
I've successfully been able to secure a Spring Boot REST service using the keycloak Spring Boot adaptors and a Keycloak identity provider. However we now wish to attempt the same thing thing without using Keycloak adaptors but using Oauth2 directly. This is so that we can potentially connect to any identity provider in the future. I've tried various approaches but so far have had no success.
Has anybody been able to secure a Spring Boot REST service using the KeyCloak identity provider with Oauth2 rather than the Keycloak Spring Boot adapters?
Friends,
Recently I have created one web-services application using spring-boot and now its having few unsecured entry points. (This is a pure rest based application having only rest entry points doesn't have any UI components).
Now I would like to add CAS client with this application for securing the rest entry points.
My CAS server is ready and its up and running. And I have configured CAS Rest protocol as well in my cas server to access TGT/ST through rest call and I'm in the planning of using only the rest call rather than using login pages.
So, when an user tries to access my rest application, I'm going to call CAS rest entry points internally (by using restTemplate) to validate user credentials and generating TGT and ST.
Available CAS entry points are (from jasig reference docs),
POST /cas/v1/tickets HTTP/1.0
username=battags&password=password&additionalParam1=paramvalue
POST /cas/v1/tickets/{TGT id} HTTP/1.0
service={form encoded parameter for the service url}
DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0
I think, I'm little clear on this part. Please correct me if I'm wrong.
And now my query here is, what should I do to add a ST ticket validator in my spring boot application? Do I need to add any filters using spring-security? Or do I need to call any other rest api for validating the ST? Please guide me to proceed further.
You can use existing Spring boot cas starter:
cas security spring boot starter
cas client autoconfig support
That will configure for you and magically your spring boot app with CAS authentication (and thus your application will be able to read ST or PT without effort).
I'm author of cas security spring boot starter, so I won't influence your choice but main difference from that project and cas client autoconfig support developed by Unicon is about Spring security integration.
Indeed cas security spring boot starter is fully compliant with spring security, thus you will be able to use any feature you know from spring security. Whereas cas client autoconfig support will instantiate and configure Apereo (Jasig) filters that is not designed to work out of box with Spring security.
You don't need a service ticket unless you want to call another service from your web service. Validating the received credentials via the CAS REST API is enough.
If you are looking for a security library to protect your web service via the CAS REST API, you should give a try to: https://github.com/pac4j/spring-webmvc-pac4j and especially this configuration: https://github.com/pac4j/spring-webmvc-pac4j-demo/blob/master/src/main/webapp/WEB-INF/demo-servlet.xml#L74