I’m trying to integrate Spring Security SAML Extension with Spring Boot. About the matter, I did develop a complete sample application. Its source code is available on GitHub: spring-boot-saml-integration on GitHub By running it as Spring Boot application (running against the SDK built-in Application Server), the WebApp works fine. Unfortunately, the same AuthN process doesn’t … Read more
In the context of security frameworks, a few terms commonly occur subject, user and principal, of which I have not been able to find a clear definition and the difference between them. So, what exactly do these terms mean, and why are these distinctions of subject and principal needed? 7 Answers 7
Problem: We have a Spring MVC-based RESTful API which contains sensitive information. The API should be secured, however sending the user’s credentials (user/pass combo) with each request is not desirable. Per REST guidelines (and internal business requirements), the server must remain stateless. The API will be consumed by another server in a mashup-style approach. Requirements: … Read more
There are concepts and implementations in Spring Security, such as the GrantedAuthority interface to get an authority to authorize/control an access. I would like that to permissible operations, such as createSubUsers, or deleteAccounts, which I would allow to an admin (with role ROLE_ADMIN). I am getting confused as the tutorials/demos I see online. I try … Read more
I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I’m using the code snippet given below . Is this the accepted way? I don’t like having a call to a static method inside this controller – that defeats the whole purpose … Read more
