Security concerns for distributed applications implemented in Spring
Buzzardo on boot2
Update oauth2-vanilla to Boot 2… (compare)
Buzzardo on boot2
Replace initializr "style" para… (compare)
Buzzardo on master
Update write.component.ts Keep… (compare)
org.springframework.cloud:spring-cloud-security:<version>
?org.springframework.cloud:spring-cloud-starter-security:<version>
?org.springframework.security.oauth:spring-security-oauth2:<version>
?org.springframework.boot:spring-boot-starter-oauth2-client:<version>
?org.springframework.boot:spring-boot-starter-oauth2-resource-server:<version>
org.springframework.boot:spring-boot-starter-security:<version>
and org.springframework.security.oauth:spring-security-oauth2:<version>
to secure my applications. I have a central application dedicated to issuing access token, a Spring Cloud Gateway and other Spring Boot applications. The question is which dependencies should I use in each case? Thanks a lot
@miha-
Hello, can some one help me understand this:
i need to sign en encrypt soap request
https://docs.spring.io/spring-ws/site/reference/html/security.html
The XwsSecurityInterceptor will fire a SignatureKeyCallback to the registered handlers. Within Spring-WS, there are is one class which handles this particular callback: the KeyStoreCallbackHandler.
The XwsSecurityInterceptor will fire a EncryptionKeyCallback to the registered handlers in order to retrieve the encryption information. Within Spring-WS, there is one class which handled this particular callback: the KeyStoreCallbackHandler.
so for this only in policy has to be added, other things are the same
@Bean
public KeyStoreCallbackHandler callback() throws Exception{
KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
callbackHandler.setPrivateKeyPassword("t_passwordo");
callbackHandler.setDefaultAlias("snet");
callbackHandler.setKeyStore(keyStoreFactoryBean());
callbackHandler.setTrustStore(TrustFactoryBean());
return callbackHandler;
}
signeture works ok
but for encrypt i get
2019-10-16 09:41:01.902 ERROR 21412 --- [nio-8080-exec-2] j.e.resource.xml.webservices.security : WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler.
2019-10-16 09:41:01.906 ERROR 21412 --- [nio-8080-exec-2] com.sun.xml.wss.logging.impl.filter : WSS1413: Error extracting certificate
tnx
UserDetailService
to the new Spring Security 5.2 changes?Hallo, I am working on an implementation of SAML 2.0 in our Spring boot application and we were following a tutorial where it is stated that the SAMLProcessorImpl needs a HTTPPostBinding with a Parserpool from OpenSaml. However the openSaml version of the tutorial is deprecated and I can not seem to find replacement. I noticed that the ParserPoolHolder has a static function for getting Pool, but when running the application it can not access the object:
Error:(149, 60) java: cannot access org.opensaml.xml.parse.ParserPool
class file for org.opensaml.xml.parse.ParserPool not found
Can anyone take a look with me, how to make sure the parsing is implementated correctly?