I want to implement SSO in shiro using CAS with active directory.If Anyone having experience of this implementation,please share with me. Also suggest basic requirement for this.
Many Thanks.
this should help you getting started, I know that the post has a different name, but it actually contains what you need too.
http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-td5560737.html#a5563334
Cheers!
Related
i'm trying to implement a login system with username/email in passport.js, i have read online that the local strategy is generally not secure, but after searching online i couldn't find any resource that could help me make it more secure.
i'm not sure if this's even possible, but i thought maybe i could use two strategies to work together, i thought that might give my application more security, like use local strategy with cookie strategy together for example, is this approach possible? if so, does it provide extra security and how do i implement the two together?
if such thing is not the best idea, how do i make authentication with local strategy a secure option? i'm planning on implementing other strategies like passport-google-oauth and such, but right now i want to include the username/email login in my application nonetheless, any help is appreciated, thanks in advance.
I am new to ZAP 2.5 and I have these questions that are yet answered as of the moment:
Can ZAP be performed in a protected website? Note that I don't know what method is used to protect the website. But whenever I try to perform ZAP with it, it only checks the Log In form of the website; ZAP doesn't dig deep down. Is it normal knowing that the website is protected?
I am not hacking the website; its just that my mentor wanted me to know if I or ZAP has the ability to perform security testing with our website even if it is protected. Is it really possible? If so, how?
I hope that someone would enlighten me with this, because so far, I haven't found any answers yet. Thank you!
It can. You can read read how to configure it in the manual.
Security tools like ZAP dont work by magic. They allow you to automate repetitive tasks that would take a manual pentester much longer to perform manually.
If you have a complex login process then you will need to understand how it works in order to configure ZAP how to handle it. Proxy your browser through ZAP. Login manually and look at the requests and responses that are proxied. Try to understand how the authentication works - once you have done that you can start looking at how to automate logging in via ZAP.
Could somebody advice me the best solution about JavaFX (JDK8) and security concept? Under security I mean authorization and authentication. Thank you in advance.
I might be a bit late in answering this, but you are very right Maryan. JavaFx doesn't seem to have good interoperability with any standard security mechanisms.
The only option is to use a 3PP to solve this. Examples are: Spring security, Apache Shiro etc. In order to eliminate the dependencies with a particular 3PP, I encourage you to wrap the 3PP implementation.
Unfortunately, This is just the beginning of a long list of issues(that are yet to come up) for you, even after you implement the security measure, you will still have to come up with ways of storing and managing security tokens(similar to browser cookies) so that your JavaFx client doesn't need to authenticate with server for every call.
If this is only the beginning of your project, I suggest you really think about whether to use JavaFx or go with web based UI.
I want to setup passport.js for authentication in my node.js,express,mongoose application i have followed many examples on internet but got stuck with every one because still dont understand the flow of passport.js processing.
Any help with step by step setup, describing flow of the application would really help me understanding the concepts better.
Take a look at the following simple example.
https://github.com/kulor/passportjs-express-example
If you have questions, please let me know.
And please, don't reinvent the wheel. ;)
I am about developing a web application using jsf 2.0 and netbeans 7.1
so I want to authenticate users before they can access the application
My question know is how can I be sure of that user along his "session"?
I searched and found that I have to use session beans but I didn't get
the "remedy" of my problem
thanks for help
the answer really depends on your requirements. the simplest solution would be to use container managed authentication (via JAAS). all j2ee/servlet containers support this, but some implement it "their own way", so you have to check the docs. i know for tomcat and jboss, it's very simple to turn on and (assuming you configure your web.xml properly) just trust that if they are loading your pages, the session is authorized. you might want to bulk up the question with some of your requirements. that will really spur people to give you a much more concrete answer than i'm providing.
TIA