Followed reference guide to add security to spring boot admin (https://codecentric.github.io/spring-boot-admin/current/), but upon launching app always get standard login page, which I am unable to bypass (and unsure also how to do so - where to add add login credentials etc). Would like to set up for now Spring Boot Admin with basic security.
Created a standard boot app with "Spring Boot Admin" and "Spring Security" dependency
Imported project into IDE and added #EnableAdminServer annotation to main class and ran
NOTE:
1)did NOT add anything to application.properties
2)also tried approach of using https://www.baeldung.com/spring-boot-admin , where a login page is displayed using WebSecurity config , but that causes 2 login window to appear (one as popup and second as main page)
package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import de.codecentric.boot.admin.server.config.EnableAdminServer;
#EnableAdminServer
#SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
Pom :
http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
org.springframework.boot
spring-boot-starter-parent
2.1.4.RELEASE
com.example
demo
0.0.1-SNAPSHOT
demo
Demo project for Spring Boot
<properties>
<java.version>1.8</java.version>
<spring-boot-admin.version>2.1.4</spring-boot-admin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-dependencies</artifactId>
<version>${spring-boot-admin.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
Would like to have Spring Boot Admin secure by most basic spring security (using spring boot 2.x)
but that causes 2 login window to appear (one as popup and second as main page)
I have faced this problem and i fixed it by changing the version of spring-boot-admin.
You are using 2.1.4 when 2.1.6 is available.
Try changing the version numbers.
Related
I am using spring boot 2.5.1 with Java 11.
I am trying to create a SpringBoot Admin Server and Client in the same application, however when I start it, I get the following error in the console.
Ref: https://github.com/codecentric/spring-boot-admin
Error
Failed to register application as Application(name=PowWow,
managementUrl=http://localhost:8085/actuator,
healthUrl=http://localhost:8085/actuator/health,
serviceUrl=http://localhost:8085/) at spring-boot-admin
([http://localhost:8085/instances]): 401 : [no body]. Further attempts
are logged on DEBUG level
I have the following code in the Spring Boot application:
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
<version>2.5.1</version>
</dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.5.1</version>
</dependency>
application.properties
server.port=8085
spring.application.name=PowWow
logging.file.name=powwow-logfile.log
logging.logback.rollingpolicy.max-history=3
logging.logback.rollingpolicy.max-file-size=5MB
spring.boot.admin.client.url=http://localhost:8085
management.endpoints.web.exposure.include=*
management.endpoints.health.show-details=always
PowWowApplication.java
#SpringBootApplication
#EnableScheduling
#EnableAdminServer
public class PowWowApplication {
More info
I can access the following url, but it does not load the application: http://localhost:8085/applications
Question
Do you know why the application is not being registered? Is it because you cannot have a spring-boot-admin-starter-server and a spring-boot-admin-starter-client in the same application?
More info
I realised that the application.properties has:
web.access.username=user
web.access.password=password
So I also add the following to allow the client access:
spring.boot.admin.client.username=user
spring.boot.admin.client.password=password
This removes the above error, i.e. there is no longer a 401 error when starting the server, but the application console reports that the server is down:
Console log: No Errors
http://localhost:8085/actuator/health {"status":"UP"}
However, the details show there is a 401.
I resolved this by adding /actuator/** to the following:
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().antMatchers("/soapWS/**").permitAll().and()
.authorizeRequests().antMatchers("/actuator/**").permitAll()
.anyRequest().authenticated().and()
.httpBasic().and()
.csrf().disable();
}
I have tried to implement spring external configurations using Config Server. It is working fine for the very first time when the application is started but any changes to the properties file are not being reflected. I tried to use /refresh endpoint to refresh my properties on the fly but it doesn't seem to be working. Any help on this would be greatly helpful.
I tried POSTing to localhost:8080/refresh but getting a 404 Error response.
Below is the code of my application class
#SpringBootApplication
public class Config1Application {
public static void main(String[] args) {
SpringApplication.run(Config1Application.class, args);
}
}
#RestController
#RefreshScope
class MessageRestController {
#Value("${message:Hello default}")
private String message;
#RequestMapping("/message")
String getMessage() {
return this.message;
}
}
and POM file is
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.M8</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
and bootstrap.properties
spring.application.name=xxx
spring.cloud.config.uri=https://xxxxxx.com
management.security.enabled=false
endpoints.actuator.enabled=true
The endpoint is now /actuator/refresh for Spring 2 and greater
From the comments:
You do need to have the management.endpoints.web.exposure.include=refresh set in the bootstrap.properties/bootstrap.yml
Note: If you're new to Spring-Cloud and not quite sure of what all keywords can go in web.exposure you can set it to * (management.endpoints.web.exposure.include=*) to have all exposed and you can get to know the endpoints and their restrictions later.
It worked for me after adding the property "management.endpoints.web.exposure.include=*" in bootstrap.properties and changing the url to /actuator/refresh for spring version above 2.0.0
For spring version 1.0.5 url is /refresh
For YAML files, the property's value needs to be wrapped inside double quotes :
# Spring Boot Actuator
management:
endpoints:
web:
exposure:
include: "*"
Note : Ensure you use the right endpoints keyword (with 's') for this property as long as it exists for another property without 's' : "management.endpoint.health.... " .
Note: - It's a POST request (not GET)
I've posted the solution here
[https://stackoverflow.com/a/74465108/2171938][1]
If you have issues with accepting formurlencoded in SPRING 2.0>, use :
curl -H "Content-Type: application/json" -d {} http://localhost:port/actuator/refresh
instead of:
curl -d {} http://localhost:port/refresh
which was accepted in SPRING 1.*
I am having issues getting hystrix to work with my route. things like re-write paths and load balancing are working but for some reason hystrix never trips. I am setting my timeouts very low and have a delay in a downstream service. Is there anything special you need to do to get hystrix working?
I am using spring-cloud-gateway with eureka and spring-cloud-config. Also, is there a way to debug when a route is not working? Like a log setting to see what is happening?
Here is my route:
spring:
cloud:
gateway:
routes:
# =====================================
- id: main-service
uri: lbl://main-service
predicates:
- Path=/main-service**
filters:
- Hystrix=mainservice
Here is my pom
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.M7</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-
8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.M5</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
<version>1.4.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-hystrix</artifactId>
<version>2.0.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Here is my Application class:
#EnableDiscoveryClient
#EnableHystrix
#SpringBootApplication
public class GatewayApplication {
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class, args);
}
}
The only other class in the jar is this:
#Configuration
public class GatewayConfiguration {
#Bean
public DiscoveryClientRouteDefinitionLocator
discoveryClientRouteLocator(DiscoveryClient discoveryClient) {
return new DiscoveryClientRouteDefinitionLocator(discoveryClient);
}
}
I figured out the issue. It seems that if you add eureka discovery then it automatically add routes that match all the spring.application.names returned by your eureka server and these have the same order as the ones I defined using application name as the predicate. I was able to fix this by setting the order for my route to -1.
Not sure if there is a better way to do this but at least I know hystrix is working.
Thanks
Maybe you should use this dependency:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
Is there any documentation available related to deploying eureka server on web container like tomcat. I use the spring provided sample and created a war, also renamed it to 'eureka.war' but the dashboard is not displayed..
The code works fine with spring boot but looks some configuration is required for deploying it as war.
See this commit: https://github.com/spring-cloud-samples/eureka/commit/1de7c89cf3f79e4707dbabe91ea60eb06f2268aa
In pom.xml
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
In EurekaApplication.java
public class EurekaApplication extends SpringBootServletInitializer { /*...*/ }
I have a project created from some maven archetype, dont remmebrer realy which one. I use maven and Eclipse Kepler.
The project is deployed on Wildfly8.1 server
In the project facests I have JSF 2.0 and when I try to change the facet to JSF 2.2 I get the massege "Cann not change version of facet JavaServerFaces ..."
Do I have to change something in my maven pom file?
Here is my maven pom :
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>ypay</artifactId>
<groupId>si.arctur</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<artifactId>ypay-web</artifactId>
<packaging>war</packaging>
<name>ypay Web module</name>
<dependencies>
<dependency>
<groupId>org.jboss.spec.javax.ejb</groupId>
<artifactId>jboss-ejb-api_3.1_spec</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.primefaces.extensions</groupId>
<artifactId>primefaces-extensions</artifactId>
<version>1.2.1</version>
</dependency>
<dependency>
<groupId>org.primefaces</groupId>
<artifactId>primefaces</artifactId>
<version>4.0</version>
</dependency>
<!-- Dependency on the EJB module so we can use it's services if needed -->
<dependency>
<groupId>si.arctur</groupId>
<artifactId>ypay-ejb</artifactId>
<type>ejb</type>
<scope>provided</scope>
</dependency>
<!-- Import the JAX-RS API, we use provided scope as the API is included
in JBoss AS 7 -->
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_1.1_spec</artifactId>
<scope>provided</scope>
</dependency>
<!-- Import the CDI API, we use provided scope as the API is included
in JBoss AS 7 -->
<dependency>
<groupId>javax.enterprise</groupId>
<artifactId>cdi-api</artifactId>
<scope>provided</scope>
</dependency>
<!-- Import the JPA API, we use provided scope as the API is included
in JBoss AS 7 -->
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.0-api</artifactId>
<scope>provided</scope>
</dependency>
<!-- Import the JSF API, we use provided scope as the API is included
in JBoss AS 7 -->
<dependency>
<groupId>org.jboss.spec.javax.faces</groupId>
<artifactId>jboss-jsf-api_2.2_spec</artifactId>
<version>2.2.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>omnifaces</artifactId>
<version>1.7</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.1.1</version>
<configuration>
<!-- Java EE 6 doesn't require web.xml, Maven needs to catch
up! -->
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
</plugins>
</build>
</project>
You don't mention which Eclipse plugins you use. Assuming you have a current version of JBoss Tools, the facets should be set correctly when first importing the Maven project into Eclipse, depending on the POM dependencies.
In your POM, there's a mixture of Java EE 6 and 7 dependencies, which might be causing the problem.
Try deleting the javax:javaee-api:6.0 dependency - you have indidual Java EE 7 APIs further down in your POM -, then run Maven | Update project in Eclipse.
If that does not help, delete the project from the workspace, delete all Eclipse metadata from the file system (.project, .classpath,. settings) and re-import the project.