This WebClient bean is in a Spring Boot application.
#Bean
public WebClient getWebClient() {
WebClient wc = WebClient.builder()
.filter(ExchangeFilterFunctions
.basicAuthentication(username, password))
.build();
}
The Spring Boot application connects to a legacy application.
The security provider of the legacy application is an AD.
I checked the log - the overridden/custom LdapAuthenticationProvider is always invoked for each request.
How do I implement a WebClient that only authenticates for the first time?
Is this a WebClient config or a config in the legacy application security?
Greatly appreciate any input. Thank you!
Related
I have created a custom Webclient Builder instead of injecting the default builder.
#Configuration
public class WebClientConfig() {
#Bean(name = "myWebClientBuilder")
public Webclient.Builder customBuilder() {
return WebClient.builder();
}
}
I have multiple services where I use this bean myWebClientBuulder and do further customization with chain of ExchangeFilterFunction.
This might not be the recommended way of using the WebClient but I would like to get some insight if there is a way to get the downstream call metrics from the Webclient based on this configuration.
Actuator Endpoint: actuator/metrics/http.client.requests
Spring Boot auto-configured WebClient.Builder is way powerful than customized version.
I tried to configure the custom builder in WebClientConfig() but it started to structure just like a copy version of WebClientAutoConfiguration. I ended up going with the spring boot autoconfigured WebClient.Builder bean.
If it helps, you can study how WebClientAutoConfiguration tries to configure webClient customizers. For metrics, it would be MetricsWebClientCustomizer.
I have a spring boot 2.2.2 microservices, which integrations with other services using WebClient (rective). According to Spring documentation, the actuator should return "http.client.requests" metrics by default as Timer is enabled by default. But it does not work for me. I am able to get http.server.requests" metrics.
My WebClient is a bean configured and build with WebClient.builder(), as documented here: https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html#production-ready-metrics-http-clients
Use Spring Boot's preconfigured WebClient.Builder instead of WebClient.builder() to have an instance of WebClient.
You can find more detail here.
As in the following you can have a bean of WebClient.
#Configuration
public class ClientConfiguration {
#Bean
public WebClient webClient(WebClient.Builder webClientBuilder) {
return webClientBuilder
.baseUrl("https://example.org")
.build();
}
}
WebClient.Builder is an Auto-configuration, means the injected point above will receive a newly cloned instance of the builder.
Here is the source for WebClientAutoConfiguration
I've noticed my application has to make a WebClient call before the metrics/http.client.requests endpoint exists. Prior to my application making a WebClient call that endpoint isn't discoverable and returns NOT FOUND.
Hope that helps others in a similar situation!
I have setup my own ReactiveAuthenticationManager
public class CustomReactiveAuthenticationManager implements ReactiveAuthenticationManager
and then in SecurityWebFilterChain:
.authenticationManager(this.authenticationManager)
However after this setup im not getting anything in the actuator auditevents endpoint:
{"events":[]}
What do I need to change to have audit events even if I use a custom ReactiveAuthenticationManager?
This isn't a problem with your custom AuthenticationManager. It is a limitation of Spring Security. At the time of writing, events are not published when using reactive Spring Security. An enhancement that will remove the limitation is being tracked in this Spring Security issue.
I am using Spring Boot 2.x but in Spring Boot Admin-> Wallboard -> Metrics I am getting "Metrics are not supported for Spring Boot 1.x applications".
I had the same issue and the reason was, that my application always sent a fixed content-type in the response header.
Spring Boot Admin checks for the content-type application/vnd.spring-boot.actuator.v2. If this content-type is absent, your application is considered to be a Spring Boot 1 application.
In my case, the reason was a WebMvcConfigurer which hard-coded the defaultContentType to application/json. I had something like the following in my configurer:
#Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
configurer.defaultContentType(MediaType.APPLICATION_JSON)
.favorPathExtension(false).favorParameter(true).ignoreAcceptHeader(true).useRegisteredExtensionsOnly(true);
}
After changing it to
#Override
public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
configurer.defaultContentType(MediaType.valueOf("application/vnd.spring-boot.actuator.v2+json"), MediaType.APPLICATION_JSON)
.favorPathExtension(false).favorParameter(true).ignoreAcceptHeader(true).useRegisteredExtensionsOnly(true);
}
, Spring Boot Admin showed me the metrics as it was supposed to.
We have a simple Spring Boot application with Jersey.
Spring Boot provides default monitoring end points
http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-monitoring
Example:
#Component
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
// registering resources from rest package
packages("com.xyx.abc.rest");
}
}
The REST end points that are provided by Spring Boot are not available in the context of a Spring Boot Jersey Application.
The Spring Boot dependency includes Jersey, starter-actuator, starter-tomcat.
Our REST resources show up fine, but the ones provided by Spring Boot for monitoring dont show up.
E.g http://abc.xyx.com:8080/health returns a 404
If you are using it as a Filter you need to tell Jersey not to handle those requests. E.g. by putting the Jersey resources under a separate path, like "/api/*" or something:
#Bean
public FilterRegistrationBean jersey() {
FilterRegistrationBean bean = new FilterRegistrationBean();
...
bean.setUrlPatterns(Lists.newArrayList("/api/*"));
return bean;
}
(from here).
Or by declaring that your admin endpoints are "static" (via another init parameter "com.sun.jersey.config.property.WebPageContentRegex"):
#Bean
public FilterRegistrationBean jersey() {
FilterRegistrationBean bean = new FilterRegistrationBean();
...
bean.addInitParameter("com.sun.jersey.config.property.WebPageContentRegex",
"/admin/.*");
return bean;
}
where we have set management.contextPath=/admin in the Spring Boot external configuration (otherwise you'd have to enumerate all the endpoints in the regex).
You can also tell Jersey to ignore unresolved requests (instead of sending a 404). That would also achieve your goal, but might affect your client apps (if they rely on a 404 for their behaviour).