Git Authentication Failure Spring Cloud config store - spring

We are configuring spring cloud config server and below is how my application properties look:
server.port=8080
spring.cloud.config.server.git.uri=https://github.com/myorganization/config-store.git
spring.cloud.config.server.git.searchPaths={application}
spring.cloud.config.server.git.clone-on-start=true
spring.cloud.config.server.git.skipSslValidation=true
spring.cloud.config.server.git.ignore-local-ssh-settings=true
spring.cloud.config.server.git.username=MyUser
spring.cloud.config.server.git.password=MyPassword
spring.cloud.config.server.git.default-label=develop
spring.application.name=config-server
spring.security.user.name=root
spring.security.user.password=password
I am able to login to the github url i.e. https://github.com/myorganization/config-store.git using the username MyUser and password MyPassword as per above properties but when i am trying to start my config server using: ./mvnw spring-boot:run i am getting the below error:
Caused by: org.eclipse.jgit.errors.TransportException: https://github.com/myorganization/config-store.git: not authorized
i have tried out many things but running out of any ideas now, would appreciate any help in advance.

The use of username and password to do git operations on GitHub is deprecated and it no longer works, as described here.
You should generate a Personal Access Token, follow the official documentation to do it. Then you can add the token to the spring configuration as it was you password:
spring.cloud.config.server.git.username=<yourusername>
spring.cloud.config.server.git.password=<yourtoken>

Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com.
From : https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Thx to: https://stackoverflow.com/a/70443213/592355
For Github Enterprise Server, our options (also) are limited, but considered secure & well documented:
Authenticating with the API
You can authenticate with the API in different ways.
...
Personal access tokens (-> 1. https://stackoverflow.com/a/69663073/592355, 2. https://stackoverflow.com/a/70580891/592355 ?)
OAuth Apps...
GitHub Apps...
Authenticating with the command line
...
HTTPS ...
SSH ...
When SSH, for the spring-cloud-end:
Use "local ssh environment" or see: https://docs.spring.io/spring-cloud-config/docs/current/reference/html/#_git_ssh_configuration_using_properties

Related

Why can't I use a diffrent user for SVN checkout

I trying to make SVN work on a Windows 2016 Server. I am using SVN over commandline. SVN is always using the user which is logged in. Let's say the logged in user is USER. The user needed for SVN is called SVNUSER. We are using a VisualSVN Server. Both Servers are inside a company network and they use the same AD for authentication.
I tried following stuff:
svn checkout --username SVNUSER http://svn01.de/svn/Application/trunk/FSW
or
svn checkout --username e102365 --password pass http://svn01.w3.de/svn/Application/trunk/FSW
didn't work. I get following error:
svn: E175013: Unable to connect to a repository at URL 'http://svn01.de/svn/Application/trunk/FSW'
svn: E175013: Access to '/svn/Application/trunk/FSW' forbidden
The serverlog says i tried to connect with USER.
The only way I was able to make the checkout work is using run as with the SVNUSER but I need it for automation and run as is interactive so it does not help.
The folder C:\Users\USER\AppData\Roaming\Subversion\auth is empty. When using tortoise SVN it says there is no saved authentication.
I assume that your VisualSVN Server installation is configured for Integrated Windows Authentication (Active Directory Single Sign-On) (see KB182 for details).
Since it's Single Sign-On, you have to run your scripts as the user account that has permissions to access the repository. Specifying credentials in the command-line won't work - it will always authenticate as the user account who started the svn.exe client. You can try running your script from Windows Task Scheduler, custom Windows Service, etc.
Or you can enable Basic Windows authentication on the server in addition to Integrated Windows Authentication. And force your svn client to always prefer Basic auth (i.e., disable Integrated Windows Authentication on the client side). You can append the following option to your svn.exe commands:
--config-option servers:global:http-auth-types=basic
Or modify the %APPDATA%\Subversion\servers file. Add the http-auth-types=basic string under [Global].

kcadm created client is always unauthorized

I am trying to automate setting up of a Keycloak server for an application. Part of that is to set up a Keycloak client using the admin CLI:
kcadm.sh create clients -r MyRealm -s clientId=my-client -s enabled=true
That seems to work; I can see the client is present using the admin console. However, if I try to use that client with the Java client (creating a Keycloak object) even a read-only operation fails due to HTTP 401 Unauthorized. What am I doing wrong?
After much experimenting, I discovered the cause of the problem. If you create a client using the UI, the UI sets the client to be public client with direct access grants enabled by default. The admin CLI however does not, and that results in access through the Java client being denied. You must instead explicitly set those when you create the client using the admin CLI:
kcadm.sh create clients -r MyRealm -s clientId=mc-client -s enabled=true -s directAccessGrantsEnabled=true -s publicClient=true

Can't connect to MariaDB using JDBC, mysql utils succeed

I use JDBC and Spring Boot 2.2.2 to connect to a MariaDB instance. The login fails with this message:
Caused by: java.sql.SQLInvalidAuthorizationSpecException: Could not
connect to
address=(host=server.company.domain)(port=3306)(type=master) : Access
denied for user 'user'#'server.company.domain' (using password:
YES)
When I run mysqldump -u"user" -p"password" -h server.company.domain dbname this works just fine !
Both the dump and the Spring Boot application are run from the same machine (the database server itself)
user and password used are identical
there are no special characters in the password or the user (only lower/uppcase characters and digits)
the jdbc connection string looks like this: jdbc:mariadb://server.company.domain:3306/dbname
I already tried to use localhost instead of the server name
when I change jdbc url, user and password the same application is able log in to my development mariaDB
It seems like you are having trouble with MariaDB, not spring-boot itself.
I suggest you to follow this links: https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/, and come back if it didn't solve your problem, with what you tried, and what didn't work.
I ran a short SHOW GRANTS; via the mysql command which is able to connect to the database. The output gave me this:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' IDENTIFIED BY PASSWORD 'nonono' REQUIRE SSL WITH GRANT OPTION
The relevant part is REQUIRE SSL: connections to that server need to be done encrypted.
When I checked the files in /etc/my.cnf.d/ I found a file containing (amongst others) these lines:
[server]
ssl=1
ssl-cert=/path/to/certificate/cert.pem
By googling a bit I found this link which describes how to set the JDBC driver to use ssl. It also explains to you why you perhaps should think twice before setting trustServerCertificate to true.
My spring.datasource.url now looks like this:
jdbc:mariadb://server.company.domain:3306/dbname?useSSL=true&trustServerCertificate=true&serverSslCert=/path/to/certificate/cert.pem
To put it short: Access denied for user doesn't tell the complete story. It makes you think that your password might be wrong but you are denied for other reasons.

Getting error "'encypt' is not a valid command" while trying to encrypt using Spring boot CLI

I am trying to encrypt a password using Spring boot CLI (1.5.7).
./spring encrypt mysecret --key ashish
I am getting below error for this command:
'encypt' is not a valid command. See 'help'.
Please let me know how to fix this.
Actually encrypt and decrypt comes with Spring Cloud CLI
so below command will get you these commands
./spring install org.springframework.cloud:spring-cloud-cli:1.3.2.RELEASE
But now I am getting different error
"Unable to initialize due to invalid secret key"
Anyone any ideas ?
You can find this in the Spring Boot CLI documentation:
Prerequisites: to use the encryption and decryption features you need
the full-strength JCE installed in your JVM (it’s not there by
default). You can download the "Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files" from Oracle, and follow
instructions for installation (essentially replace the 2 policy files
in the JRE lib/security directory with the ones that you downloaded).

SELF_SIGNED_CERT_IN_CHAIN error while using Heroku Cli

I'm try to use Heroku CLI.
But when I want to do some commamd like:
heroku login, heroku log, etc.
The below error will show
SELF_SIGNED_CERT_IN_CHAIN self signed certificate in certificate chain
How can I sovled it?
I had the same issue however this helped me:
Verify your proxy export
export NO_PROXY='localhost,localnets, <company proxy IP settings>
Then verifying my companies .pem file stored in my user directory:
export NODE_EXTRA_CA_CERTS=~/.ssh/bc.pem
(or wherever you store it.)
Then try
heroku login
Its moreover related to security and firewall settings over machine and network.
If you are in secure network, try to connect over proxies / public network, then you can able to run heroku commands.
Or manually acquire SSL/TLS certificate on machine. Kindly refer to this link

Resources