I have an issue with a project I just join.
The technical stack :
Jhipster with Angular and SpringBoot
Keycloak
I replace the right url by example.com and bar.com
application.yaml
The endpoint https://bar.com/auth/realms/artemis/.well-known/openid-configuration returns this :
{
"issuer": "https://example.com/auth/realms/artemis",
"authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
"token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
"token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
"end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
"jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
"check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}
When I run the App I got this error :
Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
at java.util.HashMap.forEach(HashMap.java:1289)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 92 common frames omitted
I'm new with Spring Boot. I don't really understand what I have to do to be able to use 2 differents url.
Thx for the help ! I can give you more informations if you need.
Your application.yaml config issuer-uri is not matching issuer of used OIDC Keycloak realm. Set it to https://example.com/auth/realms/artemis and it should be fine.
-- This may not be relative to OP's case. But for other cases.
-- Just a headsup.
-- I am not a professional on this, I could be wrong, but it helped in my case.
The problem could occur from the other side, in the Authorization Server.
So, for example, you may not only need to look at the application.yml in the Resource Server:
spring.security.oauth2.resourceserver.jwt.issuer-uri: http://localhost:9999
you may also need to look at the Authorization Server:
#Bean
public ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://localhost:9999");
}
Related
I am getting the following exception while hitting my backend Spring boot application which is deployed on a Kubernetes container:
java.lang.NumberFormatException: For input string: "443,80"
All my services are registered with eureka:
#Eureka
spring.application.name=app-name
eureka.client.registerWithEureka=true
eureka.client.fetchRegistry=true
eureka.client.serviceUrl.defaultZone=http://app-eureka-dev/eureka
eureka.instance.preferIpAddress=true
eureka.instance.non-secure-port-enabled=true
And all my requests are routed through ingress/zuul services.
spring.application.name=app-gateway
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=true
eureka.client.serviceUrl.defaultZone=http://app-eureka-dev/eureka
When we try hitting backend services from the Swagger API, I am getting below exception.
java.lang.NumberFormatException: For input string: "443,80"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Integer.parseInt(Integer.java:580)
at java.lang.Integer.parseInt(Integer.java:615)
at springfox.documentation.swagger2.web.HostNameProvider.componentsFrom(HostNameProvider.java:72)
at springfox.documentation.swagger2.web.Swagger2Controller.getDocumentation(Swagger2Controller.java:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod
I am connecting to the eureka service through the container name, even though I am getting above exception. Is there any other configuration required, as we do ssl offloading in ingress, rest should be plain http or unsecure calls within the container services.
This should have been fixed with Springfox 2.7.0, as can be seen in this GitHub issue and the release notes of this version.
Before Springfox 2.7.0, the following code was used to determine the port number in HostNameProvider:
String port = request.getHeader("X-Forwarded-Port");
if (hasText(port)) {
builder.port(Integer.parseInt(port));
}
So basically it used the X-Forwarded-Port header to determine the port number. However, in your case it seems like it passes both the HTTP and HTTPS ports (443,80), which is obviously not a valid integer.
Upgrading your springfox-swagger2 dependency to 2.7.0 (or higher) should do the trick.
I experienced the same problem in SWAGGER when my DTO properties annotated with #APIModelProerty. Majorly, the problem occurred when Long type properties are present in the DTO object and failed to convert the empty string ("") value into 0.
So, it solved when I added example property in #APIModelProperty(example = "1", required = "false").
I'm facing below exception when I try to establish a secure connection between Zuul gateway and microservice. Both Zuul and microservice are registered to secure Service Registry Server(Eureka). Able to access the REST endpoints exposed in the microservicevia Zuul gateway. But,whenever any REST endpoint call is invoked, getting SSLHandshakeException in Zuul gateway.
NOTE: Generated wildcard certificate and the certificate is imported into "$JAVA_HOME/jre/lib/security/cacerts" of all microservices. Using embedded Jetty server.
javax.net.ssl.SSLHandshakeException: Unrecognized SSL message, plaintext connection?
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:793)
at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:322)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:231)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:278)
at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:148)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:868)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:642)
... 15 common frames omitted
Can anyone suggest a solution how to resolve this?
I am getting the Unable to detect database type for Sybase Datasource configured in my spring boot application.
Spring boot version: 1.5.3
application.properties
spring.datasource.url=jdbc:jtds:sybase://db-server-name:5555/DBNAME
spring.datasource.username=db_user
spring.datasource.password=db_password
spring.datasource.driver-class-name=net.sourceforge.jtds.jdbc.Driver
spring.jpa.database=sybase
spring.jpa.database-platform=org.hibernate.dialect.SybaseDialect
Debug Information:
// line number 75 in AbstractDatabaseInitializer class
String productName = JdbcUtils.commonDatabaseName(JdbcUtils
.extractDatabaseMetaData(this.dataSource, "getDatabaseProductName")
.toString());
// productName is returned as Sybase from JdbcUtils.extractDatabaseMetaData
DatabaseDriver databaseDriver = DatabaseDriver.fromProductName(productName);
// but there is no databaseDriver found and is returned as UNKNOWN.
// There is no Sybase database configured in DatabaseDriver enum
There is no Sybase datasource configured in DatabaseDriver enum. Can you quickly help to fix this issue ?
Error Stack Trace for reference:
Caused by: java.lang.IllegalStateException: Unable to detect database type
at org.springframework.boot.autoconfigure.AbstractDatabaseInitializer.getDatabaseName(AbstractDatabaseInitializer.java:80)
at org.springframework.boot.autoconfigure.batch.BatchDatabaseInitializer.getDatabaseName(BatchDatabaseInitializer.java:54)
at org.springframework.boot.autoconfigure.AbstractDatabaseInitializer.initialize(AbstractDatabaseInitializer.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:366)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:311)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:134)
... 17 common frames omitted
It works for me. Just put this property in application.properties file. I was facing issue with mysql so I passed mysql here if you are using some other database just pass that(for example: schema-sybase.sql)
spring.batch.schema=classpath:org/springframework/batch/core/schema-mysql.sql
It looks like our detection algorithm is broken with MySQL so I've created this issue to double check it.
In the meantime, please specify the path to your initalization script, this will prevent Spring Boot to attempt to auto-detect it.
I am new to SDN, I am trying to do a cross store persistence with hibernate. The tutorial given in website has examples for the same, I have checked the github ones too. I have two questions
I am unable to do xml configuration as mentioned in the docs or examples. <neo4j:config/> doesn't support entityManagerFactory. My assumption is it creates the default Neo4jConfiguration which doesn't have a setter for entityManagerFactory. The workaround i have found is to define a CrossStoreNeo4jConfiguration bean.
#Bean
public CrossStoreNeo4jConfiguration crossStoreNeo4jConfiguration(){
CrossStoreNeo4jConfiguration configuration = new CrossStoreNeo4jConfiguration();
configuration.setEntityManagerFactory(entityManagerFactory);
configuration.setGraphDatabaseService(graphDatabaseService);
return configuration;
}
How to do this inside<neo4j:config/>
What happens when you refer a Neo4jTemplate to your repository using neo4j-template-ref when you define repositories using neo4j:repositories? what is the purpose?
UDPATE
The reason it was unable to create CrossStoreNeo4jConfiguration with <neo4j:config/> was , i was missing the dependency spring-data-neo4j-cross-store`. But now i get exception on application start up.
Caused by: java.lang.IllegalStateException: Singleton 'nodeEntityStateFactory' isn't currently in creation
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.afterSingletonCreation(DefaultSingletonBeanRegistry.java:312)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:239)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:292)
at org.springframework.data.neo4j.cross_store.config.CrossStoreNeo4jConfiguration$$EnhancerByCGLIB$$779c5955.nodeEntityStateFactory(<generated>)
at org.springframework.data.neo4j.config.Neo4jConfiguration.mappingContext(Neo4jConfiguration.java:199)
at org.springframework.data.neo4j.cross_store.config.CrossStoreNeo4jConfiguration$$EnhancerByCGLIB$$779c5955.CGLIB$mappingContext$11(<generated>)
at org.springframework.data.neo4j.cross_store.config.CrossStoreNeo4jConfiguration$$EnhancerByCGLIB$$779c5955$$FastClassByCGLIB$$3134c8a8.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:280)
at org.springframework.data.neo4j.cross_store.config.CrossStoreNeo4jConfiguration$$EnhancerByCGLIB$$779c5955.mappingContext(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:149)
Thanks in advance.
This should work:
<neo4j:config entityManagerFactory="entityManagerFactory"/>
No need to create your custom implementation.
The template passed to the repository config is the one used by its infrastructure. In most cases there is no need to configure something different.
Can I work with secured environments (eg. HTTPS) using Terracota server Arrays ?
I 've tried to configure ehcache.xml file like this:
<terracottaConfig rejoin="true" url="https://localhost:9510,https://localhost:9511"/>
But it remains in error.
Caused by: java.lang.IllegalArgumentException: URI can't be null.
at sun.net.spi.DefaultProxySelector.select(DefaultProxySelector.java:116) ~[na:1.6.0_23]
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:911) ~[na:1.6.0_23]
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:841) ~[na:1.6.0_23]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1177) ~[na:1.6.0_23]
at com.tc.config.schema.setup.sources.ServerConfigurationSource.getInputStream(ServerConfigurationSource.java:42) ~[na:na]
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.trySource(StandardXMLFileConfigurationCreator.java:343) ~[na:na]
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.getConfigDataSourceStrean(StandardXMLFileConfigurationCreator.java:289) ~[na:na]
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigDataFromSources(StandardXMLFileConfigurationCreator.java:222) ~[na:na]
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigAndSetIntoRepositories(StandardXMLFileConfigurationCreator.java:120) ~[na:na]
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.createConfigurationIntoRepositories(StandardXMLFileConfigurationCreator.java:102) ~[na:na]
at com.terracotta.express.StandaloneL1Boot.resolveEmbedded(StandaloneL1Boot.java:177) ~[terracotta-toolkit-1.5-runtime-4.2.0.jar:na]
at com.terracotta.express.StandaloneL1Boot.resolveConfig(StandaloneL1Boot.java:122) ~[terracotta-toolkit-1.5-runtime-4.2.0.jar:na]
... 106 common frames omitted
If it is possible what is the way to do this?
Simply put Terracotta doesn't support cluster communication over SSL currently. If you are using the commercial edition you have an additional layer of security because a client won't be able to connect to the cluster if it doesn't have the correct license key. Apart from that you can use firewall rules to restrict access.