Unauthorized Error while Trying to Debug Spring Boot Rest Application - spring

I'm developing a Spring Boot application with Rest Controllers.
When I try to debug application with Intellij IDEA, by right click MyApplication>Debug or Run>Debug, the application starts up and debugger says it's connected.
But none of the breakpoints inside my controllers are getting triggered, and all requests start to fail with 401 unauthorized. If I run without debugging, everything works fine.
If something rejects all incoming requests with status 401, it's the reason why breakpoints are not triggered. My code is never executed. But why the requests fail with 401 then in the debug mode?

I will try to answer this with the limited information you gave (no code, nor a minimal reproducable example).
Spring security uses Aspect oriented programming to provide security mechanisms.It does this by executing some extra code that is not part of the code that you wrote by using a proxy. Aspect oriented programming can execute some extra code in the following ways
Before: Code is executed before your code gets executed
After: Code is executed after your method
AfterReturning: Code gets executed after your method has returned succesfully
AfterThrowing: Code gets executed after your code throws an exception
Around: Code gets executed before and after
In the case of security this is typically done before the method. So First the check is done to see in this case if you are authorized. In this case you are not so the method does not get executed.

Changing #SpringBootApplication annotation of the main class as following solves the issue.
#SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
This excludes and disables Spring Boot's auto configurations about security. It tries to protect the API with a default user and generated password.
But I still cannot understand why this security auto configuration only gets activated while debugging and keeps disabled while running normally.

Related

#SpringBootTest loads application context and runs indefinitely without running test case code

I'm trying to develop library and write integration tests using #SpringBootTest.
I'm supplying custom #SpringBootApplication class and when i trigger tests, testcase will start running, spring context loads(banner, hibernete logs) and stucks forever. it doesn't come back to test case code to run it. I've enabled debug logs but nothing useful found. not sure where it's going wrong

Difference Between Spring MockMvcBuilders.standaloneSetup and WebMvcTest

I have a Spring Boot 2.6.0 application that depends on libraries which use fields initialised with SpEL syntax, e.g.
#Value("${some.value.in.library}") aField;
I attempted to write a Spring MVC test for a controller with #WebMvcTest. However I kept getting failed to load applicationcontext errors due to a SpELEvaluationException for the fields mentioned above.
Even after trying many, many, different test annotations such as #ConfigurationProperties and other fixes. I could see the properties that are defined in application-test.yml being loaded in the startup logs but they were not getting injected into the class.
Finally, I tried using:
MockMvcBuilders.standaloneSetup
and the test was able to start and run successfully.
Unfortunately, due to the complexity of the application and the use of a library where the problem occurs, it is difficult to create a minimal reproducable example.
So my question is, why does MockMvcBuilders.standaloneSetup work, whereas #MockMvcTest doesn't?
This answer suggests that #MockMvcTest should not load the full application context. But that does not seem to be the case based on the failed to load applicationcontext errors.

Subtle diff when running in intellij and executing jar

I'm running out of ideas...
My spring boot app behaves fine when I run it in indellij and gradle idea plugin is applied (apply plugin: 'idea').
Once I remove the plugin from build.gradle it behaves similarly to app executed with java -jar app.jar - there is subtle but important difference, description below.
I have the following scenario, current tx fails due to some exception, tx is marked as roll-back-only, exception is caught and its handling consists of registering post tx recovery activity with TransactionSynchronizationManager.registerSynchronization (new tx).
The code works fine in intellij with idea plugin, when I remove plugin declaration or run spring boot jar with java -jar registering process (post tx failure task) fails with exception:
Caused by: java.lang.IllegalStateException: Transaction synchronization is not active
at org.springframework.transaction.support.TransactionSynchronizationManager.registerSynchronization(TransactionSynchronizationManager.java:291) ~[spring-tx-4.3.10.RELEASE.jar!/:4.3.10.RELEASE]
Btw, the code is in kotlin if it matters.
Any ideas?
UPDATE
I think there is some kind of race condition because in debug mode, even w/o idea plugin, the app behaves as expected (registering process is successful).
I solved my problem and the root cause was quite surprising...
Apparently there's a problem with correct processing of custom Spring annotation.
The method which was supposed to open a new transaction was not annotated with a standard #Transactional annotation, but with custom, application specific annotation (#Transactional with custom tx settings). Debugging session revealed that new tx was not being open. That's it! Inlining custom annotation nearly solved a problem.
Another flaw I detected was a function which was not open, quite strange because the function was not transaction entry point (som further call).
Kotlin compiler bug?
Anyway, lessons learned - pay attention to custom annotations behaviour; refresh knowledge about rules for final/open.

Spring Boot Audit Logging by Example

Almost every aspect of Spring Boot's documentation have proven to be treasure troves of copious amounts of information. That is until I get to Chapter 50: Auditing.
I am trying to understand the 2 paragraphs that make up this entire chapter. If I'm reading it correctly, then when I run my Spring Boot app in "production mode" (that is, as a built/packaged uberjar via java -jar path/to/myapp.jar) then every time an access event (auth attempt/success/fail) occurs, that event will get logged/recorded somewhere.
I haven't done any config whatsoever. I run my app in "prod mode" and log in. I expect to see some console/log output indicating the auth event, but I don't see any. I log out, same deal (no console output). I try to log in with a bad username, and again, nothing in the console output.
Is Spring Boot recording access events somewhere else, besides console/log output? If so, where and why?
Do I need to define any #Beans and register them with some kind of event listener? If so, can someone please provide a succinct code example?
Basically I'm just looking to get Spring Boot's default audit logging pumping events to STDOUT (console). Any ideas?

Grails and Spring Security CAS plugin

I am currently having an issue where when I try to start my app I get the error:
ERROR context.GrailsContextLoader - Error initializing the application: Cannot execute
null+null
Message: Cannot execute null+null
This only happens when I tell the program to compile the Spring Security CAS plugin. This only started happening when I turned off forking, since it was making it hard to set up a JNDI. Is there a way to fix this problem without turning back on forking?
It turns out that the reason it wasn't working was because I hadn't finished configuring it. This doesn't make much sense to me, given that I was able to run the app just fine before without configuring it, seeing as how I never used that plugin within the implementation, it was just downloaded.

Resources