I'm trying to integrate a Spring Cloud Gateway (with WebFlux) and Amazon AWS Cognito.
I spent almost a week and it is still not working.
I want to authenticate users in a cognito user pool using authorization_code grant type.
Here is my settings:
spring:
security:
oauth2:
client:
registration:
cognito:
client-id: xxxxx
client-secret: xxxx
scope: openid
redirectUriTemplate: "http://localhost:9090/login/oauth2/code/cognito"
clientName: xxxx-client
provider:
cognito:
issuerUri: https://cognito-idp.us-east-2.amazonaws.com/xxxxxxxxx
usernameAttribute: cognito:username
Here is my pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-security</artifactId>
</dependency>
One of the issues I'm facing is :
{"code":"BadRequest","message":"The server did not understand the operation that was requested.","type":"client"}
And some other random issues. I was never able to see Cognito's login screen.
If you can provide some sample application it will he helpful.
The problem is that you need to setup a domain name for it. You do this on AWS under User Pools -> App Integration -> Domain Name page. Then you need to setup a Amazon Cognito domain. This domain name can be any name as long as it's not taken.
Hope this helps someone as this took me several hours of wasted time and I couldn't find an answer anywhere.
Related
I have a Spring boot application with Prometheus Pushgateway using Micrometer, mainly based on this tutorial: https://luramarchanjo.tech/2020/01/05/spring-boot-2.2-and-prometheus-pushgateway-with-micrometer.html
pom.xml has following related dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-core</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
<dependency>
<groupId>io.prometheus</groupId>
<artifactId>simpleclient_pushgateway</artifactId>
<version>0.16.0</version>
</dependency>
And application.properties file has:
management.metrics.export.prometheus.pushgateway.enabled=true
management.metrics.export.prometheus.pushgateway.shutdown-operation=PUSH
management.metrics.export.prometheus.pushgateway.baseUrl=localhost:9091
This works fine if I leave the application running however with my particular Spring boot application, sometimes it looses the metrics sent just before the shutdown.
I can view the following logs which indicates the PrometheusPushGatewayManager is successfully calling the shutdown() method before the application shuts down which has configured with PUSH operation in the application.properties file as above:
level":"INFO","message":"Shutting down ExecutorService","file":"ExecutorConfigurationSupport.java","line_number":"208","thread_name":"Thread-1","#version":1,"logger_name":"org.springframework.boot.actuate.metrics.export.prometheus.PrometheusPushGatewayManager$PushGatewayTaskScheduler","class":"org.springframework.scheduling.concurrent.ExecutorConfigurationSupport"
I have tried to invoke the shutdown() method on PrometheusPushGatewayManager from my application code but still having the same issue where metrics are not appearing consistently in the Pushgateway/Prometheus (randomly).
We have large number of microservices which are spring cloud config client.
Each of them have bootstrap.properties which contains configuration for config server, such as URI, Username, Password for config server.
We want to overcome a problem where config client starts without actually getting the specific property resource file from config server ( some of the cases are config server was not available when client was getting started.)
So to overcome this I am thinking to use this configuration spring.cloud.config.failFast=true or to enable retry
I can do that in the bootstrap.properties for specific cloud config client or microservice.
But We have so many of them and editing the bootstrap.properties seems too much overhead
Does anyone has any other solution to the problem?
Or to apply above solution in any other place.
I am looking for a centralized solution.
Version details are as below.
<spring.version>2.4.4</spring.version>
<spring.cloud.version>2020.0.2</spring.cloud.version>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
<version>2.4.4</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
<version>1.3.1</version>
</dependency>
I am unable to set group id in Spring cloud stream kafka consumer config using below :-
spring.cloud.stream.default-binder=kafka
spring.cloud.stream.kafka.binder.brokers=${kafka.bootstrap.servers}
spring.cloud.stream.bindings.INPUT.binder=kafka
spring.cloud.stream.bindings.INPUT.destination=datapipeline.ingestion.decision.topic
spring.cloud.stream.bindings.INPUT.content-type=application/json
spring.cloud.stream.bindings.INPUT.group=input-group-1
All above property are getting set except group and getting below in console log while starting service :
group.id = anonymous.cce5a71a-66fa-49c9-874b-09d5685713f7
Kindly help on this as i think because of this my consumer unable to read from where it left.
I am using Spring boot 2.1.3.RELEASE.
Few important dependency related to this, Also I am using Spring integration starter as well :-
<spring-cloud.version>Greenwich.RELEASE</spring-cloud.version>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-binder-kafka</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-binder-kafka-streams</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
</dependency>
I am using elasticsearch7.5. I have turned on the following properties
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
I have generated API keys to connect our springboot to elasticsearch.I am using
spring-boot-starter-data-elasticsearch
All my requests are from "RestHighClient" and able to trigger the requests.Only problem is during server startup, they are some errors where it is not able to connect to Elasticsearch.
org.elasticsearch.transport.RemoteTransportException: [ADMIN-PC][127.0.0.1:9300][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication credentials for action [cluster:monitor/nodes/liveness]
In pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>transport</artifactId>
<version>6.8.3</version>
</dependency>
in application properties:
spring.elasticsearch.server=localhost:9200
spring.data.elasticsearch.cluster-name=elasticsearch
spring.data.elasticsearch.cluster-nodes=127.0.0.1:9300
spring.data.elasticsearch.repositories.enabled=true
Can someone suggest me ,How I can fix it.
Remove these lines from your configuration:
spring.data.elasticsearch.cluster-name=elasticsearch
spring.data.elasticsearch.cluster-nodes=127.0.0.1:9300
These make Spring Boot to configure the transport client.
I get spring security to work with a LDAP server running on my local machine, then, I move on to finish this tutorial https://spring.io/guides/gs/authenticating-ldap/ (not step by step, since I am not using Spring boot)
The goal is to run spring security with an "embedded" LDAP server, but I am having trouble setting things up.
to summarize
locally running LDAP(get it to work) vs. embedded LDAP(having trouble)
To configure AuthenticationManagerBuilder, I did
auth.ldapAuthentication()
.contextSource()
.root("dc=oreilly,dc=com") // I didn't set url() here, so embedded server can be used
.ldif("classpath:spring-security.ldif")
.managerDn("uid=admin,ou=system")
.managerPassword("secret")
.and()
.userSearchFilter("uid={0}");
in my pom.xml, I included the following libraries
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency> <!-- This is the ldap server-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
I won't include other code here, since I get them to work with a local LDAP.
When I run, I get the following error:
java.lang.NoClassDefFoundError:
org/apache/directory/server/core/partition/Partition
I think I may miss to include some libraries, but not sure which..
After trying different setting, this works for me:
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-protocol-ldap</artifactId>
<version>1.5.5</version>
</dependency>
<dependency>
<groupId>org.apache.directory.shared</groupId>
<artifactId>shared-ldap</artifactId>
<version>0.9.15</version>
</dependency>