Auto reload spring boot application in docker when using spring-security - spring

I am developing an application with spring boot 2.
I deployed the application in docker, and I activated the "auto reload in docker with spring devtools"
but after adding spring-security, the autoreload does not work anymore.
I'm getting an error when the auto restart is triggered:
Exception in thread "File Watcher" java.lang.IllegalStateException: Unexpected 302 FOUND response uploading class files

Spring security is likely intercepting the HTTP requests that the autoreload system is using and redirecting you to the login page. You'll need to figure out what URLs the system uses and set those to permitAll() in the development environment.

Related

Tomcat started on port(s): 8080 but getting 404

I am trying to run a simple spring-boot application but every time I am getting 404. Even with the simple setting and no code.
any clue what am I missing to run this application?
That's the expected outcome. The 404 is a real HTTP response from your Tomcat server. As you are starting an empty Spring Boot project, there's nothing to serve and the "Whitelabel Error Page" is the default Spring Boot 404 page.
To understand the difference when your Spring Boot application is not running, stop the Spring Boot application and then revisit http://localhost:8080.
You can now follow this Spring Boot guide and add your own endpoints to your project.
Rieckpil is correct by saying TOMCAT is giving you the 404 reply and therefore running. However, if you stop/start tomcat then the normal page will load from there on.
Thanks!

blocked:mixed-content error after spring boot upgrade

I have upgraded some micro services that talk to each other from Spring Boot 1.5.3 to 2.3.5.
Now when my micro service A calls micro service B, the call fails with the following status
on the network tab of chrome's developer tools (blocked:mixed-content)
I am not sure what has changed that I start getting this error.
In browser's console I get the below error:
Mixed Content: The page at 'https://gateway-url/my-endpoint' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://micro-service-b-url/login'. This request has been blocked; the content must be served over HTTPS.
The strange thing is that there is no end-point /login in my entire codebase.
I am unable to understand this behavior after springboot upgrade.
Any guidance on how spring boot upgrade led to this error and possible resolution is appreciated.
Note: I found some answers that suggest using the below code to resolve this
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
but looks like it doesn't work with all browsers and I am not sure if its safe to use this solution in terms of security.
Understood the issue and found the solution.
Looks like the security hooks used in SpringBoot 1 are deprecated in SpringBoot 2.
So in my micro-service B the below config in properties file wasn't working after upgrade
security.basic.enable: false
security.ignored=/**
as a result SpringBoot 2 was enforcing default security config on micro-service B and calls to micro-service B through gateway were being redirected to web-sso login which resulted in the mysterious /login endpoint being called.
The solution was to disable default security. I did the below steps:
1. Removed deprecated hooks from properties file:
security.basic.enable: false
security.ignored=/**
2. Disabled default security using below config
#SpringBootApplication(exclude = { SecurityAutoConfiguration.class,
ManagementWebSecurityAutoConfiguration.class })
public class MyApplication extends WebMvcConfigurerAdapter{
Note: I had to exclude ManagementWebSecurityAutoConfiguration.class because the micro-service was using SpringBoot actuator

Unable to deploy spring boot application to weblogic server

Issue :
Unable to deploy Spring-Boot application in WebLogic Server.
Description
I am new to Spring boot trying to build a proxy application to route the requests to source system but having issues deploying to weblogic-12c. It's a very simple application that exposes a rest service and then redirects the received request to upstream system.
What did I try ?
Tried log4j version in pom.xml and dispatcher-servlet.xml approaches googling, I've also read the issue is b'coz of the data sources but I don't have any persistence logic and don't need a data source to be configured in weblogic.
Below is the error I am seeing, any suggestions are highly appreciated.
ERROR:
Unable to access the selected application.
Message icon - Error java.io.IOException
Message icon - Error weblogic.utils.compiler.ToolFailureException

Spring Boot Devtools Remote cause error at Pivotal Cloud Foundry

Sorry, cant post images with low reputation)
Here is my settings:
Spring Boot: 2.3.0.RELEASE
secret
build.gradle
Intellij Idea IDE Run/Debug Configuration
I have this app working at Pivotal Cloud Foundry. I have runing Remote App and after build through IDE or using
./gradlew clean assemble
I get
Exception in thread "File Watcher" java.lang.IllegalStateException: Unexpected 404 NOT_FOUND response uploading class files
error
Ok, so after looking through your demo app I believe the issue is that you're using Spring Webflux and that's not supported at the moment.
The remote devtools functionality is only available with Spring WebMVC & Servlet. See this Github issue for reference: https://github.com/spring-projects/spring-boot/issues/13092#issuecomment-387350811

Spring Cloud Hystrix Dashboard not working with OAuth

I am trying to run a simple Spring app with Hystrix Dashboard. I have also enabled Spring security on this app, as the hystrix.streams I want to monitor are security enabled.
When I access the dashboard url, I get redirected to a login page as expected to get my token, and then after login, I see the dashboard page. I then paste in the url of a hystrix.stream that I wish to monitor and press monitor, however, the next page simply has "Loading..." for both Circuit and Thread pools. I am running this in a PCF environment :
I can see in the Gradle Dependencies for the project that the version of Hystrix that Spring Cloud Starter is including is 1.4.0-RC6. I download the war for hystrix-dashboard 1.4.0-RC6 from here, and ran that, and noticed that even though I pasted in a correct token in the Authorization window, the effect was the same as the Spring Cloud Hystrix Dashboard - stuck in "Loading..."
When I ran hystrix-dashboard wars versions 1.4.3 and higher, there was no issue.
Perhaps the version of hystrix in Spring Cloud Hystrix needs to be updated?
For gradle we recommend using dependency-management-plugin as the gradle policies for resolving dependencies can cause problems.

Resources