Within my project, I have the following bootstrap.properties file:
spring.application.name=vault-demo
management.endpoints.web.exposure.include=*
Additionally to that, I defined the following dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator</artifactId>
</dependency>
The config server is able to access the property but when I update that property in GitHub and POST to /refresh I get a 403: Forbidden. Do I need to make any change in my application or bootstrap.properties?
I got the solution, I needed to add a security configuration, for example:
#Configuration
#EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
#Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
Additionally, I had to add the following dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-rsa</artifactId>
<version>1.0.5.RELEASE</version>
</dependency>
I found this solution within the following GitHub issue:
https://github.com/spring-cloud/spring-cloud-config/issues/950
I notice that Spring Boot 2 cloud config dont need to be "hooked to /refresh endpoint" after commit (or other events), because the new version always request to remote git Server and compare the last commitId and if is diferrent commitId start to fetch the changes.
If debug and see the log traces, after request http://host:8888/{service}/{profile}/{label_branch} always ask github, and you will notice that if exist changes a "fetch proccess is started " , look at traces like github negotiation:
o.e.jgit.transport.PacketLineOut - git> want 4a766a1677....
o.e.jgit.transport.PacketLineOut - git> have 93cd4a98b5b3bb7d895...
and finally
o.e.jgit.transport.PacketLineOut - git> done
And after, the download:
o.e.jgit.transport.PacketLineIn - git< ACK 0f8d2413183d5.... common
and so on.
If you look traces and not exist changes (the last commitId is the same, the negotiation and download traces are not shown).
I think that is not a good performance behaviour, so would exist a property that disable it and therefore need a "forced refresh hook behaviour", but i couldn't find it on Spring boot 2.
On the other hand, I like it because you dont need to enable HTTP access to your config server to be notified, so the security configuration is not compromised.
I tried with Greenwich.RELEASE
Hope this helps and clarify this behaviour.
Related
Spring Boot 2.6.3 with Springdoc.
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.5</version>
</dependency>
In applicaton.yaml, when I set the path as /v3/api-docs or remove it, that means use the default path "/v3/api-docs".
The Swagger UI page shows up correctly with the APIs
http://localhost:8080/swagger-ui/index.html
But I want to overite the path as below
api-docs.path: /bus/v3/api-docs
then Swagger UI displays the "Failed to load remote configuration" error:
Make sure to add "/v3/api-docs/**" in configure method.
#Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui/**", "
/v3/api-docs/**");
}
}
If you are using Spring Security in your app, you must include the URL in the configs.
Add the code below please to your project.
#Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui/**", "/bus/v3/api-docs/**");
}
}
I had the same problem, If you are behind a reverse proxy, the fix was to add the following property in application.yml
server:
forward-headers-strategy: framework
this is needed due to the following
Swagger relies on internal routing to make requests from the clients perspective. Putting the service behind a reverse-proxy without providing the X-Forwarded headers will result in the user not being able to use the documentation as intended
source -> https://medium.com/swlh/swagger-spring-boot-2-with-a-reverse-proxy-in-docker-8a8795aa3da4
Perform "Empty cache and hard refresh" in your browser.
I think I have solved the problem (thanks to #Ivan Zaitsev), just wanted to add more clarification to the answer.
I too have changed the api-docs.path property and I had the same problem. When I inspect the requests on swagger UI page, swagger-config request returns 404 since it was still trying to get the config from the old URL.
Even though I have changed api-docs.path property, here is the request URL that tries to retrieve swagger-config.
http://localhost:8080/api/v3/api-docs/swagger-config
It turned out to be a problem related to openapi-ui, because I was able to solve it when I cleared the browser cache and cookies. It is better do to the tests with incognito browser since it does not hold any data on the session.
If you are using SpringBoot v3, you must use springdoc-openapi v2:
https://springdoc.org/v2/
With gradle, for example:
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
When using simple spring boot configuration with normal spring parent in pom.xml I have no problem configuring oauth2 resource server.
However with JHipster dependency management by no means i can configure it.
I was trying to do it just by adding
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
<version>[spring version]</version>
</dependency>
or by using some older configuration with other dependencies like here: https://docs.spring.io/spring-security-oauth2-boot/docs/2.2.x-SNAPSHOT/reference/html/boot-features-security-oauth2-resource-server.html
And normally it works, but with JHipster I get #EnableResourceServer annotation, but I dont have in IntelliJ spring.security.oauth2.resourceserver property. So I cant configure by what server should the token be validated, and I dont have .oauth2ResourceServer() method in HttpSecurity http (WebSecurityConfigurerAdapter). I don't understand why is this happening. How can I get these properties? Or maybe I can override it by custom configuration somehow?
JHipster is configured to be a resource server by default, so you don't need to add any additional configuration.
From SecurityConfiguration.java:
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(authenticationConverter())
.and()
.and()
.oauth2Client();
Hello i did it this way,
1-find the .yo-rc.json file of you project
2-open the file and find the tag "authenticationType", it should appear like "authenticationType": "jwt", change it to "authenticationType": "oauth2"
3 - run again the jhipster command in your project.
Here you have a video: https://www.youtube.com/watch?v=YIRjgd_3sMQ
I went through lots of tutorials regarding this but could not get this done.
Here is my table structure for this.
Application Profile Label prop_key value
masking dev latest test-property message
I have a cloud config server which should integrate with JDBC backend. Here is my application.properties in config server
server.port=8082
spring.application.name=masking
management.endpoints.web.exposure.include=*
spring.datasource.url=jdbc:postgresql://localhost:8000/finos?currentSchema=xlabs
spring.datasource.username=mufgdev
spring.datasource.password=XXX
spring.profiles.active=XXX
spring.cloud.config.server.jdbc.sql=SELECT prop_key,value from xlabs.properties where application=? and profile=? and label=?
spring.cloud.config.server.jdbc.order=1
With this configs if I enter http://localhost:8082/masking/dev/latest response will show the results as I want.
I want to consume properties in client side with the following configs in bootstrap.properties
spring.application.name=masking
spring.cloud.config.uri=http://localhost:8082
spring.cloud.config.label=latest
spring.cloud.config.profile=dev
And in my client side
#RestController
#RefreshScope
public class TestController {
#Value("${test-property}")
private String aConf;
#GetMapping("/message")
String message() {
String name =aConf ;
return name;
}
}
This gives java.lang.IllegalArgumentException: Could not resolve placeholder 'test-property' in value "${test-property}"
Can anyone comment on this?
Thanks.
This issue comes with the latest Spring boot release, All the above code segments steps all okay, But by default Spring has disabled bootstrap. So you have to enable them by adding
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
No need add for older versions of the Spring boot projects.
I was writing spring application.I added swagger into my project but somehow It couldn't run properly.Into my project also has bearer authentication with token. Please give me a hint How I might fix this problem
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.1.44</version>
</dependency>
Actually the problem is in your security setting. All resources/endpoints are protected by default when security is present on class path. What you need to do is to expose all resource that are needed for Swagger UI publicly. To do so you have at least two options. The first is to change or create configuration like this:
#Configuration
#EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
#Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.ignoring().antMatchers("swagger-ui/**", "swagger-ui**", "/v3/api-docs/**", "/v3/api-docs**");
}
By this you override whole HttpSecurity for mentioned paths means no CORS, CSRF, authorization will be checked.
The other option is to try Havelock. With the library you can expose swagger resource by one annotation.
Disclaimer: I am the founder and tech lead of the project
First of all use the last stable version.
This should help:
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.4.4</version>
</dependency>
If the issue still persists, add more relevant information about your code to reproduce it.
I've got a small project running Spring Boot and Spring Cloud Streams with version Greenwich.SR4.
So far I've tried to include the following dependency.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator-autoconfigure</artifactId>
</dependency>
Wanting to have a /check/health endpoint which basically returns a code 200.
I've modified the config accordingly so that I don't have useless health configs within.
management.endpoints.web.base-path=/check
management.endpoint.health.enabled=true
management.health.solr.enabled=false
management.health.elasticsearch.enabled=false
However, whenever I try to run localhost:8080/check/health a 404 is prompted. What could be happening?
Also mentioning that I've tried including my own #RestController but same behavior happens.
The URL for the health check should be http://localhost:8080/check/health, not /check/status.
It is depends on the Spring-Boot version. After version 2.0 the path name is manage, so your right url is: http://localhost:8080/check/health
You can also change that with (.yml version):
management:
context-path: /manage
security:
enabled: false