We have a Spring Boot application with Spring Security enabled. Whenever we try to hit /actuator/health we get the
Whitelabel Error Page -There was an unexpected error (type=Not Found, status=404)
We have the following in application.properties
management.endpoints.web.exposure.include=health,info
management.security.enabled=false
management.security.roles=AMDIN
and in pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
</parent>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
Followed this link.
Is there any other role or something which we need to enable ?
Related
I am a beginner in Spring outh2 security. I was trying to secure my spring boot rest api's and run them in postman ,
But I always get the "Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Invalid signature", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"" error.
Note:- I am using Azure AD as an authorization server.
Steps followed .
Implemented the below code in STS and ran the application.
Created a access token using the postman "Get New Access Token" using Client Credentials Auth type.
Use that access token and call my spring boot api using Get request.
Note: - When I copy my postman generated token in jwt.io I get a Invalid Signature at the bottom ..but I am able to read the header /payload.
But when I switch the algorithm to HS256 , I don't get an Invalid signature any more.
screenshot of postman
Below is my basic code.
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>resourceserver</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>resourceserver</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
My application.properties
server.port=8090
logging.level.org.springframework.security=DEBUG
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://sts.windows.net/tenenentid
Tried using this url as well , but no luck.
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://login.microsoftonline.com/tenentid
Basic Rest api.
#GetMapping("/validateApi")
public String validateApi() {
System.out.println("validateApi");
return "invalid";
}
Not sure if I am missing on any other additional steps. I have not customized any security config as such. So I am assuming it just uses the default configs.
Any help will be appreciated .
Thanks!!
I tried to reproduce the same in my environment and got the results like below:
I generated the access token using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default
grant_type:client_credentials
When I decoded the token, I got the same error as below:
Note that: The token generated for Graph doesn't require validation and it will not verify signature in the code.
Alternatively, to resolve the error you can Expose an API in the Portal like below:
I generated the access token with the scope as api://ClientIDofApp/.default :
The signature got verified successfully like below:
I got a good and simple SSO sample project from here
Currently the sample works as below.
Start app1, app2, sso-server.
Load http://localhost:8082/app1 It will redirect to login page of
http://localhost:8080/sso-server
username: user, password: password
On successful login, it will redirect back to
http://localhost:8082/app1 The page will show "Welcome to app1, user"
Now on loading http://localhost:8083/app2 The page will show "Welcome
to app2, user" since we have already logged in.
Now my issue is the sample uses spring-boot-starter-parent version 1.5.9.RELEASE
The sample uses spring-cloud dependency also. I read like spring-cloud will not support spring-boot-starter-parent version 2 or above.
So I tried to remove spring cloud dependency from app1 and I could start the application after a tough try. My new pom is as below.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.shekhargulati</groupId>
<artifactId>app1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>app1</name>
<description>App1</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.3.RELEASE</version>
</dependency>
</dependencies>
Now on loading app1, it will show sso login window. But after successfull login, it will throw 404 error.
And if I do the same changes in sso-server application, the authorization will not work. Authorization API wil lthrow 404.
Please help me to fix this.
My need is, make this application work as earlier with spring boot starter parent version 2+.
Here is the link for the code in github which is forked from the link which is provided in the above question which is providing all the feature you have expected using Spring-Boot 2.X version.
In the above code I have moved your code from Spring boot version 1.5.9.RELEASE to 2.1.3.RELEASE and Spring Cloud version from Edgware.SR1 to Finchley.SR1
I recently moved my app. from Spring Boot 1 to Spring Boot 2 (2.0.0.RELEASE).
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
I want to import the class org.springframework.web.reactive.function.server.ServerRequest to get the Error Attributes from the interface
org.springframework.boot.web.reactive.error.ErrorAttributes;
but I got this error:
The import org.springframework.web.reactive.function.server.ServerRequest cannot be resolved
The Spring Boot Reactive Project spring-boot-web-reactive was merged into Spring Webflux with Spring 5.0
Make sure you have webflux Starter on your classpath:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
</dependency>
Updated: Attached pom.xml and application.property and some more error / warning msgs.
Hi I am very new to Spring Boot and just taking some classes on Udemy for it.
While following through a class, I create a starter project via spring.io and added actuator and Hal browser dependencies including Dev tools.
Just ran my app and tried to go to localhost:8080/application & /browser as well but I get 404.
What am I doing wrong?
I wrote a simple bean which returns a hard coded value and then print that, I changed the value to test Dev tools and it didn’t restart the resource , I had to kill and restart the app to reflect the new changes ..
How can I check what the issue ?
I can provide console grab if needed.
Please help.
Update: I don't know the significance of the following so putting it in here.
in the XML editor hal is red underlined with the following msg on hover:
The managed version is 3.0.5.RELEASE The artifact is managed in org.springframework.data:spring-data-releasetrain:Kay-SR5
in the XML editor devtools is red underlined with the following msg on hover:
The managed version is 2.0.0.RELEASE The artifact is managed in org.springframework.boot:spring-boot-dependencies:2.0.0.RELEASE
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.myoxigen.training.springboot</groupId>
<artifactId>library</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>library</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-hal-browser</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
application.properties file:
logging.level.org.springframework = DEBUG
management.security.enabled=false
Note: This answer is based on Spring Boot 2 (paths and properties have changed from version 1).
Your pom.xml looks fine to me. To get the "HAL Browser" to work with actuator you should have starters: web, actuator, and Rest Repositories HAL Browser. I recommend Spring Initializr as a nice way to construct an initial valid project structure.
The default path for the actuator is /actuator. Health, for example, is at /actuator/health.
To view the actuator endpoints in the HAL Browser, go to /browser/index.html#/actuator.
You can change the actuator path in application.properties by setting the following.
management.endpoints.web.base-path=/actuator
To run your server, use the following console command:
./mvnw clean spring-boot:run
If you have DevTools in your project, then changes to files in your classpath will restart the server. See my further comments on how to take advantage of DevTools here.
Here's the relevant documentation on a single page for easy searching:
https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/reference/htmlsingle
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle
Add this Dependency:
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-hal-browser</artifactId>
<version>3.3.5.RELEASE</version>
</dependency>`enter code here`
And then go to link:
http://localhost:8080/browser/index.html#
Spring Boot 2.2 apps should use spring-data-rest-hal-explorer rather than spring-data-rest-hal-browser
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-hal-explorer</artifactId>
</dependency>
For enabling actuator, add this into the property file (application.properties)
management.endpoints.web.exposure.include=*
Restart the Spring boot application and access the actuator endpoints using:
http://localhost:8080/actuator/
the health of the application can also be monitored using:
http://localhost:8080/actuator/health
dependency required:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
Ain't you were studying a course by "in28minutes"? =) Anyway when I studied on a Spring Boot for Beginners in 10 Steps course, I faced the same issue with accessing http://localhost:8080/application.
For http://localhost:8080/browser I got a plain json:
{"cause":null,"message":"Fragment must not be empty"}
In pom.xml I had the same dependencies as you outlined in question.
Some googling brought me to this article. In section named "II. Hal Browser" you can see a screenshot, where in browser a link is http://localhost:8080/browser/index.html#. If use this link, then Hal Browser should magically appear.
So /index.html# was the only puzzle piece you missed.
Note: above approach worked with Spring Boot version 2.1.7
EDIT: despite the fact that Hal Browser itself works with above approach, it still doesn't show actuator endpoints. And DevTools also ain't working for me.
I'm having the following problem:
I am trying to setup a basic Spring Boot (2.0.0.M2) Project containing Spring Webflux and Spring Security.
My pom.xml looks like this (generated via start.spring.io):
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.M2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
...
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
...
</dependencies>
SpringSecurityConfig:
#EnableWebFluxSecurity
public class SecurityConfig extends WebFluxSecurityConfiguration {}
I am not getting any further because I get an exception on startup:
Caused by: java.lang.ClassNotFoundException: org.springframework.security.web.server.context.SecurityContextRepository
So I figure that the whole org.springframework.security.web.server package is not on the classpath, although it should be there, since it is included in the API docs.
Seems like I am doing something wrong, but I don't know what.
Currently Spring Boot's spring-boot-starter-security does not include spring-security-webflux.
Add it as project dependency explicitly.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-webflux</artifactId>
</dependency>
See this issue : Provide auto-configuration for WebFlux-based security.
BTW, check my working codes: https://github.com/hantsy/spring-reactive-sample/tree/master/boot
Updated: In Spring Boot 2.0.0.RELEASE, spring-boot-starter-security includes webflux support.