If the ldap server allows anonymous access, how do I configure the following properties.
spring.ldap.username
spring.ldap.password
If I leave out these properties, I am getting null pointer exception as internally hashtable is used.
I run in the same problem with a transient dependency of Spring ldap security from another project and Spring boot 2.1 and Spring boot admin. My LDAP is not configured (with Spring boot) and a Spring boot admin console initiates a health check. Because of Spring boot auto-configuration a LDAP health check bean is enabled and then the check runs into a NullPointerException.
For this case I excluded the LdapHealthIndicatorAutoConfiguration.class via #SpringBootApplication.
For your problem your maybe need more excludes. Please refer https://docs.spring.io/spring-boot/docs/current/reference/html/auto-configuration-classes.html for existing auto configuration classes. Search for LDAP and try to exclude the found classes in your application.
I'm pretty sure this is a bug in Spring LDAP security, because an anonymous LDAP configuration (no user and password) was intended to work.
I think, this should able to use. Just don't provider membership detail.
Related
I have a spring application (not boot) that is deployed on a jboss 7.2.4 as an .ear file.
For security reasons I have to protect all REST-API ports that are provided by the application. For this our AD provides users and user groups to use.
As I cannot migrate the application into spring boot I have to use the existing spring/jboss installation and have to use keycloak for security handling.
I found no information how to use keycloak inside an jboss installation. Can anybody help? Is it possible at all?
Just configure an authorities converter to map authorities from keycloak roles and configure your authentication converter to use this authorities converter.
You can refer to this article for #Beans definition (yes, it is boot app, but it configures the two beans I'm talking about).
How to configure Spring Boot Admin to log action. For example, I want Spring Boot Admin log action when someone change log level form INFO to DEBUG or when someone change configuration value in JMX tab and write wrong configure override the existing.
Do Spring Boot Admin has a feature to do that?
No it doesn't but you could write a zuul filter intercepting, analyzing the request to /api/applications/{id}/logfile and writing a log statement.
Spring Boot includes a number of additional features to help you
monitor and manage your application when it’s pushed to production.
You can choose to manage and monitor your application using HTTP
endpoints, with JMX or even by remote shell (SSH or Telnet). Auditing,
health and metrics gathering can be automatically applied to your
application.
Actuator HTTP endpoints are only available with a Spring MVC-based
application. In particular, it will not work with Jersey unless you
enable Spring MVC as well.
You can also activate a listener by invoking the SpringApplication.addListeners(…) method and passing the appropriate Writer object. This method also allows you to customize the file name and path via the Writer constructor.
Customize your requirement in Actuator
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready
Maven :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.5.2.RELEASE</version>
</dependency>
http://www.baeldung.com/spring-boot-authentication-audit
Currently i am using logback for logging purpose , i just heard about spring boot admin but does not get an exact idea about how to implement loglevel-management by using Spring Boot Admin , please any one tell me how we can implement this .Thanks in advance
You have to expose your application by JMX bean using jolokia details
You can access log level management via JMX bean using spring boot admin client details
In case you are using spring boot admin 1.5.x and spring boot 1.5.x on your client you don't need to do anything - it should just work.
I am trying to connect to Cassandra from my Spring boot application using spring-boot-data-cassandra.I have two doubts.
1) Is it recommended to use the CassandraAutoConfiguration i.e. by providing all Cassandra configurations in application.properties with prefix(spring.data.cassandra.*) so that my app will create a cluster for me or do I need to manually create cluster bean, because in CassandraAutoConfiguration cluster bean is annotated with #ConditionalOnMissingBeanso which one is more preferred to use spring cassandra auto configuration or manually creating a cluster bean.
2) My cluster is enabled with ssl at Cassandra side. So when I am auto configuring Cassandra connections with ssl enabled (by setting spring.data.cassandra.ssl=true) then Default SSL context is created for me, but i need to provide my truststore path and truststore password to initialize SSLContext. There is no properties provided at data-cassandra like the one provided for kafka(spring.kafka.ssl.truststore-location= # Location of the trust store file.
spring.kafka.ssl.truststore-password= # Store password for the trust store file.), so is there any way to provide truststore file location and password to AutoConfigure my Cassandra configuration or to override default SSLContext created.
Please help me and correct me if my understanding is wrong. Thanks.
Updates:
https://github.com/spring-projects/spring-boot/issues/8476
Using Spring Boot's Auto-Configuration is the preferred approach but Boot goes out of your way if you need to apply a more specific configuration. Most conditional beans are created if there's no other provided #Bean.
If you provide Cluster yourself, then Spring Boot's Auto-Configuration will not provide a second Cluster bean.
The preferred approach since Spring Boot 1.5, if you need a more specific configuration, is providing a ClusterBuilderCustomizer bean that gets called to customize Cluster.Builder to your needs.
You might also want to file an issue in Spring Boot's issue tracker. Specific SSL configuration is a common configuration use-case.
is there any way to enable java SecurityManager while using spring security ?
I have a Swing standalone application and using spring jdbcDaoImpl to authenticate and authorize using MySql Database (default spring security schema)
but I want to know how to force all tasks be secured, like what happens in setting System.setSecurityManager(...)