Vaadin 8 Spring Boot QuickTickets Dashboard with Spring MVC - spring-boot

I'm trying to adapt Vaadin Spring Boot QuickTickets Dashboard example with my project needs. Everything is working fine except I'm unable to access another (not Vaadin UI) URLs. For example, I have Spring Boot Actuator endpoint - http://localhost:8080/actuator/health but when I try to access it, the application wrongly redirects me to http://localhost:8080/actuator/health#!dashboard. Pretty much the same behavior with my custom login page(not Vaadin UI) - http://localhost:8080/login. I also unable to access it.
How to correctly setup Vaadin to be able to access Spring Boot Actuator endpoints and my custom login page also?

You need to map the servlet to a different path. I think the problem is that the Vaadin-Servlet is mapped to / an is processing all requests.
Adding the following to you application.properties should do the trick.
vaadin.servlet.urlMapping = /myapp/*
Of course the URL of the app changes accordingly.

Related

Spring Security with SOAP web service is working in Tomcat, but not in WebLogic

I have created a sample SOAP Web Service project (spring boot) and trying to integrate Okta as a resource server for authentication.
I am able to deploy the application to WebLogic, but when testing the service using SOAP UI, it gives the response even when there is no Token included in the header.
When I access WSDL from a browser using my wsdl url, http://myhost:port/appservice/app.wsdl I see the 401 error, so I think it is picking up the Security config changes. But it is not working for SOAP requests, I would get response even with out Okta token.
Is it because for SOAP requests, do I need to include any interceptors on top of Security Config java file. Or am I taking a wrong path for security with SOAP. Can someone let me know what am I missing or point me to right direction. Is token validation part of WS-Security? or the authentication manager in Okta resource server enough for this?
I followed this documentation to create it.
I have read most of the SO questions related to this and spring documentation, but could not connect the missing dots. Please help me with this. After spending lot of time, I felt like I was moving in circles.
UPDATE:
I have enabled spring security debug logs by doing below
#EnableWebSecurity(debug=true)
logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
UPDATE2:
I haven't made any big changes to my configuration, but when I ran the project on embedded tomcat locally, it started working. To run on Tomcat, I changed packaging from war to jar, excluded Tomcat in my POM and in my Main class, I had to remove the SpringBootServletInitializer and WebApplicationInitializer. That's it. I tested SOAP UI with the Okta bearer token and it gave me response. With out the token it did not give me response.
Spring Security not working only in case of WebLogic12c. I don't know what I am missing to include for that to work in WebLogic. when deployed through Tomcat, request is passed through all the beans in Security Filter Chain {
WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter,
LogoutFilter,
BearerTokenAuthenticationFilter,
RequestCacheAwareFilter,
SecurityContextHolderAwareRequestFilter,
AnonymousAuthenticationFilter,
SessionManagementFilter,
ExceptionTranslationFilter,
FilterSecurityInterceptor}
But on WebLogic, the request is passed only through first four beans in Security Filter Chain {WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter}
I just wanted to update the alternate solution I found for this problem, for completeness.
Spring Security Filter chain was not working for Weblogic, where as same was working in Tomcat, even for Weblogic version 12.2.1.4.
I had followed this example, and implemented Okta filter as spring boot version was not working in Weblogic 12.2.1.4.
Thanks to #Toerktumlare, I have implemented logging with logback-spring.xml

Is Spring Boot Bundling a Login Page By Default?

I haven't done any UI setup at all, but when I go to localhost:8080 on a spring boot 2.1.3 app that I start up, I get redirected to localhost:8080/login. Is there something being bundled with spring boot on the frontend, and how do I get rid of it? I want to put my own frontend app in. Right now I am just testing API calls, but later I will want to put in my own frontend part.
The redirect to a login page is part of spring-security.
You can either remove the dependency to spring-security in your maven or gradle setup or disable the login redirection:
How can I disable spring form based login for RESTful endpoints?
How to disable spring-security login screen?
Spring security without form login

How to configure Spring Boot Tomcat Basic Auth together with Spring Security?

I'm currently trying to make a Spring Boot app. I've managed to create successfully user authentication using LDAP and custom logic.
However, I'm trying to add another layer of security on top of that, something like "htaccess" to prevent unauthorized users from even seeing the web page (client requirement), as well as stop Google from indexing the page. This can be a single predefined user (doesn't need to be connected to ldap auth).
I've read about configuring the tomcat realm, tomcat-users etc. but since it's Spring Boot app with embedded tomcat, I can't find a place to successfully configure it.
Does anyone have any idea how to create such setup?

Angular 2, Spring boot , spring security , login form

I have a Front end application that runs on http:// localhost:4200, with angular 2 (I've used angular-cli for generating the project).
The application runs without any problems (I can get and post info from/to database using Angular 2 Http service:
getList () {
return this._http.get("http:// localhost:8080/").map(res => res.json());
}
On the other hand, I have a Back end application running with spring boot on http:// localhost:8080/ (note the ports), that provide a REST Api for my angular 2 application.
Sending requests from http://localhost:4200/ to http://localhost:8080/ works as expected.
Before I've programmed an application with spring framework & angularJS 1, spring security took care of login and security in the same app (maven project).
Now I have two separate applications that are communicating via http (RESTful Api with spring boot , and front end Api with angular 2)
How can I set my login form and where to put it, and how to configure spring security with my angular 2 application?
When you spin up the Angular Application with Angular CLI, your Angular Pages are served by NodeJs in the backend.
You have a couple of options here.
The login can be handled at NodeJS server which can in turn invoke
Spring Boot application to Authenticate and Authorize.(I think, you might need to do some tweaks like using express server instead of lite server. take a look here https://stackoverflow.com/a/37561973/6785908)
After initial development, you can copy over your AngularJS
resources to a Spring MVC (Spring Boot) server and use it to serve
your pages (as well as the rest APIs), just as you were doing
before.
Make the Angular App invoke the spring boot Service (I guess , you
are using the $http.post to submit the form, if that's the case you
can just change the URL so that it can hit spring boot app instead.)
For the production deployment, use nginx/httpd to serve the static
files (AngularJS/CSS etc) and route/proxy all the dynamic request to
the spring boot app.
I would strongly suggest the 3rd option.

How to apply Spring Security for multiple Spring Boot packaged web apps

I'm in the process of converting a Tomcat deployed web app to a Spring Boot packaged web UI. The original Tomcat WAR used Spring Security to secure URL's exposed by the web app. Within a short while I will be developing a second web app that will be deployed as a second discrete Spring Boot app.
Before using Spring Boot I would probably have encapsulated both web apps into a single WAR file using Spring Security to secure the URL's of both.
However, given that that there are now two distinct JAR's deployed onto two distinct servers, how do I apply a common Spring Security model? If a user is authenticated on web app #1 then I want that authenticated state to be recognized by web app #2, to avoid the user having to login again.
To reduce inter dependence should I configure each Spring Boot app to employ the same underlying Spring Security configuration? Or is there a different appraoch required?
An excellent article for your problem at https://spring.io/guides/tutorials/spring-security-and-angular-js/
You have to use #EnableRedisHttpSession and #EnableZuulProxy annotations.

Resources