Got a problem with authentication configuration with Spring Security 5.0.0.RC1 in a Spring Boot 2.0.0.M6 application. All the samples I've managed to find are being based on WebSecurityConfigurerAdapter (like this one for example), which on it's turn depends on the javax.servlet.Filter. As spring-boot-starter-webflux by default goes with Netty, expectedly there is no Servlet API implementation included, so the configuration done this way can't even be compiled.
Am I missing some Netty-compatible way of having authentication configured?
Related
I am developing a client application for client_credentials grant type flow in OAUTH2.
I am not able to decide on which dependency to use in my project for this purpose among the following.
spring-boot-starter-oauth2-client
spring-cloud-starter-oauth2
spring-security-oauth2
I referred this documentation from spring-projects in which under client-support section it had a table describing the available options. But I am not able to understand which column is referring to which of the above dependencies.
I want to configure a WebClient or RestTemplate which retrieves the OAUTH2 token from the auth-server automatically before accessing a resource-server.
Please guide me in choosing the right artifact for my project.
If you are using Spring Boot you should choose org.springframework.boot:spring-boot-starter-oauth2-client.
This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients.
You can read about how to configure client in the Spring Boot reference documentation.
You can also find additional details in the Spring Security reference documentation.
If you are not using Spring Boot then you should choose org.springframework.security:spring-security-oauth2-client. This also provides Spring Security's latest OAuth 2.0 Client support, but does not include the Spring Boot auto-configuration.
The corresponding documentation is also the Spring Security reference documentation.
The third dependency you mentioned org.springframework.security.oauth:spring-security-oauth2 should not be used because it is part of the legacy Spring Security OAuth project, which is now deprecated.
The functionality that this library provided has now been moved into Spring Security.
That is what the Migration Guide describes, the migration from the legacy project to the latest Spring Security support.
You should not use the org.springframework.cloud:spring-cloud-starter-oauth2 at this time, because it relies on the legacy OAuth support.
This is likely to change in the future, as the Spring Cloud team updates to the latest Spring Security support.
I'm actually having issues with this in Spring Boot 2.0 and Spring Security. I understand that Spring Security now secures everything, which inclues static resources, and have implemented the suggested line of code:
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
I've added this to my WebSecurityConfig, but it seems like my static resources still cannot be found/mapped/loaded. I'm upgrading from Spring boot 1.5.13 to 2.0.2. Everything is in it's appropriate location.
Anyone else still having this problem? Thanks!
While using Spring 5 reactive webflux with Spring boot 2.0, what's the default number of threads used to handle requests? How can I configure the number of threads used?
The default number of threads for request handling is determined by the underlying web server; by default, Spring Boot 2.0 is using Reactor Netty, which is using Netty's defaults (check out the EventLoopGroup documentation for that).
Spring Boot will soon allow you to customize that part (see #10418). In the meantime, you can provide your own ReactiveWebServerFactory bean and change that through the HttpServer configuration options (see this comment).
Currently, it seems that Spring Webflux 2.0 does not provide the ability to control threads.
Spring Webflux 2.0 is using Reactor-Netty. And ReactorNettyclass provides some configurations.
reactor.netty.ioWorkerCount
reactor.netty.ioSelectCount
reactor.netty.pool.maxConnections
etc
So, You can use it like this.
System.setProperty("reactor.netty.ioWorkerCount", "100");
I hope that Spring Boot will provide a custom configuration.
I am using spring-boot to develop webservices, but I don't want to use WsConfigurerAdapter to define a WSDL and all, because I want to deploy my war into WAS7 and it does not support Servlet 3.0. So how would I add a web.xml configuration into my application.
Spring Boot doesn't support Servlet 2.5 out of the box, however you can use Spring Boot Legacy to get things working. Take a look at the Google App Engine sample application for an example of how to use Spring Boot Legacy and web.xml.
You may also be interested in this Spring Boot issue which is proposing to make Spring Boot Legacy an official part of Spring Boot.
i have embedded activemq broker in spring boot application, current solution for authentication is SimpleAuthentication plugin, but i need some solution that use spring security for activemq authentication. I can't find what i need, did someone know how to resolve this problem?
ActiveMQ leverages Apache Shiro for advanced security configurations.
You always write your own authentication plugin that uses Spring security