We have Spring Boot Application(version 1.5.8). We tried to check if it's compatible with upcoming Spring Boot 2 release (currently it's M5).
And two classes are missing in spring-boot-autoconfigure dependency(UserInfoTokenServices and ResourceServerProperties).
Are there any replacements of them?
Thanks
Try it this. it's helped me with Oauth2 after migration to SpringBoot 2.
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
Quoting Spring Boot 2.0.0.M5 release notes
Functionality from the Spring Security OAuth project is being migrated
to core Spring Security. OAuth 2.0 client support has already been
added and additional features will be migrated in due course.
If you depend on Spring Security OAuth features that have not yet been
migrated you will need to add
org.springframework.security.oauth:spring-security-oauth2 and
configure things manually. If you only need OAuth 2.0 client support
you can use the auto-configuration provided by Spring Boot 2.0. We’re
also continuing to support Spring Boot 1.5 so older applications can
continue to use that until an upgrade path is provided.
I think you have to define oauth2 dep, like
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
Related
I am confused what is the different between these dependencies and which one should I use. Would you explain the differences?
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<!---------------------------------------------------------->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
and when to use
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
spring-boot-starter-xxx are with no surprise starters for applications with Spring. It:
pulls most the dependencies you need on a subject
auto-wires many useful beans
enables to define many configuration options from properties (application.properties, application.yaml, command line arguments, environment variables,...)
For OAuth2, there are two starters provided by Spring:
spring-boot-starter-oauth2-resource-server if your app is a resource-server (contains #RestController or #Controller with #ResponseBody)
spring-boot-starter-oauth2-client if your app is a client
#Controller with methods returning a template name
using a REST client like WebClient to consume a web-service secured with OAuth2
I also wrote starters which are thin wrappers arround spring-boot-starter-oauth2-resource-server and enable to replace all of necessary Java configuration with just a few properties. Refer to README and tutorials for more details (and to figure out how much effort and errors it can save)
It is possible for an app to be both a resource-server and a client, in which case you'll need to declare both starters in your dependencies.
You can have a look at the tutorials I already linked if you have doubts on how to configure resource-servers. There are a few whith Spring starters or mine. One is even both a resource-server and a client with Thymeleaf page consuming secured REST resources with WebClient)
You don't need to declare dependencies on spring-boot-starter-security, spring-security-oauth2-client or spring-security-oauth2-jose when using OAuth2 starters as all are transitive dependencies.
spring-security-config is useful for defining Spring #Beans in Java configuration files. You might need it in addition to starters.
Which's the difference between
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-mongodb</artifactId>
</dependency>
and,
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-mongodb</artifactId>
</dependency>
I'm developing an spring boot service.
spring-boot-starter-data-mongodb contains configuration classes for Spring Boot. It also includes the spring-data-mongodb library so you would only need to include the start in your boot app:
https://search.maven.org/artifact/org.springframework.boot/spring-boot-starter-data-mongodb/2.0.5.RELEASE/jar
spring-boot-starter-data-mongodb is a spring boot starter pom. For more information on starters:
spring-boot-starters
Dependency management is a critical aspects of any complex project. And doing this manually is less than ideal; the more time you spent on it the less time you have on the other important aspects of the project.
Spring Boot starters were built to address exactly this problem. Starter POMs are a set of convenient dependency descriptors that you can include in your application. You get a one-stop-shop for all the Spring and related technology that you need, without having to hunt through sample code and copy paste loads of dependency descriptors.
Can't see Zipkin Server when using Spring Initializer . Has it been removed? What is the alternative?
Zipkin Server is not part of Spring initializers. You have to use the official release of the Zipkin server
https://github.com/openzipkin/zipkin#quick-start
And custom servers are not supported anymore meaning you can't use #EnableZipkinServer anymore since 2.7
https://github.com/openzipkin/zipkin#quick-start
Lately I have been trying the same and couldn't find that option in initializer. I am just posting this if anyone encounters the same issues and lands on this page. You can refer below sample GitHub project which is consists of four micro services ( zipkin server, client, rest service, and Eureka ) using Edgware release with latest version of sleuth.
Sample Zipkin Server/Client
Create spring starter project and add the below dependencies manually.
<dependency>
<groupId>io.zipkin.java</groupId>
<artifactId>zipkin-server</artifactId>
<version>2.12.0</version>
</dependency>
<dependency>
<groupId>io.zipkin.java</groupId>
<artifactId>zipkin-autoconfigure-ui</artifactId>
<version>2.12.0</version>
</dependency>
I'm trying to learn Spring boot and I notice there are two options.
spring-boot-starter-web - which according to the docs gives support for full-stack web development, including Tomcat and web-mvc
spring-boot-starter-tomcat
Since #1 supports Tomcat why would one want to use #2?
What are the differences?
Thanks
Since #1 supports Tomcat why would one want to use #2?
spring-boot-starter-web contains spring-boot-starter-tomcat. spring-boot-starter-tomcat could potentially be used on its own if spring mvc isn't needed (contained in spring-boot-starter-web).
Here is the dependency hierarchy of spring-boot-starter-web:
What are the differences?
spring-boot-starter-web contains spring web dependencies (including spring-boot-starter-tomcat):
spring-boot-starter
jackson
spring-core
spring-mvc
spring-boot-starter-tomcat
spring-boot-starter-tomcat contains everything related to an embdedded tomcat server:
core
el
logging
websocket
What if you want to use spring mvc without the embedded tomcat server?
Just exclude it from the dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
Well a simple answer is that not all web applications are SpringMVC applications. For example if you wish to use JaxRS instead perhaps you have client applications that use RestTemplate and you like how they interact it doesn't mean you can't use spring boot or embedded tomcat
Here is an example application that uses spring-boot-starter-tomcat but not spring-boot-starter-web
Simple Jersey application in spring boot using spring-boot-starter-tomcat
https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-jersey
It's also important to remember that tomcat is not the only option for an embedded servlet container in spring boot. It's also easy to get started using jetty. And having spring-boot-starter-tomcat makes it easy to exclude all as one module while if they were all just part of spring-web it would be more work to exclude the tomcat libraries to bring in spring-boot-starter-jersey instead
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
I copied this code from another SO question here.
How to configure Jetty in spring-boot (easily?)
Can you explain to me how to properly build a web app with Spring? I know that the latest version of Spring framework is 4.0.0.RELEASE, but the latest version of Spring Security is 3.2.0.RELEASE, and it depends on spring 3.2.6... maybe i'm wrong :)
How can I integrate it with Maven?
Can I use Spring 4 or must I use the previous version?
What is the proper way?
If it`s not hard for you could you show me you pom.xml?
You should be fine using Spring 4. As described in the documentation:
"Spring Security builds against Spring Framework 3.2.6.RELEASE, but is also tested against Spring Framework 4.0.0.RELEASE. This means you can use Spring Security 3.2.0.RELEASE with Spring Framework 4.0.0.RELEASE."
They go on to describe strategies for integrating Spring 4 with Spring Security in your project. Like this one:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.0.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>