We have a Java 8 backend application using SprintBoot with an embedded Jetty server.
The UI for the application is a thymeleaf UI.
Currently I have enabled authentication by integrating with Okta using the spring security SAML extension.
Now we have several REST endpoints in our backend and we would want them to be authenticated as well.
Upon reading, I started Okta OpenID Connect can be one choice which issues a JWT. However I am not clear on how to use this. How can I support both my SAML Authentication for Web UI and Authentication using OpenID Connect for my Rest Endpoint.
If your client (Thymeleaf) is in your Spring Boot application, I'd suggest using Stormpath's Spring Boot Starter. This will give you authentication for your UI and security for your REST endpoints. The 2.0.0-rc1 release is compatible with Okta. In your pom.xml, you'll need the following XML:
<properties>
<stormpath.version>2.0.0-okta-rc1</stormpath.version>
</properties>
<dependencies>
<dependency>
<groupId>com.stormpath.spring</groupId>
<artifactId>stormpath-default-spring-boot-starter</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.stormpath.sdk</groupId>
<artifactId>stormpath-bom</artifactId>
<version>${stormpath.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Related
I want to enable actuator for health check in PCF for the non web or batch or commandLineRunner spring boot application.
Could some one please share some details to resolve this issue.
Please let me know if any other details required
I tried the below options
Adding actuator dependency
Adding http and jmx related properties
Since localhost:8081/actuator is not accessible could not view endpoints
How to enable url for non web app
add
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
application.properties
spring.jmx.enabled = true
management.endpoints.jmx.exposure.include=*
management.endpoints.jmx.domain=com.example.demomail
management.endpoints.jmx.unique-names=true
run jconsole find your application name then connect.
find Tab MBeans, find com.example.demomail in left tree.
As far as I understand you need to enable the Actuator endpoints.
You must add the Spring Boot Actuator dependency (as you have already done).
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
Then in your application.properties file enable HTTP and JMX support (as you have already done).
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
management.endpoint.jmx.exposure.include=*
Now you will have to push your app to PCF and create a binding to a route to create access for the Actuator endpoint/s.
The URL to access the actuator endpoint will be something like this http://<route-url>/actuator/health
In the command line, I would use something like this to return a list of routes and the URL route of the application.
cf curl /v2/apps/<app-guid>/routes
I have got custom starter application (library) which has actuator and prometheus dependency
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<version>1.5.2</version>
</dependency>
in application.properties
management.endpoints.web.exposure.include=health, info, metrics, prometheus
I am using this starter in my other applications and I want to pass also this exposition of the endpoints from the starter.
Actuator and Prometheus dependecies works in applications but not show selected endpoints in starter. Ofc I can add also line with management.endpoints.web.exposure.include=health, info, metrics, prometheus to my apps but with several apps using this starter I want to pass this once for all and change endpoints only in starter if needed.
Do you have an idea how to expose those endpoints in my app which are set in starter?
Spring Boot v2.3.2 /
Maven 3.6.3
You can pass this as command line args or as ENV vars to your jar, when you start your application.
This way you can pass it to required application, as and when needed w/o updating application.properties.
It will also safeguard against exposing the actuator endpoints when not required, as actuator endpoints reveal sensitive info about the application.
eg. java -Dmanagement.endpoints.web.exposure.include=health, info, metrics, prometheus -jar myapp.jar
I have a spring cloud config server configured over spring cloud bus over kafka.
I am using Edgware.RELEASE with boot 1.5.9.
When I send a POST request to the endpoint /bus/refresh with destination=clientId:dev:** in the body via POSTMAN to config server, all the clients get their beans refreshed even though their clientId doesn't match the value in the destination field.
Here are additional configuration details:
spring cloud config server
pom.xml
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-monitor</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bus-kafka</artifactId>
</dependency>
application.properties
server.port=8888
management.security.enabled=false
spring.cloud.bus.enabled=true
spring.kafka.bootstrap-servers=localhost:9092
I have two config clients with id - config-client1 and config-client2
After changing an application property in the repository for config-client2, I submit a POST request to /bus/refresh endpoint on the config server, with destination=config-client2:dev:** in the body of the request. I was hoping this would refresh/re-initialize the beans only in config-client2 application. But I noticed beans in config-client application are also refreshed/re-initialized. I also noticed config-client application receiving refresh event along with config-client2.
I was hoping only config-client2 application receives the event and its beans are the only ones that are refreshed as a result of it.
Wondering if I am missing any configuration setting to enable granular refresh at specific client level.
I did go through the document posted at - http://cloud.spring.io/spring-cloud-static/Edgware.RELEASE/single/spring-cloud.html, but the results are not as explained.
Any help with a working example is appreciated.
You can use:
curl -X POST http://localhost:8001/actuator/bus-refresh/config-client2
You also need this in your application.properties or .yml.
spring.cloud.config.uri=http://localhost:8001
spring.cloud.config.uri should point to your Spring Config Server
I want to use zuul as a proxy server in my application, but I don't want to use spring boot actuator, I tried to remove it from the dependency as follow:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-zuul</artifactId>
<version>${spring-cloud-netflix.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</exclusion>
</exclusions>
</dependency>
However, it will cause some ClassNotFoundException.
I don't need spring boot actuator in my application, but it has so many autoconfiguration in spring boot that will produce many endpoints that I don't want.
Is there any good way to solve this?
The issue has been addressed in spring cloud netflix 1135. It will be available shortly in Brixton.SR2.
In the "Bootiful" Applications with Spring Boot Spring One 2014 section(https://www.youtube.com/watch?v=HCyYEVRZISk), Josh mentioned that it is easy to add the Boot Actuator to a Spring (non-bootiful) application. I assume that an Actuator configuration is needed somehow, but can't find how it shall be done.
Just add the starter to your pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
... and the endpoints such as /health will be available.