Restriction for localhost is not working in SpringBoot web security - spring

Restriction for localhost is not working in SpringBoot web security.By commenting the configure method content, URL(http://127.0.0.1:8080/SPPA/runSPPAJob) is working otherwise error comes.
Code:
#EnableWebSecurity
#Configuration
public class AllowOnlyLocalhostFilter extends WebSecurityConfigurerAdapter
{
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/SPPA/**").
access("hasIpAddress('127.0.0.1')").anyRequest().authenticated();
}
}
Web Page Response:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon May 29 16:05:46 IST 2017
There was an unexpected error (type=Forbidden, status=403).
Access Denied
Log:
2017-05-29 16:05:46.482 INFO 3644 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/SPPA] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-29 16:05:46.482 [http-nio-8080-exec-1] INFO
o.a.c.c.C.[.[localhost].[/SPPA]-Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-29 16:05:46.485 INFO 3644 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-29 16:05:46.485 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization started
2017-05-29 16:05:46.684 INFO 3644 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 199 ms
2017-05-29 16:05:46.684 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization completed in 199 ms

Related

SpringBoot RestApi call 404 Not Found error

I have a SpringBoot application that I am able to start ( http://localhost:80 ).
In my application.yml :
application:
baseurl: /respViewer/api
In my application I defined a #RestController and an endpoint :
#RestController
#RequestMapping("${application.baseurl}/viewer")
....
#PostMapping(value = "/getRespList", consumes = MediaType.APPLICATION_JSON_VALUE,
produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Object> getResponsibilities(#RequestBody RequestDetail requestDetail)
When I try to access my application using Insomnia or through the Browser I am getting 404 Error.
http://localhost:8080/respViewer/api/viewer/getRespList
{
"timestamp": "2022-04-25T19:52:32.426+00:00",
"status": 404,
"error": "Not Found",
"message": "",
"path": "/respViewer/api/viewer/getRespList"
}
I also checked console output and found these messages :
POST "/respViewer/api/viewer/getRespList", parameters={}
2022-04-25 15:52:32.253 DEBUG 3744 --- [nio-8080-exec-1] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2022-04-25 15:52:32.382 DEBUG 3744 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-04-25 15:52:32.387 DEBUG 3744 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : Completed 404 NOT_FOUND
What am I doing wrong?
Update 1 :
I added packages location where I have a REST Controller to application.yml :
spring:
component:
scan:
packages: com.example.demoRespManager
and now I am not getting 404 Error, however it doesn't look like I am getting into the body of implementation method. I setup a break-point in the first line of the method but never stop there. An output in the Console is :
2022-04-25 21:25:43.749 INFO 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-04-25 21:25:43.750 DEBUG 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : Detected StandardServletMultipartResolver
2022-04-25 21:25:43.915 DEBUG 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
2022-04-25 21:25:43.915 INFO 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : Completed initialization in 166 ms
2022-04-25 21:25:44.134 DEBUG 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : POST "/respViewer/api/viewer/getRespList", parameters={}
2022-04-25 21:25:44.180 DEBUG 27996 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Using #ExceptionHandler com.<my_package_path>.exception.ApplicationExceptionHandler#handleException(Exception, WebRequest)
2022-04-25 21:25:44.254 DEBUG 27996 --- [nio-8080-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : No match for [application/json], supported: []
2022-04-25 21:25:44.261 DEBUG 27996 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolved [org.springframework.web.HttpMediaTypeNotSupportedException: Content type '' not supported]
2022-04-25 21:25:44.262 DEBUG 27996 --- [nio-8080-exec-1] o.s.w.s.DispatcherServlet : Completed 415 UNSUPPORTED_MEDIA_TYPE
UPDATE 2 :
In the Header section of the INSOMNIA application I added Content-type = application/json, since I defined it in my endpoint, and after that it started to work. I was able to start an application in the DEBUG mode and when I made a POST request in INSOMNIA I stopped at the first line of my method implementation.
I solved this issue :
updated my properties file with the list of the packages that contain the beans, it's an equivalent of #ComponentScan in Application ( spring.component.scan.packages )
Added Content-type = application/json to the Header in the Insomnia.

How to make swagger work with Spring boot and ssl?

I have a Spring boot app and I am trying to add swagger to it.
However, after activating SSL, swagger cannot load the resources.
The dependencies I am using in gradle are
implementation("org.springdoc:springdoc-openapi-ui:1.6.6")
implementation("org.springdoc:springdoc-openapi-kotlin:1.6.6")
implementation("org.springdoc:springdoc-openapi-security:1.6.6")
There might be a problem with my HttpSecurityConfig
override fun configure(http: HttpSecurity?) {
http!!.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.requiresChannel {
it.anyRequest().requiresSecure()
}
.authorizeRequests().antMatchers("auth/refresh")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successForwardUrl("/home")
.and()
.addFilter(CustomAuthenticationManager(authenticationManagerBean(), jwtService, encoder()))
.addFilterBefore(
JwtAuthenticationFilter(userDetailsService, jwtService, JWT_AUTH_WHITELIST, SWAGGER_WHITELIST_PREFIX),
UsernamePasswordAuthenticationFilter::class.java
)
}
I have tried adding a swagger whitelist or something, but still doesn't resolve the issue.
I have tried configuring web security like that
override fun configure(web: WebSecurity?) {
web!!.ignoring()
// allow anonymous resource requests
.antMatchers(
HttpMethod.GET,
"/",
"/v3/api-docs", // swagger
"/webjars/**", // swagger-ui webjars
"/swagger-resources/**", // swagger-ui resources
"/configuration/**", // swagger configuration
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-ui/"
)
}
but to no avail.
As for the properties that I am using for the ssl config
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=pkcs12
server.ssl.key-password=password
server.ssl.enabled=true
server.port=8443
And the debug message upon every attempt to go to the swagger home page is
2022-03-24 21:14:49.167 INFO 124836 --- [nio-8443-exec-4] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-03-24 21:14:49.167 INFO 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected StandardServletMultipartResolver
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected AcceptHeaderLocaleResolver
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected FixedThemeResolver
2022-03-24 21:14:49.170 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator#6a175162
2022-03-24 21:14:49.171 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.support.SessionFlashMapManager#6da86e98
2022-03-24 21:14:49.171 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
2022-03-24 21:14:49.171 INFO 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms
2022-03-24 21:14:49.217 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : GET "/swagger-ui/", parameters={}
2022-03-24 21:14:49.240 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/webjars/]]
2022-03-24 21:14:49.249 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-03-24 21:14:49.250 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2022-03-24 21:14:49.260 DEBUG 124836 --- [nio-8443-exec-4] o.s.security.web.FilterChainProxy : Securing GET /error
2022-03-24 21:14:49.263 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.c.ChannelProcessingFilter : Request: filter invocation [GET /error]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
2022-03-24 21:14:49.265 DEBUG 124836 --- [nio-8443-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-03-24 21:14:49.268 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-03-24 21:14:49.269 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.session.SessionManagementFilter : Request requested invalid session id 16CDDEC21653310720625F5BEF0EF604
2022-03-24 21:14:49.270 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized public object filter invocation [GET /error]
2022-03-24 21:14:49.272 DEBUG 124836 --- [nio-8443-exec-4] o.s.security.web.FilterChainProxy : Secured GET /error
2022-03-24 21:14:49.272 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}
2022-03-24 21:14:49.277 DEBUG 124836 --- [nio-8443-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2022-03-24 21:14:49.318 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, text/html;q=0.8]
2022-03-24 21:14:49.326 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
2022-03-24 21:14:49.326 DEBUG 124836 --- [nio-8443-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
I have tried following other SO answers, like configuring web mvc configures, adding resource and location handlers, but to no avail. If I switch off the ssl, everything works just fine.
As far as I understand the issue is the access to the internal resources or maybe the path the resources.
Maybe I could bypass it by having it run on a different app?

Wrong Header of the API versioning of the Post Request does not come to handleNoHandlerFoundException?

I am using Spring Boot v2.1.7 + HATEOAS + Spring Rest + Spring Security. When consumer doesn't pass the correct Custom Header in the request, say passes X-Accept-Version=v5, it gives me below error.
Error:
2020-03-26 15:44:48.201 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : POST "/employee-catalog-api/reference-types", parameters={}
2020-03-26 15:44:48.216 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2020-03-26 15:44:48.217 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] .m.c.d.m.p.s.SAMLUserIdentityServiceImpl : Trying to get UserId from Security Context
2020-03-26 15:44:48.224 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#5c85f23b
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Code:
#PostMapping(path = "/employee-types", headers = {X-Accept-Version=v1})
public ResponseEntity<Integer> saveEmployeeType(#Valid #RequestBody EmployeeDto employeeDto) {
.....
......
......
return new ResponseEntity<>(HttpStatus.OK);
}
Why its not coming to handleNoHandlerFoundException of the #ControllerAdvice ?
#Override
protected ResponseEntity<Object> handleNoHandlerFoundException(NoHandlerFoundException ex, HttpHeaders headers,
HttpStatus status, WebRequest request) {
...................
return handleExceptionInternal(ex, error, getHeaders(), HttpStatus.BAD_REQUEST, request);
}
I was able to solve this issue by taking a reference from : How to set default value of exported as false in rest resource spring data rest.
By adding below logic, it works greatly.
#Component
public class SpringRestConfiguration extends RepositoryRestConfigurerAdapter {
#Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.setRepositoryDetectionStrategy(RepositoryDetectionStrategy.RepositoryDetectionStrategies.ANNOTATED);
config.setExposeRepositoryMethodsByDefault(false);
}
}

Spring boot web application starts dispatcherServlet 2 times

When it receives first request it initiates dispatcherServlet 2 times. Then all requests to this app is served 2 times. It's happening on Linux only not on Windows. Log entries below:
[2016-01-20 10:52:39.125] boot - 3367 INFO [http-nio-8090-exec-1] --- [/]: Initializing Spring FrameworkServlet 'dispatcherServlet'
[2016-01-20 10:52:39.125] boot - 3367 INFO [http-nio-8090-exec-1] --- [/]: Initializing Spring FrameworkServlet 'dispatcherServlet'
[2016-01-20 10:52:39.129] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization started
[2016-01-20 10:52:39.129] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization started
[2016-01-20 10:52:39.156] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization completed in 27 ms
[2016-01-20 10:52:39.156] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization completed in 27 ms
App has dependency to: spring-boot-starter-tomcat, spring-boot-starter-web
It main class and controller:
#RestController
class LogController {
public static final Logger LOG = LoggerFactory.getLogger(LogController.class);
#RequestMapping("/getErrors")
public Map<String, String> getErrors() {
//call to methods
}
}
#EnableConfigurationProperties
#SpringBootApplication
#EnableScheduling
//#EnableWebMvcSecurity
public class LogAppConfiguration {
public static void main(String[] args) {
SpringApplication.run(LogAppConfiguration.class, args);
}
}
I have tried removing the EmbeddedServletContainerFactory bean(not shown above). Still it occurs.

Spring boot can't mapp to the links in HTML

I am using Spring boot starter project with maving pluging,
spring boot can't know the links in my HTML templates.
this is my controller :
#Controller
#EnableAutoConfiguration
#ComponentScan
public class Demoproject2Application {
#RequestMapping("/")
public String home() {
return "/html/Authentification";
}
}
and this is the Authentification.HTML:
<!DOCTYPE html>
<html>
<head>
<title>Authentification</title>
<link rel="stylesheet" type="text/css" href="css/style2.css" />
and this is the error :
2015-02-19 14:29:58.749 INFO 5136 --- [nio-8090-exec-1] o.a.c.c.C.[Tomcat]. [localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2015-02-19 14:29:58.749 INFO 5136 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2015-02-19 14:29:58.774 INFO 5136 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 25 ms
2015-02-19 14:29:59.086 WARN 5136 --- [nio-8090-exec-2] o.s.web.servlet.PageNotFound : No mapping found for HTTP request with URI [/css/style2.css] in DispatcherServlet with name 'dispatcherServlet'
2015-02-19 14:30:00.813 WARN 5136 --- [nio-8090-exec-4]o.s.web.servlet.PageNotFound
here is a snapshot of the hierarchy of my project :
https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-xfp1/v/t1.0-9/11011221_811266045595770_3095529215585152558_n.jpg?oh=a51a1196651bd62c81a76679869c1bdd&oe=558FD62B&gda=1431221666_e2d5202a80db81801ed9903c48014130
If you didn't changed any defaults it should be served when you put it into src/main/resources/static/css/style2.css. Please see official documentation.

Resources