Spring Boot -1.5.3.Release Version - Enabled with Security Features? - maven

I use Spring Boot - 1.5.3.Release Version for my project. Simply tested my demo application with Actuator and Dev-tools plugin from spring boot initializer site. (Hence I no longer needed to share my POM, as it is default).When I launch my application and try to hit the metrics End Point URL, I get this 401 Unauthorized status (image given below).
Following Options Tried to Bypass this exception
I excluded the SecurityAutoConfiguration on my main Class.
#SpringBootApplication
#EnableAutoConfiguration(exclude= {org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class})
public class MainConfig {
But the above option didn't work.
When I downgrade my Spring-Boot - 1.4.6.RELEASE Version, I didn't get the UnAuthorized Exception. My Application worked like a charm :-)
Questions
Is there any Specific Security Enhancements have been made in the latest release of Spring-Boot (1.5.3.RELEASE Version)?
If at all any enhancements made, let know the community on how to bypass such kind of exceptions?
I also, noticed that when using Spring-boot (1.5.3.RELEASE) it doesn't show any exceptions on startup, even though I have multiple main program in my IDE build path. Is that also an enhancement is spring-boot (1.5.3.RELEASE) version?
Kindly clarify.

From the Spring Boot 1.5 Release Notes:
If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false.

Related

Camunda WebApp couldnt be started in SpringBoot

maybe somebody can help me with my problem. Currently trying to get Camunda running within my Spring Boot App. The Core Camunda Parts i could get running, but now i would like to add also the WebApps of Camunda (Cockpit / Tasklist etc.)
i added the dependency:
<dependency>
<groupId>org.camunda.bpm.springboot</groupId>
<artifactId>camunda-bpm-spring-boot-starter-webapp</artifactId>
<version>7.13.0</version>
<scope>provided</scope>
I tried to access it via the localhost:8080/camunda/app/welcome/ but besides of the Loading indicator i cant see anything. In my Spring Boot Application instead I see that a lot of Java Script couldn't be found from Frontend Request. e.g getting the error 404 /localhost/camunda/require.js not found.
Has anybody any idea what i am doing wrong. I tried it once with an empty Spring Boot Project and there it was working fine, but adding it to an existing project causes this issue.
More information on your project (depenedency:tree) would be required to tell why. Most likely you have included incompatible versions. Clearing the browser cache or trying in a private window may also help.
You can always create a clean Spring Boot setup with compatible library / Spring Boot versions including engine, REST API, Web Apps (and possibly security, Camunda BPM assert) using https://start.camunda.com/.

IntelliJ IDEA does not display run icon for #RequestMapping

I am in the middle of setting up a Spring Boot application in IntelliJ idea. I was reading about IntelliJ's Spring Boot support and I'm supposed to be able to see a green run icon in the gutter of my #RestController next to my #RequestMapping. The application is working fine and I can even see the mapping in the Run tab under Mappings. I was wondering what I'm missing?
I've created a project using Spring Initializr to show the problem. The issue is reproducible in the DemoController and the project is available on Github
It doesn't work because of the known IntelliJ IDEA bug specific to Spring Boot 2.2.x versions.

Spring Boot and dependency for spring-security-jwt

I'm migrating a Spring Boot project from boot 1.5.x to 2.0.x.
In the 1.5.x project I see that the following dependency is being used:
dependencies {
...
compile("org.springframework.security:spring-security-jwt")
...
}
The version of the spring-security-jwt is managed by Spring and I can verify that here. Namely:
<spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
The same dependency fails to resolve when I move to Boot 2 because it is no longer managed by Spring. I can verify that here...
Is this a bug or it is removed and included in another lib? Somehow I can't find clues in the docs... Shall I manage the version manually now?
The spring-security-jwt (and OAuth as well I guess) are now obsolete. Spring Security 5 added that support to the core library instead of an extension of the framework.
See here for a list of tickets related to the core JWT and OAuth support.
So in short you don't need that dependency anymore, although if you have custom filters and functionality build around that it would require using different classes/packages and features.

Handling different Spring Boot versions in custom Spring Boot Autoconfiguration projects

In custom Spring Boot Autoconfiguration projects I usually have some dependencies which are marked as optional. As I need them for compilation, but expect users of my autoconfig to include them manually in their own POM, or they will be provided by the Spring Boot dependencies.
How do I ensure that users of different Spring Boot versions can use my autoconfig without dependecy/version problems?
I see two non-optimal solutions; are there more?
Hoping that the API stays the same
Just hope that the API of my dependencies stays stable over minor version changes, so that if I developed and compiled my Autoconfig e.g. with Spring Boot 1.4.x, the API which I used is still the same with 1.5.x, etc.
I then wouldn't necessarily expect it to work e.g. for Spring Boot 2.x, and would put a corresponding note into the readme.
Explicitly tracking each Spring Boot version
Explicitly build a version for at least each minor Spring Boot version, but possibly even for each Patch version? Who knows when a breaking API change could happen. I would then need to document for which exact Spring Boot version my autoconfig is intended. But this is a lot of work.
Of course Spring Boot's own autoconfig project is developed in lockstep with Spring Boot, so that any problems will be fixed in the same release.
But my own autoconfig might have been developed once and not expect many changes afterwards. How do I ensure that my autoconfig keeps working as long as possible even as the "users" of my autoconfig are updating their Spring Boot version dependencies?

how to deploy Spring boot actuate application in external tomcat server

Im trying to just use the basic endpoints that comes with spring actuate and want to deploy in the external tomcat server without using spring boot. How to achieve this, could anyone help me please. Is there any configuration changes that I need to do. This website gives an idea but it uses older version of spring-boot-actuate. Also EndpointHandlerMapping and EndpointHandlerAdapter doesnt come with newer version of spring boot actuate.
Anyways I get 404 resource not found when deploying to the server.
Check out this question to see if it helps you. The Actuator component is a Spring Boot feature but you can use individual components within an existing application with the right build and configuration setups.

Resources