SpringBoot + Thymeleaf + Security Dialect how to configure? - spring

I really new in Spring Boot and Thymeleaf and I working on a sample project which is implementing Spring Security. And I also want to use Thymeleaf Security Dialect for my project. As I read there is no need to create a configration for Security Dialect in case of Spring Boot.
First what I want to achieve is to show the logged in user in the view.
What I have done so far:
I added this div to view:
<div sec:authentication="name">
The value of the "name" property of the authentication object should appear here.
</div>
And added a dependecy to pom.xml:
<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.0.RELEASE</version>
</dependency>
If anybody has any idea please let me know.

I solved this issue, or I found a solution.
The problem is that I used a 3.0.0.RELEASE version of thymeleaf-extras-springsecurity4. With 2.1.2.RELEASE works fine.

Related

Spring basic security confiugred userid/password not working

Our application is based on Spring-boot 2.0. I've enabled basic security by adding the following dependency to pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.0.4.RELEASE</version>
</dependency>
I also have added properties so that I can define my own userid and password for basic security, instead of the generated ones. I defined them like this in /resources/applicaiton.properties file:
security.user.name=user1
security.user.password=pass1
When I startup my application, I can see that is still generates the password for me in the log. Also, I am unable to login using user1/pass1 combination. I can only successfully login with the user=user and password=generated-password-from-log file.
Why won't spring security allow me to login with user1/pass1? What could be the problem?
Those properties need the spring prefix.
spring.security.user.name=user # Default user name.
spring.security.user.password= # Password for the default user name.
If I want to configure something I often take a look at this List
I hope this helps.

Spring Infinispan - Setting expiry time for cached objects

We are currently using below. It's quite old, but cannot upgrade to higher version now
`
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-spring3</artifactId>
<version>6.4.0.Final-redhat-4</version>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-client-hotrod</artifactId>
<version>6.4.0.Final-redhat-4</version>
</dependency>
`
We have modified our code from something with a direct JDG implementation (as shown below) to SpringRemoteCacheManager in an XML based configuration file and are using Spring cache:advice to define cacheable, cahce-put, cache-evict methods.
See Current code where we have control to add expiry time. We want to do similar thing with Spring - Infinispan as well. With Spring - Infinispan we do not write any application code that puts/gets objects in/from cache as its handled by Spring annotations (#Cacheable / #CachePut)
Appreciate if anyone can provide any pointers
RemoteCache<Object, Object> cache = jdgRemoteCacheManager.getCache(cacheName);
cache.put(keyName, object, 15, TimeUnit.MINUTES);
Unfortunately Spring Cache support doesn't provide such methods (see the Javadocs). So it seems the only way is to use the RemoteCache API provided by Infinispan.
Perhaps you could implement your own #Cacheable annotation and implement all the functionality you need. But that's a Spring question really...

Spring-boot actuator: only some endpoints work

I'm trying to implement spring-boot actuator for the first time but I've noticed that:
It only works if I specify the version, otherwise not;
Only a few endpoints works among those declared by the /actuator endpoint response.
This is the dependencies I've inserted in my pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.9.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.4.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator-docs</artifactId>
</dependency>
...
</dependencies>
This is my application.properties:
#info for Spring Boot Actuator
info.app.name=Spring Sample Application
info.app.description=Application to demonstrate Spring REST HATEOAS and Actuator
info.app.version=1.0.0
When I make this http request:
http://localhost:8080/actuator
it returns me:
{"links":[{"rel":"self","href":"http://localhost:8080/actuator"},{"rel":"loggers","href":"http://localhost:8080/loggers"},{"rel":"env","href":"http://localhost:8080/env"},{"rel":"info","href":"http://localhost:8080/info"},{"rel":"heapdump","href":"http://localhost:8080/heapdump"},{"rel":"mappings","href":"http://localhost:8080/mappings"},{"rel":"metrics","href":"http://localhost:8080/metrics"},{"rel":"configprops","href":"http://localhost:8080/configprops"},{"rel":"autoconfig","href":"http://localhost:8080/autoconfig"},{"rel":"beans","href":"http://localhost:8080/beans"},{"rel":"auditevents","href":"http://localhost:8080/auditevents"},{"rel":"trace","href":"http://localhost:8080/trace"},{"rel":"health","href":"http://localhost:8080/health"},{"rel":"dump","href":"http://localhost:8080/dump"},{"rel":"docs","href":"http://localhost:8080/docs"}]}
Among these links, only /health and /info seem to work.
In fact, when I ask for /health it returns:
{"status":"UP"}
When I ask for /info it returnes:
{"app":{"description":"Application to demonstrate Spring REST HATEOAS and Actuator","name":"Spring Sample Application","version":"1.0.0"}}
How comes that all the other endpoints gives me Whitelabel error page?
Did you try to see the logs when you try other endpoints. It says
Full authentication is required to access actuator endpoints. Consider adding Spring Security or set 'management.security.enabled' to false.
I guess this is self explanatory. Configure atleast basic auth or set the above mentioned property to false.
Whitelabel error page that you see also says
There was an unexpected error (type=Unauthorized, status=401).
Here is the link for the doc related to this.
In my case I was getting 404 Whitelabel Error Page because only /actuator/health and /actuator/info are the only endpoints enabled by default (as mentioned on the Spring Boot Actuator documentation)
To enable the other endpoints I ended up adding this configuration to my application.yml:
management:
endpoints:
web:
exposure:
include: info, health, loggers, logfile, configprops
I found a posting at Baeldung where it says
Unlike in previous versions, Actuator comes with most endpoints disabled. (Link)
So add management.endpoints.web.exposure.include=*. to your application.properties.

spring boot 1.3.1 devtools hot reload not work if your project name is spring-boot

Spring boot 1.3.1.RELEASE, used devtools.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
Now I add some code in controller method, e.g.
logger.info("delete {} ", name);
but in eclipse console, nothing output, and access this url , the new add logger did not output. So why is so? why hot reload not work?
I found something could explain this phenomenon. Because my project name is spring-boot, and run Application class in eclispe you could see:
you could see after Application name appended (1)
I don't know what's this mean.
After rename project name to anything else(e.g. spring-boot-reservation), now I found devtools could work normally.
And this time the number after Application name is changed to 2,

Spring-Social-facebook + Spring MVC integration

I am trying to access facebook data via spring social facebook integration using the instructions provided at http://spring.io/guides/gs/accessing-facebook.
But currently i am facing 2 type of problem
When i run example as mentioned in tutorial i get following error
No matching bean of type [org.springframework.social.facebook.api.Facebook] found for dependency
When i run this with #Configuration on FacebookConfig class, i get below mentioned error
A ConnectionFactory for provider 'facebook' has already been registered
Is there a workaround to it?
I have kept the war file with source code at https://skydrive.live.com/redir?resid=EA49CD7184E0E40!168&authkey=!AIkoKKx5-Um8AQE
What version are you using?
Try using the version 1.1.0.RELEASE
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-facebook</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
If it not works, please try post the stacktrace printed.
You need to create a the beans to your class, please post more information like your pom.xml and your spring context configuration.
Ihad the same problem. Spring Social Facebook will automatically add connection factory based on the configuration in application.properties. This auto-configured connection factory is clashing with the one that you're trying to add. Try just to remove your connection factory you add through addConnectionFactories.
Try to use different setting to load your custom connection factory...
E.g. Instead of using OOTB keys use different keys:
#Facebook Social App Details:
# Commented below 2 OOTB Keys & Bingo it worked.
#spring.social.facebook.appId=APP_ID
#spring.social.facebook.appSecret=APP_SECRET
facebook.app.id=APP_ID
facebook.app.secret=APP_SECRET
This will resolve your problem.

Resources