I have created a sample SOAP Web Service project (spring boot) and trying to integrate Okta as a resource server for authentication.
I am able to deploy the application to WebLogic, but when testing the service using SOAP UI, it gives the response even when there is no Token included in the header.
When I access WSDL from a browser using my wsdl url, http://myhost:port/appservice/app.wsdl I see the 401 error, so I think it is picking up the Security config changes. But it is not working for SOAP requests, I would get response even with out Okta token.
Is it because for SOAP requests, do I need to include any interceptors on top of Security Config java file. Or am I taking a wrong path for security with SOAP. Can someone let me know what am I missing or point me to right direction. Is token validation part of WS-Security? or the authentication manager in Okta resource server enough for this?
I followed this documentation to create it.
I have read most of the SO questions related to this and spring documentation, but could not connect the missing dots. Please help me with this. After spending lot of time, I felt like I was moving in circles.
UPDATE:
I have enabled spring security debug logs by doing below
#EnableWebSecurity(debug=true)
logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
UPDATE2:
I haven't made any big changes to my configuration, but when I ran the project on embedded tomcat locally, it started working. To run on Tomcat, I changed packaging from war to jar, excluded Tomcat in my POM and in my Main class, I had to remove the SpringBootServletInitializer and WebApplicationInitializer. That's it. I tested SOAP UI with the Okta bearer token and it gave me response. With out the token it did not give me response.
Spring Security not working only in case of WebLogic12c. I don't know what I am missing to include for that to work in WebLogic. when deployed through Tomcat, request is passed through all the beans in Security Filter Chain {
WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter,
LogoutFilter,
BearerTokenAuthenticationFilter,
RequestCacheAwareFilter,
SecurityContextHolderAwareRequestFilter,
AnonymousAuthenticationFilter,
SessionManagementFilter,
ExceptionTranslationFilter,
FilterSecurityInterceptor}
But on WebLogic, the request is passed only through first four beans in Security Filter Chain {WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter}
I just wanted to update the alternate solution I found for this problem, for completeness.
Spring Security Filter chain was not working for Weblogic, where as same was working in Tomcat, even for Weblogic version 12.2.1.4.
I had followed this example, and implemented Okta filter as spring boot version was not working in Weblogic 12.2.1.4.
Thanks to #Toerktumlare, I have implemented logging with logback-spring.xml
I've got a few Spring Boot web apps that are functioning fine, but I get a ton of spam related to 'Did not find handler method for X' since using Spring Boot 2.0.4. I get it for static content as well. This is a Spring Boot 2.0.4/Thymeleaf app. It's not affecting the functionality of the app at all as all content is being served but it's quite annoying. Any ideas?
I was able to filter it out through logging.level.org.springframework.boot=INFO.
I am just starting with Spring Integration with Spring Boot 2.
I am working on a application which uses Spring Integration's HTTP outbound gateway to consume a Spring boot Service.
I am consuming the spring boot service from Spring Integration application using Gateway.
When I call the Gateway method which in turn will use the outbound gateway to call the spring boot service, the request does not seem to be completed. It is just going on when I make the HTTP GET request via the browser.
The request is also not received by the Spring Boot service.
I am not able to identify what is wrong in my Integration application when using gateway to consume a Spring Boot 2 service.
I have shared my Spring Boot 2 Application and also the Integration application which I am using to consume it in the below github folder. it contains 2 folders, one for the spring Integration application and the other for the spring boot application.
https://github.com/gsamartian/spring-int-demos
I have exposed a REST interface for the Integration application using RestController.
I access the boot application from integration application via the url, http://localhost:8763/callExternalServiceViaGateway
I am able to access the spring boot application directly from its port.
If anyone can help me identify the cause it would be great.
Thanks,
Your problem that the gateway method is without any args:
#Gateway(requestChannel = "get.request.channel", replyChannel = "reply.channel")
String getCustomMessage();
In this case the gateway works as receiving. No any requests is send because nothing to wrap to the payload. See more info on the matter in the Reference Manual.
Right now I see several bugs with the payloadExpression and no arg, so I suggest you to add some String payload arg to the getCustomMessage() gateway method and perform it with an empty string.
Will take a look into the bugs and will fix them soon.
Thank you for a good sample how to catch and reproduce!
https://jira.spring.io/browse/INT-4448
https://jira.spring.io/browse/INT-4449
I got a Spring boot REST based proxy server application with standard REST End point exposed(GET, POST,PUT and DELETE) to outside world.
Any requests coming from external world then will be routed to actual functionality internally.
Now the requirement is to expose all the API supported by my REST proxy server. As I mentioned I do not have static controller path in my code for individual APIs. So would like to get your input how to create swagger support for all the internal APIs that my proxy server support. Is there are a way I can generate swagger schema manually to mimics the controller path? Or is there any other way to solve this problem?
Thanks in advance.
I have successfully integrated Spring and Jersey via Spring Boot' starter POMs, and I have a couple Jersey endpoints. Now I'd like to unit test the resources. I can't seem to get MockMvc working. I get a 404 error when attempting to GET a resource endpoint.
I know there is a Jersey test framework out there, but it appears to launch a server. I'm hoping to avoid "integration" type tests and keep this as simple as possible. Can I do this with MockMvc?
Unfortunately doesn't seem to be possible as MockMvc doesn't actually start servlet container.
You can use
RestTemplate to fire requests against server started on localhost. Here are examples from Spring Boot repo: Example 1 and Example 2.
Rest Assured library