I implemented spring cloud config server and pushed it to pivotal cloud foundry. I added the below listed security details in application.yml. I did a "get" on the config server endpoint without passing any security credentials. I am able to receive a successful response , but I was expecting it to return an error saying authentication details aren't passed. Please can you let me know what I am missing?
security:
basic:
enabled: true
user:
name: ctp_config
password: ctp_config
If you using Spring Boot, try add to dependency 'org.springframework.boot:spring-boot-starter-security'
Related
I want to add the ability to microservices to allow configuring endpoints and permissions for RBAC via Cloud Config Server. So if there is a service called mordor, then if I add following properties in its application.yml at Cloud Config Server's repo
rbac:
- endpoint: /v1/test1
method: GET
scopes: ["rest-write:all", "read-write:product"]
- endpoint: /v1/test2
method: POST
scopes: ["read-write:product"]
the endpoints mentioned above should be configured for RBAC. As of now, I am passing the scopes and permissions via Auth0 JWT and using it for authentication. But with this, I will be able to add RBAC also based on the permissions I configure in Auth0's dashboard.
What is the best way to proceed with this?
I am able to get the rbac endpoints from Cloud Config Server but the problem is how to add them to Spring Security. I already have a class OAuth2SecurityConfiguerer where httpSecurity is configured but I haven't been able to add endpoints to Spring Security because it might require iterating over the endpoints obtained from Cloud Config Server
Installed spring boot admin and server.
All client endpoints are visible in spring boot admin but after adding security dependency in client secured endpoints are not visible in admin.
Provided credentials of admin and client in application.yaml of client.
Had the same problem. Firstly, you need to share user and password from admin-client, this can be configured in yml file:
spring.boot.admin.client:
url: http://localhost:8080
instance:
metadata:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
Also you need to enable http basic in security config, because SBA server then uses this metadata to make http calls.
source: https://codecentric.github.io/spring-boot-admin/2.2.3/#_securing_client_actuator_endpoints
=
Getting forbidden error while accessing actuator running on different port other than application port using custom spring security configuration.
application.properties file
management.security.enabled=false
management.context-path=/manage
management.port=8085
server.context-path=/lnhcverifyhcp
server.port=8090
spring boot version - 1.3.3.RELEASE
Getting forbidden error on accessing actuator url's
I had the same issue, my mcAfee using that port. Actually 403 is from McAfee.
hit this url and see what you get - http://localhost:8081/
I'm assuming that you're using Spring Security with Spring Actuator. So, the configuration to escape the Actuator out the Security are:
endpoints:
health:
sensitive: false
management:
security:
enabled: false
Hope this help!
You can disable security on the management port by adding this to your application.properties file:
management.security.enabled=false
Or, set your own username and password:
See https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-monitoring.html
I am new to using config server for getting external configuration from Github repository.
In my application.yml file of spring boot application I have used below piece of lines and it works fine when I comment JWT authentication part in my application, spring boot application can fetch updated configurations from github repository.
security:
basic:
enabled: false
management:
security:
enabled: false
My question is what if I don't include above code in my yml file, will it work fine? because when i remove above lines, it throws 401 unauthorized error.
Second thing my spring boot application is secured with JWT authentication, when I enable my JWT authentication with yml file having above piece of code, then on providing valid token also it gives 403 forbidden error.
Someone please guide me how resolve this, I am trying to resolve this from last 1 week but no luck. Thanks in advance.
I believe you have <artifactId>spring-boot-starter-security</artifactId> as a dependency in your POM.xml and therefore you will always get a 401 Unauthorized if you do not provide the default password (which you can see in logs on service startup) and if you have removed that config from your bootstrap.yml
If you are getting a 403 Forbidden, then it means that the user was able to login with credentials (means authenticated successfully) but is not "authorized" to do the action being performed. Check the roles of the user(log them or debug).
I have Spring Boot based application deployed to AWS EC2 instances. The application is a Spring Cloud Config Client.
I would like to configure the URL to my Spring Cloud Config Server via AWS user data (using Spring Cloud AWS).
I can already access the user data via #Value annotations. However if I try to refer to user data inside bootstrap.yml, it's not able to resolve it.
spring:
application:
name: network-device-service
cloud:
config:
uri: ${SPRING_CONFIG_URI}
Any ideas if this it at all possible in bootstrap.yml?