I am using spring boot with the bootstrap dependency. After implementing a portion of code I am unable to load my webpage with bootstrap (the page will load but it will not utilize bootstrap). I am using the spring bootstrap dependency. Anyone have similar results using spring boot and thymeleaf?
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers().permitAll().anyRequest().authenticated().and().formLogin()
.loginPage("/login").permitAll().and().logout().permitAll();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
If the problem if reportet to css I use a configuration like this
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class WebSecurityContext extends WebSecurityConfigurerAdapter {
...
#Override
protected void configure(HttpSecurity http) throws Exception {
http....
.and()
.authorizeRequests()
.antMatchers(LOG_IN_URL_PAGE,
LOG_OUT_URL_PAGE,
"/css/**",
"/js/**",
"/img/**",
"/**/favicon.ico",
"/webjars/**",
"/signup").permitAll()
.antMatchers("/**").fullyAuthenticated()
.anyRequest().authenticated();
}
...
}
webjars dependency in my pom
<!--static assets-->
<dependency>
<groupId>org.webjars</groupId>
<artifactId>jquery</artifactId>
<version>1.11.1</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.4</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>select2</artifactId>
<version>3.5.2</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>select2-bootstrap-css</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>angularjs</artifactId>
<version>1.3.15</version>
</dependency>
I use a configuration like this in a my open source projects and works for me
the key point is that you have say at Spring Secuirty that don't secure the resource url
for the resorce url Spring boot autoconfiguration make the work for you it is the motivation of webjars as sample of usage
you can see the complete set of avaiable webjars at the link http://www.webjars.org/
I hope that this can help you
Related
How can I bypass token authentication for Swagger-UI from browser?
I can make requests to Swagger-UI via Postman.
When I make a request from the browser, I get an error because it requests a token.
http://localhost:8080/swagger-ui/index.html
How can I fix?
pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.7.4</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.14</version>
</dependency>
Main class
#SpringBootApplication
public class ExampleMain {
public static void main(String[] args) {
SpringApplication.run(ExampleMain.class, args);
}
}
Security class
#Configuration
#EnableWebSecurity
public class SecurityConfig {
private JwtConverter wtConverter;
public SecurityConfig(JwtConverter jwtConverter) {
this.jwtConverter = jwtConverter;
}
#Bean
public SecurityFilterChain configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/swagger-ui/**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtConverter);
return http.build();
}
}
Apart from /swagger-ui/**, you should also permit access to OpenAPI documentation and Swagger resources:
...antMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources").permitAll()
I followed this link: a Chinese introduction article, according to it, I only need to add the dependencies in pom.xml. (./v2/api-docs has been always working.)
It used to work, but today it breaks.
my swagger dependencies in pom.xml file
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
I am using spring boot 2.3.3, and swagger 2.9.2 .
in SwaggerConfig.java,
add below codes:
#Configuration
#EnableSwagger2
public class SwaggerConfig extends WebMvcConfigurationSupport {
...
#Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
// 解决静态资源无法访问
registry.addResourceHandler("/**")
.addResourceLocations("classpath:/static/");
// 解决swagger无法访问
registry.addResourceHandler("/swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
// 解决swagger的js文件无法访问
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
}
With newer versions of spring boot, this can be achieved with a property:
spring.resources.static-locations=classpath:/static/,classpath:/static/vendor/,classpath:/static/custom/
Also, make sure you configure SpringSecurity class to accept requests to this resources
#Override
public void configure(WebSecurity web)
{
web.ignoring()
.antMatchers( "/static/**","/resources/**", "/js/**", "/css/**", "/images/**");
}
I'm following this tutorial : https://www.baeldung.com/spring-boot-security-autoconfiguration to add Simple Auth. to my Spring Boot Project. When i try to run my application i always get this error :
Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NoSuchMethodError: org.springframework.util.Assert.isTrue(ZLjava/util/function/Supplier;)V
IDK why im getting this or is this related something about Version problem. Do you guys have any idea about this ?
You can relate your question with this answer
pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
security configuration class
#Configuration
#EnableWebSecurity
public class Config extends WebSecurityConfigurerAdapter{
#Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("username")
.password("password")
.roles("ADMIN","USER");
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/greetings").hasRole("ADMIN")
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
A simple restController
#GetMapping("/greetings")
public String greetings(){
return "Hello World!";
}
this is the basic security using memory authentication. you can relate your pom.xml and configuration.class, In most cases spring-boot, resolves the versions by default.
I created a springboot application with spring security dependencies.
I following some tutorials and most of the say the same. I add the dependencies needed and then create a websecurityconfig file. I created these and when I run the project on my local host it works fine. I pushed my application to a remote server and I am not seeing the login page.
Here are my list of dependencies
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
And here is my websecurity config
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
LdapConfig ldapConfig;
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
#Bean
public UserDetailsContextMapper userDetailsContextMapper() {
return new CustomUserDetailsContextMapper();
}
#Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>.ContextSourceBuilder contextSourceBuilder = auth.ldapAuthentication()
.userSearchBase(ldapConfig.getUserSearchBase())
.userSearchFilter(ldapConfig.getUserSearchFilter())
.groupSearchBase(ldapConfig.getGroupSearchBase())
.groupSearchFilter(ldapConfig.getGroupSearchFilter())
.groupRoleAttribute(ldapConfig.getGroupRoleAttribute())
.userDetailsContextMapper(userDetailsContextMapper())
.contextSource();
if (ldapConfig.getPort() != null) {
contextSourceBuilder.port(ldapConfig.getPort());
}
contextSourceBuilder
.root(ldapConfig.getRoot())
.url(ldapConfig.getUrl())
.managerDn(ldapConfig.getManagerDn())
.managerPassword(ldapConfig.getManagerPassword());
}
}
This has eaten up a lot of my time, any one Please help me...
Are you getting a Not Authorized when trying to get to the login page ?
Because it looks like you are requiring someone to already be authenticated to access it.
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
You'll need something similar to
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
to allow the login page to be reached.
I want to use Spring Security 4.0.3 in my project but I don't really know how to do this in combination with the other technologies:
Vaadin 7.5.8
Vaadins official Spring Addon 1.0.0
Spring 4.2.1
Tomcat 8 Server
I read a few articles about Vaadin and Spring Security but i didn't found anything about integreting it with the official Vaadin Spring Addon.
Because I'm new to Vaadin I followed Vaadins official Spring tutorial and the Spring Security documentation. I want to setup my project without Spring Boot! Currently I got the following:
#WebListener
public class MyContextLoaderListener extends ContextLoaderListener
{
}
#WebServlet(value = "/*", asyncSupported = true)
public class Servlet extends SpringVaadinServlet
{
}
#EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
#Autowired
UserDetailsService userDetailsService;
#Bean
public PasswordEncoder passwordEncoder()
{
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
#Override
protected void configure(HttpSecurity http) throws Exception
{
// #formatter:off
http
.authorizeRequests()
.antMatchers("/VAADIN/**", "/UIDL/**", "/login**", "/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/#!", true).permitAll()
.and()
.logout().permitAll()
.and()
.csrf().disable();
// #formatter:on
// TODO plumb custom HTTP 403 and 404 pages
/* http.exceptionHandling().accessDeniedPage("/access?error"); */
}
}
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer
{
}
My pom.xml looks like this:
[...]
<spring.version>4.2.1.RELEASE</spring.version>
<spring.security.version>4.0.3.RELEASE</spring.security.version>
[...]
<dependencies>
[...]
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-spring</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>
[...]
Now I'm asking myself if I implemented it the right way. Preferably I don't want to use a web.xml instead I want to use Java configuration.
The server starts without an error but when I open the URL I get the following error message:
HTTP Status 404 - Request was not handled by any registered handler.
Can anyone help me?
EDIT:
I don't know if I'm on the right way but I added an asterisk to "/*" in the annotation of the SpringVaadinServlet:
#WebServlet(value = "/**", asyncSupported = true)
Now after the browser redirects to http://localhost:8080/myApp/login I get a normal 404 Not Found without anything...