how to change the session id length in spring boot - session

I am using spring boot for a webapp running on embedded tomcat. I want to change the session id length from the default 16 bytes to 32 bytes.
I had a look into this post
Session Id Length in Tomcat
and learnt that we can provide the following in the tomcat config file context.xml
How do we do the equivalent in spring boot?
I mean how do we do that programatically?

This did the trick:
context.getManager().getSessionIdGenerator().setSessionIdLength(32);
where context is the context you get when you extend TomcatContextCustomizer class

Related

jasypt encryption not working in spring boot

I want to do encryption for some sensitive data in application.properties file of spring boot application.
for that I have used jasypt-spring-boot-starter plugin .
also used #EnableEncryptableProperties tag on spring application.
I have encrypted access key for my database and written its encrypted value in the property file.
com.test.SharedAccessKey=ENC(vfQQ9veC1G+RV8BC0VA==)
also provided in property file
jasypt.encryptor.password=secretpassword
jasypt.encryptor.algorithm=PBEWithMD5AndDES
I am accessing this property in spring boot application as followes
#Value("${com.test.SharedAccessKey}")
public String shareAcessKey;
But logger.info(shareAcessKey) print as it is ENC(vfQQ9veC1G+RV8BC0VA==)
what I am missing in above , can anyone help.
Issue was resolved . I have done some configuration in my spring Configuration class #Configuration related to property file.
as set property place holder configure to setIgnoreUnresolvablePlaceholders
after removing above code . Jasypt password is got picked up.

About map properties to java class in spring boot 2

I want to convert properties to map, see below
field2ZhNameMap.platform=平台
==>
private Map<String,String> field2ZhNameMap;
In Spring boot 1.5.6 start the app in tomcat it's OK, but use sprint boot 2.0.0.M7 start the app in tomcat I got below error
Caused by: org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under '' to com.foo.bar.util.Field2ZhNameProperties
at org.springframework.boot.context.properties.bind.Binder.handleBindError(Binder.java:227)
Caused by: java.lang.IllegalArgumentException: PropertyName must not be empty
at org.springframework.util.Assert.hasLength(Assert.java:233)
at org.springframework.boot.origin.PropertySourceOrigin.<init>(PropertySourceOrigin.java:41)
After debuging source code I found start the app in tomcat it has a JndiPropertySource which caused above problem. So I have to explicitly disable JndiPropertySource by specify spring.jndi.ignore=true in a spring.properties to solve this problem.
In addition I found these classes like Binder do not exist in 1.5.6, it seems it has a big change from 1.5.6 to 2.0.0. So I want to know if has some documents record these change and guide how to correctly map properties to java class in spring boot 2?
For me, upgrade to Spring Boot 2.0.1.RELEASE on Tomcat 8.5.30 resolved PropertyName must not be empty

How to load spring config xml ${ } values from spring boot application properties

Camel Spring Boot application version 2.20.1
How to load the application.properties values to spring config xml parameter on start up ?
For eg: few parameters are defined as follows :-
eas.ssl.key-store-type = JKS
eas.ssl.key-store-password = *****
eas.ssl.key-store = filelocation
Now the same need to be configured in Spring Config XML on startup as follows :
<sec:keyStore type="${eas.ssl.key-store-type}" password="${eas.ssl.key-store-password}" file="${eas.ssl.key-store}" />
In logs,I could see the properties from application properties are detected as expected
PropertySourcesPropertyResolver : Found key 'eas.ssl.key-store-password'
However it looks like on the keys are not applied to config xml as values.
The errors log states:-
org.apache.cxf.transport.https.SSLUtils : The key store password has not
been set via a system property or through configuration, reading data from
the keystore will fail.
As mentioned in my latest comment my primary issue was related to SSL HandshakeException (No appropraite protocol found). And I was working with JDK 1.8.
Later I realized it was cipher filter "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256" was not supported with jdk 8. Once I changed to "TSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256" all started working as expected.
A hint to solution got from this site :
http://www.ateam-oracle.com/tls-and-java/

Spring #Scheduled job - Get base application path

I have a Spring MVC application and in it I am running a periodic job using a class with method annotated as #Scheduled
In this method, I want to get the base application path i.e. http://localhost:8080/ or http://www.mywebsite.com/ based on whether this is my local system or production system.
How can I do this? I do not have access to HttpServletRequest because this is not a Controller class.
Any hints would be appreciated
In my opinion it is a good idea to use profiles and store properties like base application path in properties file - where each environment has its own property file: config_dev.properties, config_production.properties
Once they are there you can load them in job-like classes using Environment (described on SpringSource blog).
How to configure Tomcat and Spring to use profiles: Spring 3.1 profiles and Tomcat configuration
Put a myconfiguration.properties out of your application, to let the application know that whether its running locally or in production. And then in your method annotated as #Scheduled just read the Property file.
String configPath = System.getProperty("config.file.path");
File file = new File(configPath);
FileInputStream fileInput = new FileInputStream(file);
Properties properties = new Properties();
properties.load(fileInput);
And provide the agrument,
-Dconfig.file.path=/path/to/myconfiguration.properties
when running your application server (or container). This can be done by putting,
JAVA_OPTS="$JAVA_OPTS -Dconfig.file.path=/path/to/myconfiguration.properties"
at the beginning (roughly) of the script, which is used while running your application server.
For tomcat its catalina.sh
For Jboss AS its run.sh
For weblogic its setDomainEnv.sh
And After doing that start your server and deploy your application. Finally, your #Scheduled method should know the information it needs. As the property file is outside of the application, you can change the value of the property when you want without rebuilding the application or without even disturbing it!
just add this code in your web.xml
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>my.root.path</param-value>
</context-param>
and use it your code as a system properties

Overriding the default session manager with embedded tomcat 7 java

I am trying to override the tomcat session manager with an embedded tomcat.
These are the steps preformed in-order to load the context.xml that defines the manager entity.
..
Context context = tomcat.addWebapp(contextPath, appBase);
File configFile = new File ("D:\\context.xml");
context.setConfigFile(configFile.toURI().toURL());
tomcat.start();
..
The session manager seems to be recognized as it's constructor is being invoked but the startInternal() method is never invoked and the session manager being used is the old tomcat session manager.
The weird thing is that when defining the same configuration in a non embedded tomcat, the session manager is being overridden without problems.
Would appriciate any help on the subject.
Non embedded tomcat uses server.xml and embedded tomcat does not uses server.xml file rather we need to pass the arguments in the method.

Resources