When it receives first request it initiates dispatcherServlet 2 times. Then all requests to this app is served 2 times. It's happening on Linux only not on Windows. Log entries below:
[2016-01-20 10:52:39.125] boot - 3367 INFO [http-nio-8090-exec-1] --- [/]: Initializing Spring FrameworkServlet 'dispatcherServlet'
[2016-01-20 10:52:39.125] boot - 3367 INFO [http-nio-8090-exec-1] --- [/]: Initializing Spring FrameworkServlet 'dispatcherServlet'
[2016-01-20 10:52:39.129] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization started
[2016-01-20 10:52:39.129] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization started
[2016-01-20 10:52:39.156] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization completed in 27 ms
[2016-01-20 10:52:39.156] boot - 3367 INFO [http-nio-8090-exec-1] --- DispatcherServlet: FrameworkServlet 'dispatcherServlet': initialization completed in 27 ms
App has dependency to: spring-boot-starter-tomcat, spring-boot-starter-web
It main class and controller:
#RestController
class LogController {
public static final Logger LOG = LoggerFactory.getLogger(LogController.class);
#RequestMapping("/getErrors")
public Map<String, String> getErrors() {
//call to methods
}
}
#EnableConfigurationProperties
#SpringBootApplication
#EnableScheduling
//#EnableWebMvcSecurity
public class LogAppConfiguration {
public static void main(String[] args) {
SpringApplication.run(LogAppConfiguration.class, args);
}
}
I have tried removing the EmbeddedServletContainerFactory bean(not shown above). Still it occurs.
Related
I'm trying to create multiple dispatcherservlet ("/rest/", "/jsp/", "mq/*"). Springboot initialises only one dispatcherservlet.
i have two bean creation methods for DispatcherServletRegistrationBean in order to create two dispatcher servlet. I has set the order and precedence level for both beans. When i start the application, only one of the dispatcherservlet is getting Initialised. In this case, it is "restDisparcher" (please look for console output). what should i do in order to setup multiple dispatcher servlet.
#SpringBootConfiguration
public class AppConfiguration {
#Bean
#Primary
public DispatcherServletRegistrationBean dispatcherServletRegistrationBeanRest() {
DispatcherServlet dispatcherServlet = new DispatcherServlet(new AnnotationConfigServletWebApplicationContext("com.michael.springsecurityentitlement.rest"));
DispatcherServletRegistrationBean dispatcher = new DispatcherServletRegistrationBean(dispatcherServlet , "/rest/*");
dispatcher.setName("restDispatcher");
dispatcher.setLoadOnStartup(1);
dispatcher.setOrder(Ordered.HIGHEST_PRECEDENCE);
return dispatcher;
}
#Bean
public DispatcherServletRegistrationBean dispatcherServletRegistrationBeanJsp() {
DispatcherServlet dispatcherServlet = new DispatcherServlet(new AnnotationConfigServletWebApplicationContext("com.michael.springsecurityentitlement.jsp"));
DispatcherServletRegistrationBean dispatcher = new DispatcherServletRegistrationBean(dispatcherServlet , "/jsp/*");
dispatcher.setName("restDispatcher");
dispatcher.setLoadOnStartup(1);
dispatcher.setOrder(Ordered.HIGHEST_PRECEDENCE);
return dispatcher;
}
#Bean
public TomcatServletWebServerFactory servletWebServerFactory() {
TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory("/custom",8081);
return tomcatServletWebServerFactory;
}
public static void main(String[] args) {
SpringApplication app = new SpringApplication(AppConfiguration.class);
app.run(args);
}
}
Console:
2021-03-04 12:09:39.015 INFO 1108 --- [ main] c.m.s.AppConfiguration : Starting AppConfiguration using Java 15.0.2 on ASINTHs-MacBook-Pro.local with PID 1108 (/Users/asinth/git/spring-security-entitlement/target/classes started by asinth in /Users/asinth/git/spring-security-entitlement)
2021-03-04 12:09:39.030 INFO 1108 --- [ main] c.m.s.AppConfiguration : No active profile set, falling back to default profiles: default
2021-03-04 12:09:39.539 INFO 1108 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8081 (http)
2021-03-04 12:09:39.551 INFO 1108 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2021-03-04 12:09:39.551 INFO 1108 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.43]
2021-03-04 12:09:39.704 INFO 1108 --- [ main] o.a.c.c.C.[.[localhost].[/custom] : Initializing Spring embedded WebApplicationContext
2021-03-04 12:09:39.704 INFO 1108 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 635 ms
2021-03-04 12:09:39.806 INFO 1108 --- [ main] o.s.boot.web.servlet.RegistrationBean : Servlet restDispatcher was not registered (possibly already registered?)
2021-03-04 12:09:39.880 INFO 1108 --- [ main] o.a.c.c.C.[.[localhost].[/custom] : Initializing Spring DispatcherServlet 'restDispatcher'
2021-03-04 12:09:39.881 INFO 1108 --- [ main] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'restDispatcher'
2021-03-04 12:09:40.131 INFO 1108 --- [ main] o.s.web.servlet.DispatcherServlet : Completed initialization in 250 ms
2021-03-04 12:09:40.136 INFO 1108 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8081 (http) with context path '/custom'
2021-03-04 12:09:40.155 INFO 1108 --- [ main] c.m.s.AppConfiguration : Started AppConfiguration in 2.093 seconds (JVM running for 3.252)
I think the problem is your dispatcher name. Set different names for different Dispatcher and it should works. Maybe like this :
#SpringBootApplication
public class AppConfiguration {
#Bean
#Primary
public DispatcherServletRegistrationBean dispatcherServletRegistrationBeanRest() {
DispatcherServlet dispatcherServlet = new DispatcherServlet(new AnnotationConfigServletWebApplicationContext("com.michael.springsecurityentitlement.rest"));
DispatcherServletRegistrationBean dispatcher = new DispatcherServletRegistrationBean(dispatcherServlet , "/rest/*");
dispatcher.setName("restDispatcher");
dispatcher.setLoadOnStartup(1);
dispatcher.setOrder(Ordered.HIGHEST_PRECEDENCE);
return dispatcher;
}
#Bean
public DispatcherServletRegistrationBean dispatcherServletRegistrationBeanJsp() {
DispatcherServlet dispatcherServlet = new DispatcherServlet(new AnnotationConfigServletWebApplicationContext("com.michael.springsecurityentitlement.jsp"));
DispatcherServletRegistrationBean dispatcher = new DispatcherServletRegistrationBean(dispatcherServlet , "/jsp/*");
dispatcher.setName("jspDispatcher");
dispatcher.setLoadOnStartup(1);
dispatcher.setOrder(Ordered.HIGHEST_PRECEDENCE);
return dispatcher;
}
#Bean
public TomcatServletWebServerFactory servletWebServerFactory() {
TomcatServletWebServerFactory tomcatServletWebServerFactory = new TomcatServletWebServerFactory("/custom",8081);
return tomcatServletWebServerFactory;
}
public static void main(String[] args) {
SpringApplication.run(AppConfiguration.class, args);
}
}
I have this controller:
#RestController
public class NumbersController {
#PreAuthorize("hasRole('ROLE_ONE')")
#GetMapping("/one")
private String one(){
return "This is one.";
}
#PreAuthorize("hasRole('ROLE_TWO')")
#GetMapping("/two")
private String two(){
return "This is two.";
}
}
And this security configuration:
#Configuration
#EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends GlobalMethodSecurityConfiguration {
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
auth
.inMemoryAuthentication()
.withUser("user").password(encoder.encode("password")).roles("ONE");
auth
.inMemoryAuthentication()
.withUser("user2").password(encoder.encode("password2")).roles("TWO");
}
}
And while running both of my users can access both of the resources. What I want is only for user to be able to access /one and only for user2 to access /two.
I also tried using #Secured("ONE") with the same result.
Console output:
2021-01-14 16:10:20.026 INFO 4376 --- [ main] security.security.SecurityApplication : Starting SecurityApplication on Ivan-PC with PID 4376 (D:\Z\security\target\classes started by Ivan in D:\Z\security)
2021-01-14 16:10:20.041 INFO 4376 --- [ main] security.security.SecurityApplication : No active profile set, falling back to default profiles: default
2021-01-14 16:10:24.363 INFO 4376 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2021-01-14 16:10:24.378 INFO 4376 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2021-01-14 16:10:24.378 INFO 4376 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.41]
2021-01-14 16:10:24.565 INFO 4376 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2021-01-14 16:10:24.565 INFO 4376 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 4321 ms
2021-01-14 16:10:25.221 INFO 4376 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2021-01-14 16:10:25.860 INFO 4376 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#57a48985, org.springframework.security.web.context.SecurityContextPersistenceFilter#17740dae, org.springframework.security.web.header.HeaderWriterFilter#14bf57b2, org.springframework.security.web.csrf.CsrfFilter#48535004, org.springframework.security.web.authentication.logout.LogoutFilter#3cee53dc, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#67440de6, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter#35835e65, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter#1ab6718, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#7ce7e83c, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#345cf395, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#7144655b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#3910fe11, org.springframework.security.web.session.SessionManagementFilter#14379273, org.springframework.security.web.access.ExceptionTranslationFilter#cfbc8e8, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#49293b43]
2021-01-14 16:10:25.969 INFO 4376 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2021-01-14 16:10:25.985 INFO 4376 --- [ main] security.security.SecurityApplication : Started SecurityApplication in 6.771 seconds (JVM running for 8.031)
2021-01-14 16:10:29.847 INFO 4376 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2021-01-14 16:10:29.848 INFO 4376 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2021-01-14 16:10:29.870 INFO 4376 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 22 ms
The requests are made with Postman to http://localhost:8080/two and using the authorization fields.
Check this if it helps,
We can configure multiple HttpSecurity instances just as we can have multiple blocks. The key is to extend the WebSecurityConfigurerAdapter multiple times. For example, the following is an example of having a different configuration for URL’s that start with /api/.
#EnableWebSecurity
public class MultiHttpSecurityConfig {
#Bean
public UserDetailsService userDetailsService() throws Exception {
// ensure the passwords are encoded properly
UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("user").password("password").roles("USER").build());
manager.createUser(users.username("admin").password("password").roles("USER","ADMIN").build());
return manager;
}
#Configuration
#Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests(authorize -> authorize
.anyRequest().hasRole("ADMIN")
)
.httpBasic(withDefaults());
}
}
#Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.formLogin(withDefaults());
}
}
}
Configure Authentication as normal
Create an instance of WebSecurityConfigurerAdapter that contains #Order to specify which WebSecurityConfigurerAdapter should be considered first.
The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start with /api/
Create another instance of WebSecurityConfigurerAdapter.
If the URL does not start with /api/ this configuration will be used.
This configuration is considered after ApiWebSecurityConfigurationAdapter since it has an #Order value after 1 (no #Order defaults to last).
Try out this in your SecurityConfig class
#EnableGlobalMethodSecurity(
prePostEnabled = true,
jsr250Enabled = true)
The prePostEnabled property enables Spring Security pre/post annotations
The jsr250Enabled property allows us to use the #RoleAllowed annotation
I am new to Spring and Spring Boot and I played around with different ways how to resolve Beans. In my example I've got a Bean that should always be a singleton. What surprises me is that there seems to be a way where this bean is resolved as, I assume, "prototype".
Could anyone explain to me why it's not a singleton when it is resolved in the signature of the method showSingletonBeans?
#SpringBootApplication
class DemoApplication
fun main(args: Array<String>) {
runApplication<DemoApplication>(*args)
}
#Service("stackSingletonBean")
// #Scope("singleton")
class MySingletonBean {
init {
println("Created MySingletonBean " + this.hashCode())
}
}
#RestController
class MyController {
#Autowired
// #Qualifier("singletonBean")
lateinit var memberSingletonBean: MySingletonBean
#Autowired
lateinit var singeltonFactory: ObjectFactory<MySingletonBean>
fun buildSingleton() : MySingletonBean {
return singeltonFactory.`object`
}
#Lookup
fun getSingletonInstance() : MySingletonBean? {
return null
}
#GetMapping("/")
fun showSingletonBeans(#Autowired stackSingletonBean: MySingletonBean) {
println("member " + memberSingletonBean.hashCode() )
println("stack " + stackSingletonBean.hashCode())
println("lookup:" + getSingletonInstance().hashCode())
println("factory: " + buildSingleton().hashCode())
}
}
The log looks like that:
2020-08-13 18:44:32.604 INFO 172175 --- [ main] com.example.demo.DemoApplicationKt : No active profile set, falling back to default profiles: default
2020-08-13 18:44:33.118 INFO 172175 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-08-13 18:44:33.124 INFO 172175 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-08-13 18:44:33.124 INFO 172175 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.37]
2020-08-13 18:44:33.164 INFO 172175 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-08-13 18:44:33.164 INFO 172175 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 528 ms
Created MySingletonBean 1747702724
2020-08-13 18:44:33.286 INFO 172175 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-08-13 18:44:33.372 INFO 172175 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2020-08-13 18:44:33.379 INFO 172175 --- [ main] com.example.demo.DemoApplicationKt : Started DemoApplicationKt in 1.011 seconds (JVM running for 1.24)
2020-08-13 18:44:37.341 INFO 172175 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-08-13 18:44:37.341 INFO 172175 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-08-13 18:44:37.344 INFO 172175 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 3 ms
Created MySingletonBean 562566586
member 1747702724
stack 562566586
lookup:1747702724
factory: 1747702724
Created MySingletonBean 389331797
member 1747702724
stack 389331797
lookup:1747702724
factory: 1747702724
Resolving controller method parameters is actually quite different mechanism. It has nothing to do with dependency injection and the #Autowired annotation: the annotation can be removed and it won't change the behavior.
Although #Autowired can technically be declared on individual method or constructor parameters since Spring Framework 5.0, most parts of the framework ignore such declarations. The only part of the core Spring Framework that actively supports autowired parameters is the JUnit Jupiter support in the spring-test module (see the TestContext framework reference documentation for details).
https://docs.spring.io/
In your case, the stackSingletonBean is instantiated by the ModelAttributeMethodArgumentResolver. It's not aware of the #Service annotation nor of its scope: it simply uses the default constructor on each request.
Model attributes are sourced from the model, or created using a default constructor and then added to the model.
Note that use of #ModelAttribute is optional — for example, to set its attributes. By default, any argument that is not a simple value type( as determined by BeanUtils#isSimpleProperty) and is not resolved by any other argument resolver is treated as if it were annotated with #ModelAttribute. Web on Reactive Stack
Restriction for localhost is not working in SpringBoot web security.By commenting the configure method content, URL(http://127.0.0.1:8080/SPPA/runSPPAJob) is working otherwise error comes.
Code:
#EnableWebSecurity
#Configuration
public class AllowOnlyLocalhostFilter extends WebSecurityConfigurerAdapter
{
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/SPPA/**").
access("hasIpAddress('127.0.0.1')").anyRequest().authenticated();
}
}
Web Page Response:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon May 29 16:05:46 IST 2017
There was an unexpected error (type=Forbidden, status=403).
Access Denied
Log:
2017-05-29 16:05:46.482 INFO 3644 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/SPPA] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-29 16:05:46.482 [http-nio-8080-exec-1] INFO
o.a.c.c.C.[.[localhost].[/SPPA]-Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-05-29 16:05:46.485 INFO 3644 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-05-29 16:05:46.485 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization started
2017-05-29 16:05:46.684 INFO 3644 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 199 ms
2017-05-29 16:05:46.684 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization completed in 199 ms
I am using Spring boot starter project with maving pluging,
spring boot can't know the links in my HTML templates.
this is my controller :
#Controller
#EnableAutoConfiguration
#ComponentScan
public class Demoproject2Application {
#RequestMapping("/")
public String home() {
return "/html/Authentification";
}
}
and this is the Authentification.HTML:
<!DOCTYPE html>
<html>
<head>
<title>Authentification</title>
<link rel="stylesheet" type="text/css" href="css/style2.css" />
and this is the error :
2015-02-19 14:29:58.749 INFO 5136 --- [nio-8090-exec-1] o.a.c.c.C.[Tomcat]. [localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2015-02-19 14:29:58.749 INFO 5136 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2015-02-19 14:29:58.774 INFO 5136 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 25 ms
2015-02-19 14:29:59.086 WARN 5136 --- [nio-8090-exec-2] o.s.web.servlet.PageNotFound : No mapping found for HTTP request with URI [/css/style2.css] in DispatcherServlet with name 'dispatcherServlet'
2015-02-19 14:30:00.813 WARN 5136 --- [nio-8090-exec-4]o.s.web.servlet.PageNotFound
here is a snapshot of the hierarchy of my project :
https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-xfp1/v/t1.0-9/11011221_811266045595770_3095529215585152558_n.jpg?oh=a51a1196651bd62c81a76679869c1bdd&oe=558FD62B&gda=1431221666_e2d5202a80db81801ed9903c48014130
If you didn't changed any defaults it should be served when you put it into src/main/resources/static/css/style2.css. Please see official documentation.