I was wondering how can I disable the secure connection between cache host and cluster. I am using XML based config and I couldn't find any source for this. In default it is secure but it is not important for me so I want to disable it. Any help is appreciated.
Thanks.
I am not completely certain about what you mean, but security configuration server side can be found here and client side here.
Related
I am trying to setup a simple https security using certificates for my Nifi server. I am able to setup the secure connection by setting
nifi.security.keystore=.../nifiuser.jks and installing certifcates etc.
When I access through Web UI , i get :
No applicable policies could be found. Contact the system administrator.
I think i need to configure "authorizers.xml" but I dont know how. I just want "nifiuser" to have all admin rights.
Please help! Thank you
There are a lot of docs and posts that describe how to do this:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizer-configuration
https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
After successfully setting up a cloud config server and confirming that all works as expected I ran into this issue but I'm not sure if it's supported or the best way to go.
We follow the database-per-service pattern so as an experiment I committed a dev and staging file containing the db connection details of each service so that if we needed to make changes to the server address and credentials we only needed to do it in the config repo.
I have set this up correctly and I confirm that the changes are indeed being propagated from the config server to the clients.
It was only after doing all of this did I notice that even though the services got the updated database details it DID NOT switch its connection.
Is this possible? The only way I could do this was if I restarted the service and that kinda defeats the purpose of having all of this in place. I tried toying with the connection timeouts but it didn't help. The service was still connected to the previous connection.
So it appears a simple addition of the #RefreshScope to my controller did the trick. Thanks to Spring's David Syer for the insight.
For stormpath to work, is the internet a must?
I want to implement user management on my springboot server hosted for LAN, where the internet might not be available at times.
If this is not possible, what are the other options possible?
Yes, a connection is required, as user info is stored by Stormpath. If your connection is intermittent, enabling caching could help.
For my use case, where I was avoiding cloud based user authentication, I used Spring MVC with JPA, Spring Security with user details stored in my local mysql database.
Following link is one of the best tutorial I could find on the same topic.
https://medium.com/#gustavo.ponce.ch/spring-boot-spring-mvc-spring-security-mysql-a5d8545d837d#.gwxd1jdkj
I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.
i'm confused with the relationship between the file security.xml and inbound/outbound SSL from attached picture within websphere application server.
file security.xml locates under this path PROFILE_HOME/config/cells/CELL_NAME
if i make security disabled by setting the enable property as false from that secuirty.xml, is the SSL function also being disabled? that also means, if enable set as **true**, that SSL enabled accordingly.
Please correct me if i'm understanding wrongly.
In general security and SSL are not the same but there is a strong relationship there.
If security is enabled then SSL might be enforced in certain communications. As Davanum srinivas mentioned, the communication between the node agents and dmgr start using SSL. The deployment descriptors entries which mandate confidentiality would start enforcing when security is enabled etc.
HTH