I am trying to run a simple Spring app with Hystrix Dashboard. I have also enabled Spring security on this app, as the hystrix.streams I want to monitor are security enabled.
When I access the dashboard url, I get redirected to a login page as expected to get my token, and then after login, I see the dashboard page. I then paste in the url of a hystrix.stream that I wish to monitor and press monitor, however, the next page simply has "Loading..." for both Circuit and Thread pools. I am running this in a PCF environment :
I can see in the Gradle Dependencies for the project that the version of Hystrix that Spring Cloud Starter is including is 1.4.0-RC6. I download the war for hystrix-dashboard 1.4.0-RC6 from here, and ran that, and noticed that even though I pasted in a correct token in the Authorization window, the effect was the same as the Spring Cloud Hystrix Dashboard - stuck in "Loading..."
When I ran hystrix-dashboard wars versions 1.4.3 and higher, there was no issue.
Perhaps the version of hystrix in Spring Cloud Hystrix needs to be updated?
For gradle we recommend using dependency-management-plugin as the gradle policies for resolving dependencies can cause problems.
Related
I have created a sample SOAP Web Service project (spring boot) and trying to integrate Okta as a resource server for authentication.
I am able to deploy the application to WebLogic, but when testing the service using SOAP UI, it gives the response even when there is no Token included in the header.
When I access WSDL from a browser using my wsdl url, http://myhost:port/appservice/app.wsdl I see the 401 error, so I think it is picking up the Security config changes. But it is not working for SOAP requests, I would get response even with out Okta token.
Is it because for SOAP requests, do I need to include any interceptors on top of Security Config java file. Or am I taking a wrong path for security with SOAP. Can someone let me know what am I missing or point me to right direction. Is token validation part of WS-Security? or the authentication manager in Okta resource server enough for this?
I followed this documentation to create it.
I have read most of the SO questions related to this and spring documentation, but could not connect the missing dots. Please help me with this. After spending lot of time, I felt like I was moving in circles.
UPDATE:
I have enabled spring security debug logs by doing below
#EnableWebSecurity(debug=true)
logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
UPDATE2:
I haven't made any big changes to my configuration, but when I ran the project on embedded tomcat locally, it started working. To run on Tomcat, I changed packaging from war to jar, excluded Tomcat in my POM and in my Main class, I had to remove the SpringBootServletInitializer and WebApplicationInitializer. That's it. I tested SOAP UI with the Okta bearer token and it gave me response. With out the token it did not give me response.
Spring Security not working only in case of WebLogic12c. I don't know what I am missing to include for that to work in WebLogic. when deployed through Tomcat, request is passed through all the beans in Security Filter Chain {
WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter,
LogoutFilter,
BearerTokenAuthenticationFilter,
RequestCacheAwareFilter,
SecurityContextHolderAwareRequestFilter,
AnonymousAuthenticationFilter,
SessionManagementFilter,
ExceptionTranslationFilter,
FilterSecurityInterceptor}
But on WebLogic, the request is passed only through first four beans in Security Filter Chain {WebAsyncManagerIntegrationFilter,
SecurityContextPersistenceFilter,
HeaderWriterFilter,
CsrfFilter}
I just wanted to update the alternate solution I found for this problem, for completeness.
Spring Security Filter chain was not working for Weblogic, where as same was working in Tomcat, even for Weblogic version 12.2.1.4.
I had followed this example, and implemented Okta filter as spring boot version was not working in Weblogic 12.2.1.4.
Thanks to #Toerktumlare, I have implemented logging with logback-spring.xml
Sorry, cant post images with low reputation)
Here is my settings:
Spring Boot: 2.3.0.RELEASE
secret
build.gradle
Intellij Idea IDE Run/Debug Configuration
I have this app working at Pivotal Cloud Foundry. I have runing Remote App and after build through IDE or using
./gradlew clean assemble
I get
Exception in thread "File Watcher" java.lang.IllegalStateException: Unexpected 404 NOT_FOUND response uploading class files
error
Ok, so after looking through your demo app I believe the issue is that you're using Spring Webflux and that's not supported at the moment.
The remote devtools functionality is only available with Spring WebMVC & Servlet. See this Github issue for reference: https://github.com/spring-projects/spring-boot/issues/13092#issuecomment-387350811
I haven't done any UI setup at all, but when I go to localhost:8080 on a spring boot 2.1.3 app that I start up, I get redirected to localhost:8080/login. Is there something being bundled with spring boot on the frontend, and how do I get rid of it? I want to put my own frontend app in. Right now I am just testing API calls, but later I will want to put in my own frontend part.
The redirect to a login page is part of spring-security.
You can either remove the dependency to spring-security in your maven or gradle setup or disable the login redirection:
How can I disable spring form based login for RESTful endpoints?
How to disable spring-security login screen?
Spring security without form login
I'm trying to adapt Vaadin Spring Boot QuickTickets Dashboard example with my project needs. Everything is working fine except I'm unable to access another (not Vaadin UI) URLs. For example, I have Spring Boot Actuator endpoint - http://localhost:8080/actuator/health but when I try to access it, the application wrongly redirects me to http://localhost:8080/actuator/health#!dashboard. Pretty much the same behavior with my custom login page(not Vaadin UI) - http://localhost:8080/login. I also unable to access it.
How to correctly setup Vaadin to be able to access Spring Boot Actuator endpoints and my custom login page also?
You need to map the servlet to a different path. I think the problem is that the Vaadin-Servlet is mapped to / an is processing all requests.
Adding the following to you application.properties should do the trick.
vaadin.servlet.urlMapping = /myapp/*
Of course the URL of the app changes accordingly.
I am trying to enable a hystrix stream in a Spring Cloud service, using Camden.SR1 in a spring boot app.
I enable hystrix by having a compile-time dependency:
compile 'org.springframework.cloud:spring-cloud-starter-hystrix'
and by adding a #EnableHystrix in the Application configuration.
The /mappings actuator shows the /hystrix.stream endpoint available but when I do a GET on it, the request hangs indefinitely.
I have tried the same using Brixton.SR6 (thus using Spring Boot 1.3) and the hystrix.stream endpoint works as expected.
Am I doing something wrong or is this a regression?
This issue seems linked with the Hystrix issue described here: https://github.com/Netflix/Hystrix/issues/1117. The workaround detailed here solves it https://github.com/Netflix/Hystrix/issues/1117#issuecomment-192222569
/hystrix.stream becames available amongst the actuator endpoints (add spring-boot-starter-hateoas and browse to /actuator). Regardless of any hystrix-enabled functionality in this service, this advertised endpoint should not hang.