In our project we have to update the spring jars to the latest provided across our company.
In this process I updated spring jars from 3.1.1 to 3.2.4 and spring security jars(spring-security-config,spring-security-core,spring-security-taglibs,spring-security-web) from 3.1.1 to 3.1.4
Once this update is done, My application is behaving in a strange manner.
If I am idle on the application for few secs (10sec), I am getting access denied and my application is redirecting to login page.
I rolled back spring security related jar back to 3.1.1 after which it is behaving good.
But I have to update security jars also
Can someone let me know the reason why I am ending in that scenario with spring security 3.1.4 jars?
we had a same issue one of my senior developer has workaround by pinging or hitting all the application URL before reaching the idle window time for 10s or 15s , then application was stable now , but this was an very annoying behavior!..
we are using spring-security for 3.1.0.release...
Related
I've updated a Vaadin 21/Spring Boot 2.5.7 application to Spring Boot 2.6.0 and are experiencing issues with the rendering. It appears that the resources are not being made available for the frontend. I have confirmed that they are packaged into the war.
There are no errors logged but images from resources are not being shown in the ui.
Looking at the release notes for 2.6.0 it appears that they have made changes to how resources are being included/served.
Can anyone else confirm this issue?
Thanks.
Yes, a fix is already on the way https://github.com/vaadin/spring/pull/944
maybe somebody can help me with my problem. Currently trying to get Camunda running within my Spring Boot App. The Core Camunda Parts i could get running, but now i would like to add also the WebApps of Camunda (Cockpit / Tasklist etc.)
i added the dependency:
<dependency>
<groupId>org.camunda.bpm.springboot</groupId>
<artifactId>camunda-bpm-spring-boot-starter-webapp</artifactId>
<version>7.13.0</version>
<scope>provided</scope>
I tried to access it via the localhost:8080/camunda/app/welcome/ but besides of the Loading indicator i cant see anything. In my Spring Boot Application instead I see that a lot of Java Script couldn't be found from Frontend Request. e.g getting the error 404 /localhost/camunda/require.js not found.
Has anybody any idea what i am doing wrong. I tried it once with an empty Spring Boot Project and there it was working fine, but adding it to an existing project causes this issue.
More information on your project (depenedency:tree) would be required to tell why. Most likely you have included incompatible versions. Clearing the browser cache or trying in a private window may also help.
You can always create a clean Spring Boot setup with compatible library / Spring Boot versions including engine, REST API, Web Apps (and possibly security, Camunda BPM assert) using https://start.camunda.com/.
I use Spring Boot - 1.5.3.Release Version for my project. Simply tested my demo application with Actuator and Dev-tools plugin from spring boot initializer site. (Hence I no longer needed to share my POM, as it is default).When I launch my application and try to hit the metrics End Point URL, I get this 401 Unauthorized status (image given below).
Following Options Tried to Bypass this exception
I excluded the SecurityAutoConfiguration on my main Class.
#SpringBootApplication
#EnableAutoConfiguration(exclude= {org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class})
public class MainConfig {
But the above option didn't work.
When I downgrade my Spring-Boot - 1.4.6.RELEASE Version, I didn't get the UnAuthorized Exception. My Application worked like a charm :-)
Questions
Is there any Specific Security Enhancements have been made in the latest release of Spring-Boot (1.5.3.RELEASE Version)?
If at all any enhancements made, let know the community on how to bypass such kind of exceptions?
I also, noticed that when using Spring-boot (1.5.3.RELEASE) it doesn't show any exceptions on startup, even though I have multiple main program in my IDE build path. Is that also an enhancement is spring-boot (1.5.3.RELEASE) version?
Kindly clarify.
From the Spring Boot 1.5 Release Notes:
If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false.
I have my process(bpm file) defined as part of the Camunda Spring Boot project. I have a form attached to a Start Event. When I start my process I get "Form failure: Origin is not allowed by Access-Control-Allow-Origin" error.
I have checked Chrome console and found "XMLHttpRequest cannot load app:forms/my-form.html?noCache=1455724524763. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource" error message.
I had packaged the same process outside a Spring Boot project as a normal web app and deployed the war to Camunda Tomcat. It ran without any issue.
The issue happens when I package the same process as part of Camunda Spring Boot project.
Found 2 links describing similar issue but not helping much in terms of resolution.
https://github.com/plexiti/camunda-grails-plugin/issues/47
https://app.camunda.com/jira/browse/CAM-2146
Does Camunda Spring Boot project support embedded form. I have not seen any example of embedded form for Camunda Spring Boot.
I am pretty much stuck. So any help will be much appreciated.
This happens if the Tasklist can not determine the context path of the application. I just experienced that today in a customer training, when I undeployed a war file from a Wildfly.
A workaround could be to use an absolute path in the formKey, e.g. embedded:/mywebapp/forms/my-form.html
We had this problem as well. My coworker left this comment on the github issues of the project that you might find useful: https://github.com/camunda/camunda-bpm-spring-boot-starter/issues/39
I came across a video on youtube ( https://www.youtube.com/watch?v=GTrNkhVnJBU ) where it demos Spring Loaded.
I'm trying to duplicate the same behavior but am still unsuccessful so far.
What I'm using:
Spring Tool Suite 3.7.2
Spring Boot 1.3.2-RELEASE
Spring loaded 1.2.5-RELEASE
Maven version 3.1.0
JDK 1.8.0_71
I tried the same thing as the guy does in the video (except for the versions being more up to date of course) but it doesn't work.
I also tried the "maven plugin" way as described in the spring docs here -> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-hotswapping.html#howto-reload-springloaded-maven
But that also did not work.
I tried changing the versions of spring loaded to 1.2.0 (docs use that version) but that didn't do anything either.
I ran the app in STS itself, and also tried mvn spring-boot:run from command line, but both simply don't get the desired result.
When using mvn spring-boot:run I see that it is attaching the agent:
[INFO] Attaching agents: [C:\Users\ron.m2\repository\org\springframework\springloaded\1.2.5.RELEASE\springloaded-1.2.5.RELEASE.jar]
But changing RequestMappings or method signatures do not get picked up by spring loaded and thus the change is not reflected.
I'm a little out of ideas why I can't get this to work and any help would be greatly appreciated.
Spring loaded does not yet support spring 4.2. See https://github.com/spring-projects/spring-loaded/issues/139
So you either stick with DevTools which definitely speeds up the development process (although not as fast as spring-loaded), use JRebel (which supports the latest spring version) or downgrade to spring 4.1.
As an alternative you could also try the automatic restart feature of Spring Boot Devtools: https://spring.io/blog/2015/06/17/devtools-in-spring-boot-1-3. It restarts just the app and it is much quicker than restarting the whole JVM. You are loosing application state though, but it might be an alternative.