I'm having trouble finding which package contains #EnableWebSecurity in Spring Security 3.1.3. I've added core, config, web and ldap security packages, but the annotation remains unavailable. Has it been replaced by another annotation?
I think java config support is not yet released with Spring Security, but available as a separate module in spring-security-javaconfig. See instructions in the linked page about how to include the jar into your maven build.
I faced the same problem and was able to solve it by adding "spring-boot-starter-security" as a dependency in build.gradle as mentioned in the spring "Getting Started" guide available #
https://spring.io/guides/gs/securing-web/
Related
I inherited Spring Boot application (version 1.5.8). I think it reads external foo.properties file then creates Map object having key/value pair then SpringApplication.setDefaultProperties consumes it.
When I inspected the properties file, it has many ssl related key/value properties
server.ssl.key-alias=<some_value>
server.ssl.key-password=<some_value>
server.ssl.key-store=<some_value>
server.ssl.key-store-type=<some_value>
From its pom.xml file I don't see spring-boot-starter-security as a dependency though. My assumption is it is ok. Although as newbie, when I went through simple tutorial of Spring Boot in regard to ssl, it has aforementioned lib as a dependency.
I plan to add more ssl key/value pairs like:
server.ssl.enabled=<some_value>
server.ssl.ciphers=<some_value>
server.ssl.protocol=<some_value>
My question is do I need spring-boot-starter-security lib as a dependency or not. I am sure I'd find out once I update/execute the application but I decided to ask first if anyone knows in advance. My initial research didn't come up with an answer I was looking for.
Update:
From its pom.xml, I see following added as dependency. Another attempt of research makes me believe spring-boot-starter comes with spring-boot-starter-security but I am not positive about this.
spring-boot-starter
spring-boot-starter-log4j2
spring-boot-starter-web
No, you definitely don't need spring-boot-starter-security to enable SSL/TLS in your Spring Boot application.
As described in the Spring Boot documentation, you can enable SSL declaratively by setting the various server.ssl.* properties, typically in application.properties or application.yml.
Refer to the Ssl class for details of all of the supported properties. You may also consider checking the Spring Boot common application properties (in special the server properties).
No.
Spring Boot does not need security for SSL, it's a Tomcat issue. I recommend you to read this tutorial
I am upgrading the libraries on a system and am implementing spring boot. But, there are some dependencies that have to be added over and above the spring boot starters, and some of these are Spring classes.
How can I tell which library a package and class is coming from? The documentation for the class does not seem to provide this...
If i'm understanding correctly, what i do is looking for Compile Dependencies in the maven repos.
I'm migrating a Spring Boot project from boot 1.5.x to 2.0.x.
In the 1.5.x project I see that the following dependency is being used:
dependencies {
...
compile("org.springframework.security:spring-security-jwt")
...
}
The version of the spring-security-jwt is managed by Spring and I can verify that here. Namely:
<spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
The same dependency fails to resolve when I move to Boot 2 because it is no longer managed by Spring. I can verify that here...
Is this a bug or it is removed and included in another lib? Somehow I can't find clues in the docs... Shall I manage the version manually now?
The spring-security-jwt (and OAuth as well I guess) are now obsolete. Spring Security 5 added that support to the core library instead of an extension of the framework.
See here for a list of tickets related to the core JWT and OAuth support.
So in short you don't need that dependency anymore, although if you have custom filters and functionality build around that it would require using different classes/packages and features.
I'm trying to integrate spring boot with velocity tools but it still fails, the documentation did not find anything related to how to load velocity.properties, anyone have any help? Thank you.
I ran into some Boot/Velocity configuration issues this morning. You are right that the documentation is spare here.
If you are looking to use Velocity for Spring MVC templating, be sure to include spring-context-support on the classpath. Based on the behavior, it appears that Boot is doing some classpath autodetection here, and creates VelocityConfigurer and VelocityViewResolver beans if and only if spring-context-support is on the classpath.
I have a basic question about Spring Boot:
Say I am developping a websocket app. It seems the idea behind Spring Boot is as follows:
As a developer I am responsible for:
Including the following mvn dependency: spring-boot-starter-websocket
Annotate my configuration class with: #EnableAutoConfiguration
Spring Boot is then responsible for applying the following config: WebSocketAutoConfiguration
In a nutshell, is it how it works? Can someone please confirm of infirm the above?
You are absolutely correct.
After adding spring-boot-starter-websocket to your configuration file and using the #EnableAutoConfiguration annotation, Spring will use you class path to automatically determine which configuration settings and beans need to be created for you.
Spring Boot will handle the WebSocketAutoConfiguration and any other necessary common configurations.
More information can be found here: https://spring.io/guides/gs/spring-boot/