Spring cloud : Angel.SR3
I want to restrict(via security) the visibility of what properties a consuming app can see.
app1 sees : app1.properties(yml) + application.properties ,
app2 sees : app2.properties(yml) + application.properties
app1 should not be able to see(accidentally ?) app2.properties
Each app ldap authenticates into the cloud config (environment controller).
Any ideas on how to go about this ?
Related
I have this service
#ApplicationPath("/services") public class MyRestEasyApplication extends Application {
Packeged package bitsexcel.ws.resteasy.services; My project is named RsJavaWeb and run in this url http://localhost:8080/RsJavaWeb/ on Wilfly Server
I have not web.xml descriptor with nothing except <welcome-file-list>
I can't find my service in any url
I tried with:
http://localhost:8080/RsJavaWeb/services/person/1
http://localhost:8080/RsJavaWeb/ ?
And ever more but I can't find the service
Find the context root of your application (you can see it from WildFly UI console).
Then you should send requests at http://localhost:8080/{context-root}/services/...
I have a WebFlux application that is behind nginx-ingress.
In order to have redirect working (for purposes of Spring Security OAuth) I enabled ForwardedHeaderTransformer.
Now redirects generated by Spring Security OAuth are working fine, but the problem arises when I want to access my API exposed by RouterFunctions.
For instance I have an endpoint GET /someresource. When request is made ForwardedHeaderTransformer adds /api/myservice both to contextPath and uri.
Question is how to expose my api without adding /api/myservice to router function?
Is there any (clean) option to strip contextPath (if it's present) and serve API like this:
fun router() = router {
"/someresource".nest {
GET("/", myHandler::getResource)
GET("/{id}", myHandler::getResources)
Maybe there is a WebFilter that can be triggered just before RouterFunctions or maybe it can be modified in the other way?
I've tried to add HandlerFilterFunction to my router. But it does not work since there is no mapping for /api/myservice registered.
How to redirect to homepage from /api/login url as it has predefined response in spring security rest plugin 1.5.4 in grails ?
You can override the default spring security login end point as below,
open Config.groovy file and add the following line in that file,
//spring security rest login end point
grails.plugin.springsecurity.rest.login.endpointUrl = "/PATH_TO_HOME_PAGE"
Restart your grails application after change.
When my application which uses Spring Cloud Vault starter is requesting info from Vault, it searches the followed paths at generic secret back-end:
secret/myapp/vault
secret/myapp/dev
secret/myapp
secret/application/vault
secret/application/dev
secret/application
So as you can see, it does a lot of requests to a Vault and that's a problem because Vault will create a lot of unnecessary logs which is bad for a few reasons.
How can I change paths for the requests?
For instance, I want my application to go to secret/myapp/{profile} and that's all.
There are two approaches you can take:
Setting spring.cloud.vault.generic.default-context to an empty value.
Customize which paths Spring Vault accesses.
Run your app with fewer profiles activated.
Spring Vault creates path matrices based on the application name multiplied with the profiles you activated and based on a generic name multiplied with active profiles.
Providing a VaultConfigurer bean inside the bootstrap context gives you the most control over paths accessed by Spring Cloud Vault:
public class MyVaultConfigurer implements VaultConfigurer {
#Override
public void addSecretBackends(SecretBackendConfigurer configurer) {
configurer.add("secret/my-application");
configurer.registerDefaultGenericSecretBackends(false);
configurer.registerDefaultDiscoveredSecretBackends(true);
}
}
Is it possible to make a web application which uses JAAS authenticate via tomcats default authentication method.
To illustrate: Tomcat uses the tomcat_users.xml for authentications. The web application has defined its own method in jaas.cfg. How do we configure the jaas.cfg in such a way that it uses the Tomcat's method in so that when the configuration in Tomcat changes the application's authentication method switches aswell.
Current config looks like this:
BonitaAuth {
org.ow2.bonita.identity.auth.BonitaIdentityLoginModule required;
};
BonitaStore {
org.ow2.bonita.identity.auth.LocalStorageLoginModule required;
};
BonitaAuth-default {
org.ow2.bonita.identity.auth.BonitaIdentityLoginModule required domain="default";
org.ow2.bonita.identity.auth.LocalStorageLoginModule required domain="default";
};
BonitaStore-default {
org.ow2.bonita.identity.auth.LocalStorageLoginModule required domain="default";
};
/**
* Used by the REST server
*/
BonitaRESTServer {
org.ow2.bonita.identity.auth.BonitaRESTServerLoginModule required logins="restuser" passwords="restbpm" roles="restuser";
};
The Tomcat user repository is defined by Tomcat Realms.
The tomcat_users.xml file is used by MemoryRealm.
To use your JAAS configuration (jaas.cfg) configure JAASRealm:
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm
It is possible to use Java EE authentication and implement your own realm.
You have 3 options:
implement Tomcat Realm interface
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/Realm.html
Extend RealmBase
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/RealmBase.html)
Extend JAASRealm
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/JAASRealm.html
Configure your own realm in server.xml
<Realm className="org.myrealm"/>
Tomcat will call to your authenticate method http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/RealmBase.html#authenticate%28java.lang.String,%20java.lang.String%29
In the method you can call your JAAS authentication.