I'm migrating a project from Spring 5.x to Spring 6 that previously used the KeycloakWebSecurityConfigurerAdapter which is now no longer supported. I've searched the internet and found that I need to migrate to Spring Security's OAuth2 solutions instead of using the adapter. I've also found a different post that tackles this question in the context of Spring Boot.
I don't have Spring Boot though, only Spring. I haven't found anything regarding the migration from the adapter to Spring Security without Spring Boot. How do I do it?
Just as when you don't use any other spring-boot module: you write by yourself what is auto-configured by spring-boot.
Refer to spring-boot documentation to figure out what beans are auto-configured in the case of the accepted answer to the question you linked (or to spring-security documentation to setup a resource-server with JWT decoder and custom authentication converter for roles mapping).
Related
I'm planning to integrate Spring Session Redis + Spring Security in WebFlux Project.
And I am looking for some official documentation and references\Sample.But The Document only have Servlet Container Initialization.
I`m not quite sure the Spring Session REST support WebFlux Reactor applications.
In my limited experience with Spring,Thanks in advance.
Spring Session and Spring Security:
https://docs.spring.io/spring-session/docs/2.5.3/reference/html5/guides/java-security.html#servlet-container-initialization
Spring Session - REST:
https://docs.spring.io/spring-session/docs/2.4.6/reference/html5/guides/java-rest.html#servlet-container-initialization
Spring Session provides transparent integration with Spring WebFlux’s WebSession.
This is documented under "WebSession Integration" in the Spring Session reference docs.
You can see an example provided by the Spring Session team here.
If you are using Spring Boot and a single Spring Session module is present on the classpath, Spring Boot uses that store implementation automatically. There is no need for further configuration. You can find additional information in the Spring Boot reference docs.
If you are not using Spring Boot, you can use the annotation #EnableRedisWebSession to enable WebSession with Redis.
I have a Java application using Spring Security 5.2.1 and secured by Keycloak.
The client in Keycloak is a public openid-connect client.
It works fine.
I have now a requirement to use PKCE (Proof Key for Code Exchange).
As Client Support for PKCE has been added to Spring Security 5.2.0.M2 and as I use Spring Security 5.2.1, I can use Spring Security to implement it.
That's the good news.
The 'bad' news is that I found nearly nothing on the Web or in the Spring Security documentation on how I must implement it, practically.
Adding "enable-pkce": true in keycloak.json doesn't work, and I don't find any clear example of what to do.
Is there some documentation, website or whatever else, describing what to do to implementsthis ?
Thank you very much !
From the Spring Security reference documentation https://docs.spring.io/spring-security/site/docs/5.3.1.RELEASE/reference/html5/#initiating-the-authorization-request
PKCE will automatically be used when the following conditions are true:
client-secret is omitted (or empty)
client-authentication-method is set to "none" (ClientAuthenticationMethod.NONE)
In Spring Boot, for multipart uploads, I see many of the tutorial sites suggests to have one of the below properties:
spring.http.multipart.enabled=false
or
spring.servlet.multipart.enabled=true
Can someone explain why these settings and their use cases? Especially if I set the property spring.http.multipart.enabled=false , then why spring.servlet.multipart.enabled=true
I tried searching through Stack Overflow, but did not find any relevant posts for this one.
spring.http.multipart.enabled has been replaced with spring.servlet.multipart.enabled
If you're using Spring Boot 2.0.0 or later you should use spring.servlet.multipart.enabled
See also:
additional-spring-configuration-metadata.json
Spring Boot Reference of 1.5.19.RELEASE version (the Common application properties section lists spring.http.multipart.enabled).
Spring Boot reference of 2.0.0.RELEASE version (replaced with spring.servlet.multipart.enabled)
Upgrading from an Earlier Version of Spring Boot
MultipartProperties (1.5.19.RELEASE)
MultipartProperties (2.0.0.RELEASE)
I'm using spring boot 2.1.1 version and use #EnableWebFlux but I got some errors.
Errors are
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.web.reactive.config.DelegatingWebFluxConfiguration': Initialization of bean failed; nested exception is java.lang.IllegalStateException: The Java/XML config for Spring MVC and Spring WebFlux cannot both be enabled, e.g. via #EnableWebMvc and #EnableWebFlux, in the same application
How can I fix this problem.
You can't have both Spring MVC and Spring WebFlux enabled in Spring SPR-16609
enabling MVC and WebFlux in the same application context which triggers a conflict
you can't have them in the same process currently.
It offers a workaround to use use reactive repositories:
However, you can use reactive repositories from your existing Spring MVC application, and return the reactive types (Flux or Mono), from Spring MVC controller methods.
Based on Spring Docs and SpringFramework Collaborator Juergen Hoeller, you can have both Spring MVC and Spring WebFlux present in the same app. In this way, you are using Spring MVC by default, while you can have reactively enabled endpoints at the same time. Keep in mind, it is essentially a servlet-based MVC app you are using.
If you also have #EnableWebFlux on top of that, you mean that you wish to strictly turn this into a reactive web application.
My suggestion is to turn off #EnableWebFlux and keep your application straightly MVC-based. You can still use some of the reactive features such as Mono<> and Flux<> by importing Webflux dependencies.
I was facing the same issue as using io.springfox with Spring-WebFlux.
I changed to use springdoc and solved the issue: https://springdoc.org/#migrating-from-springfox
For sample detail you can check in this: https://github.com/mnguyencntt/springboot-webflux-swagger
Is there a way to enable yaml configuration (instead of properties file) in normal spring web mvc application without using spring boot and have the #Value annotation supported.
I searched a lot, everywhere it uses spring boot. I am not intrested to use spring boot, as its very heavy and have many dependancies configured for auto setup.
Any help would be appreciated......