I'm writing a spring boot webapp and now I need to manage it with spring boot admin. By creating another spring webapp and make it the admin server, everything works just fine, but now I need to implement server and client on the same webapp. How can I do that?
On my webapp i'v added this on my application.properties:
spring.application.name=Events generator
spring.boot.admin.client.url=http://localhost:8080
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
server.port=8081
What I need to do to make this webapp either client and server for Spring boot admin?
Related
Requirement - Is there any way via configuration/custom logic to provide a blacklist ports configuration so sprint boot service will never pick those ports when it starts, this is required as some of our legacy services runs in dedicated ports and those services starts after our spring boot application starts, if spring boot application picks those ports then it will create a clash.
example : we are looking for something like below , where we can exclude these ports so they will never be picked up by spring boot application.
exclude.ports= 18080,28080
I have bound a few spring boot actuator endpoints jar file metrics to ports 9000, 9001 and 9002. On trying localhost:9000 or server IP:9000. I am able to access the metrics.
But this works only on the local server. I want that any on my company network can open the metric site through IP based URL i.e IP:9000.
How can I achieve this without using tomcat or xamp. It is a spring boot actuator.
One of our client applications has following architecture -
Angular based front end
Spring Boot based web application to talk to front end
Spring Boot based microservices to talk to web application
Eureka Discovery client to enable web app locate microservices
Recently we faced some issue and want to make one of the microservice to be installed as application under standalone tomcat. Making microservice application main class extend SpringBootServletInitializer, and changing packaging to war helped generate war artifact and it gets deployed on tomcat, as well as registers on Eureka - but its not servicable.
When web application looks up the service via Eureka and invoked any API, it fails. Even invoking service via Postman or directly in browser fails for registered URL. It seems the microservice when exposed as web application under tomcat does not resolve via Eureka. Any suggestions?
Configuration:
Data service - to be deployed as war
spring.application.name=data-service
server.contextPath=/data-service
server.servlet.application-display-name=Data Service
spring.main.banner-mode=log
#server.port=9090
spring.jmx.default-domain=${spring.application.name}
eureka.client.service-url.defaultZone=http://localhost:9098/eureka
eureka.client.register-with-eureka=true
eureka.client.fetch-registry=true
eureka.client.preferSameZoneEureka=true
ribbon.eureka.enabled=true
ribbon.ReadTimeout = 60000
When deployed, it registers with Eureka Discovery with name data-service, but The uri is not a correct one to reach the instance, it happens to be something like
GET http://data-service/query/xxxxx HTTP/1.1
It misses the Tomcat port 8080 and the tomcat context. Manually checking uri
http://localhost:8080/data-service/query/xxxxx
does work.
I am running a Spring Cloud Config Client on Kubernetes. It uses spring-cloud-kubernetes and spring-cloud-kubernetes-ribbon dependencies for service discovery, and I am expecting it to be able to discover the Spring Cloud Config Server by setting spring.cloud.config.discovery.enabled=true, but it is not working.
Background:
I am trying to prove that Kubernetes' Service is able to replace the Spring Cloud Eureka for Service Discovery with minimum configuration.
I have deployed a Spring Cloud Config Server (named config-server, at port 8888) along with a Spring Boot Microservice in Kubernetes as separate services in the same namespace, and used Spring Cloud Kubernetes' #EnableDiscoveryClient in the Application.java of both the config server and the microservice.
I have specified the following properties in the microservice's bootstrap.properties but the microservice always attempts to retrieve the config from localhost:8888:
spring.cloud.config.discovery.enabled=true
spring.cloud.config.discovery.serviceId=config-server
Only when I have replaced the above configs with the following, can the configs from the server be retrieved successfully:
spring.cloud.config.enabled=true
spring.cloud.config.uri=http://config-server:8888
I've setup Keycloak and a public/front-end spring boot app successfully. Everything is working as expected. The front-end Spring Boot App is configured in Keycloak as a client (app-ui) in the realm, user's are able to login through keycloak, tokens pass successfully everything's great. Spring Security is securing endpoints and roles are being respected for endpoints.
Now, I'm trying to add a downstream Spring Boot App (Web Service) in the mix and I want it to be aware of the logged in user to be able to secure calls to it. The front-end Spring Boot App is using Feign Client to call the REST endpoints on the back-end Spring Boot App, but the back-end is not doing any authentication/authorization.
I have a couple questions I'm having trouble figuring out:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
Is there anything specific to configure in the back-end Spring Boot App? Does it talk to Keycloak to verify the authenticated user details it receives from the upstream callers?
I'd love to see a demo or tutorial that takes the one's I've seen about How to integrate Keycloak and Spring Boot one step farther to also secure any other downstream services. If I can figure this out, I'll post one.
I'm assuming this can be done with standard OAuth2 configuration on the back-end Spring Boot App, but I wasn't sure how it's recommended to achieve this architecture.
Here's the architecture I'm trying to setup:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
You need to pass bearer-token in your http request header.
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
You need to add a new client in realm for example "back-end-client" and set its "Access Type" to 'bearer only'. You will need 'keycloak-spring-boot-starter' and 'spring-boot-starter-security' dependencies, also in your add 'keycloak-adapter-bom' .
In your application.properties you should have below mentioned properties
keycloak.realm =
keycloak.auth-server-url = your keycloak url
keycloak.ssl-required =external
keycloak.bearer-only=true
keycloak.resource =your client name
keycloak.credentials.secret= your secret key
keycloak.security-Constraints[0].authRoles[0] = user
keycloak.security-Constraints[0].securityCollections[0].patterns[0] = /*
keycloak.cors=true
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
You need to create a new client and it should be registered as "bearer only"
you can refer this link : https://www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter