I am generating an app(frontend and backend) using the console command: jhipster. The app was generated with authorization. Then I was asked to completely remove the authorization.
I found that it is possible to generate a new application with the command: --skip-user-management, how to remove authorization for existing application?
Please take a look at https://stackoverflow.com/a/59212698/7773582 to understand how to remove authorization in an existing application. This is the case for Angular-frontend, I unfortunately don't know where authorization is handled in reactjs as frontend.
I resolve it, using anonymous user.
In SecurityConfiguration.class set permitAll() for all requests and remove beforeFilter().
In private-route.tsx set true for checkAuthorities() method.
I'm using Cloud Endpoints Frameworks (2.0.1) for Java as part of my final year project and have been relatively successful with it so far.
I don't have any problems when deploying to my appspot.com domain, however, I am running into some problems when deploying locally.
(Any references to my-project-id in the following code blocks are aliases for my actual google cloud project id)
I have a valid openapi descriptor (openapi.json) of an annotated #API class which I am deploying to cloud endpoints using "gcloud service-management deploy openapi.json".
The command returns successfully:
Service Configuration [2017-02-23r0] uploaded for service [api.endpoints.<my-project-id>.cloud.goog]
I then map the returned config_id to the correct endpoints_api_service in my app.yaml
endpoints_api_service:
name: api.endpoints.<my-project-id>.cloud.goog
config_id: 2017-02-23r0
This service is listed by the gcloud cli tool using "gcloud service-management list"
NAME TITLE
storage-component.googleapis.com Google Cloud Storage
api.endpoints.<my-project-id>.cloud.goog api.endpoints.<my-project-id>.cloud.goog
etc...
and "gcloud service-management configs list --service api.endpoints.my-project-id.cloud.goog"
CONFIG_ID SERVICE_NAME
2017-02-23r0 api.endpoints.<my-project-id>.cloud.goog
... other version configs
and is accessible on my appspot.com domain (I can call the endpoint and receive the correct response)
I am trying to deploy my project on localhost using the maven appengine plugin for java (mvn appengine:devserver), but upon jetty startup I'm hit with the following Exception:
WARNING: Failed startup of context com.google.appengine.tools.development.DevAppEngineWebAppContext...
com.google.api.config.ServiceConfigException: Failed to fetch default config version for service 'api.endpoints.<my-project-id>.cloud.goog'. No versions exist!
at com.google.api.config.ServiceConfigSupplier.fetchLatestServiceVersion(ServiceConfigSupplier.java:155)
....
The deployment then gets stuck in an endless cycle of trying to start jetty, and being hit with that error message, and restarting etc. Any attempts to access localhost:8080 result in a "503: Service not found" error
I assumed that the local deployment of my app would be able to access the service config that was deployed using "gcloud service-management deploy", in the same way that the appspot.com deployment can, but is this not the case?
Looking at the source for ServiceConfigSupplier.getchLatestServiceVersion() I gather that serviceManagement.services().configs().list(my-service-name).execute().getServiceConfigs() is returning an empty list, but why is this only occurring locally?
Extra Information
my ENDPOINTS_SERVICE_NAME environment variable matches 'api.endpoints.my-project-id.cloud.goog'
I noticed that there was an update (1.0.2) to com.google.api.config a few days ago, and it has a dependency on an older version of com.google.api.services.servicemanagement (dependent on v1-rev14-1.22.0 with the newest version being v1-rev340-1.22.0)
I doubt this is the problem, but I thought I would mention it, as it contains classes relevant to the exception (ServiceManagement is used by ServiceConfigSupplier, which is throwing the exception). Perhaps there is an inconsistency in where they are looking for the service configs?
I'm quite stumped tbh, it's a bit over my head. I would dislike having to remove Endpoints, as I'm starting to like it, but we also can't really lose usage of our devserver either. I hope someone can shed a little bit of light on this issue.
It's not a fix but I was able to work around the problem by using the advice in https://stackoverflow.com/a/41493548/1410035.
Namely, commenting out the ServiceManagementConfigFilter:
b) Comment out the ServiceManagementConfigFilter from web.xml , ie,
<!--
<filter>
<filter-name>endpoints-api-configuration</filter-name>
<filter-class>com.google.api.control.ServiceManagementConfigFilter</filter-class>
</filter>
-->
<!--
<filter-mapping>
<filter-name>endpoints-api-configuration</filter-name>
<servlet-name>EndpointsServlet</servlet-name>
</filter-mapping>
-->
Note that you have to comment out the filter and the filter-mapping and they aren't right next to each other in the file.
I found that I didn't need to remove the scaling block as mentioned in point 'a' in the linked answer.
This may be related to a permission issue if you have pulled all recent updates. git pull Also, check that your Cloud SDK is up-to-date by using: gcloud components update.
Assuming you followed the instructions listed at https://cloud.google.com/endpoints/docs/frameworks/java/quickstart-frameworks-java. To get around this issue you can create a service account with necessary permissions or use the command gcloud auth application-default login.
You can setup a service account using the Cloud SDK gcloud at https://cloud.google.com/sdk/docs/authorizing
Please let me know if you have anymore questions.
As for the command gcloud auth application-default login. According to the help description:
Obtains user access credentials via a web flow and puts them in the
well-known location for Application Default Credentials to use them as
a proxy for a service account.
When you used this command it obtains credentials for gcloud your Gmail Account. something#gmail.com and then stores the credentials in a location known to contain application credentials.
It worked with "gradle appengineRun" but on IntelliJ Idea project I had to replace all the ${endpoints.project.id} in web.xml and appengine-web.xml to run/debug localhost from IntelliJ (imported from gradle sources, installed Google Cloud Tools plugin and set up run/debug configuration from Tools/GoogleCloudTools/Run on a local App Engine Standard dev server).
My error was:
Failed to fetch default config version for service 'echo-api.endpoints.${endpoints.project.id}.cloud.goog'. No versions exist!
cloud.google.com docs only have Maven build example Gradle build is at github.com
Another thing to bare in mind is your service account has the right permission, your service account is something looks like the following
[project ID]#appspot.gserviceaccount.com.
By default, it is Project(Editor), at least you need to provide it as Service Controller role.
If it is gone, then you can follow these instructions to add back in.
This can happen if you've changed the Google Cloud project you're trying to authenticate to (if someone else has changed the project, this can happen when you pull changes from source control). In this case, the service account credentials that you were using for the old project will no longer be valid, and you can authenticate to the new project by running:
gcloud auth application-default login
I was having this fairly similar error,
endpoints.repackaged.com.google.api.config.ServiceConfigException:
Failed to fetch service config (status code 404): The service config
name and config id could not be found. Double check that filter
initialization parameters endpoints.projectId and
endpoints.serviceName are correctly set.
and the issue for me was having ENDPOINTS_SERVICE_VERSION environment variable specified in my appengine-web.xml. So basically, deleting those lines was enough in my case (Since endpoints uses the most recent ENDPOINTS_SERVICE_VERSION if not provided any.):
<env-var name="ENDPOINTS_SERVICE_VERSION" value="1" />
For me, the problem was that I hadn't deployed the open API.
So running the below fixed the issue:
gcloud endpoints services deploy openapi.json
I have an application with name test.war.
Because of Apache installed on my server I have to use another port number for Tomcat applications so after deployment this application available at domain.com:8080/test/.
I decided to create a subdomain in order to remove that ugly 8080 from url, so I setted up the server like described here. So now test.domain.com reffers to domain.com:8080/test/.
Everything seems fine except of one problem - because my application is not ROOT.war and I am using spring:url function every url in the application is translated to /test/bla-bla. So I removed that function. But still have a problem with spring security because it still translates an urls relative to app name i.e. /test/bla-bla.
How can I solve that problem?
Thank you
UPD: I don't want to deploy it as a ROOT application because I have two or three such applications and I wanted to create a subdomain for each one of them
Spring Security doesn't "translate" URLs. In fact this isn't specific to Spring Security. You'll run into similar issues with any application which does redirects. If you want to hide the context paths of applications which are behind a proxy, then you need to rewrite the URLs at the proxy.
I'd recommend you read the Tomcat Generic Proxy Howto and the section on URL rewriting in particular, as it specifically addresses this issue.
I have written an application that connects to a SSL web service (including client certificate) through jaxws. For this to work I have a wstrust.jks that contains trusted root certificate for ws, and client.p12 that is the client certificate to use when connecting to ws. I have then created a custom SSLSocketFactory to be able to use my wstrust.jks and client.12 during the connection to ws. I tell jaxws to use my implementation by:
[javax.xml.ws.BindingProvider].getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, customSSLSocketFactory);
Everything works like a charm if i run it as a standalone java-application. However when i use the same technique inside a Java bean (JSF) deployed as a war-file running under Tomcat,
i get a "PKIX path building failed"-error.
BUT If i configure SSL through JAVA_OPTS when i start my Tomcat (through the -Djavax.net.ssl.* parameters) I get it to work.
So my question:
How do i (or is it possible) to get my custom-SSLSocketFactory-technique to work inside the Java bean?
I guess as tomcat wraps itself around my application, when running as a bean, it is working differently and my wish to use a custom SSLSocketFactory isnt respected...
Thanks for any input on this!
/Tobbe
Solved it. If anyone have the same issue here is how. Instead of setting my custom factory through:
[javax.xml.ws.BindingProvider].getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, customSSLSocketFactory);
I had to set it through:
HttpsURLConnection.setDefaultSSLSocketFactory(customSSLSocketFactory);
otherwise it seems to get ignored.
/Tobbe
I want to authenticate my web service in Spring with an Active Directory lookup at both the producer and the consumer - under the Principal that that each are executing under (ie Service Accounts).
I'm assuming I have to use
JaasPlainTextPasswordValidationCallbackHandler
and
JaasCertificateValidationCallbackHandler
and set up my
jaas.config
file.
Can anyone give me a code example of where to go from here? I'm guessing the Service Account names will need to go into the jaas.config file - but if so - I'd like that to be automatically populated.
You shouldn't need JAAS at all. A simple LDAP authentication scheme should work fine for Spring Security and Active Directory; Active Directory exposes an LDAP interface (typically port 389).
http://static.springframework.org/spring-security/site/docs/2.0.x/reference/ldap.html