I have a spring boot application.
I know that spring mvc is incompatible with spring cloud gateway and it is needed to use spring-boot-starter-webflux instead of spring-boot-starter-web.
But the problem is that I have to add a gateway functionality to an existing app.
And so I have some questions that I hope will help with the problem:
May I create another spring context for separate beans of this libraries? I. e., I mean the old app will work with old context and gateway only with the new. And here are another question: How can I load spring starter in another spring context?
May I configure another port for gateway? So that the old app receives messages on port 8080, and the gateway receives messages for itself on port 8081.
Related
Requirement - Is there any way via configuration/custom logic to provide a blacklist ports configuration so sprint boot service will never pick those ports when it starts, this is required as some of our legacy services runs in dedicated ports and those services starts after our spring boot application starts, if spring boot application picks those ports then it will create a clash.
example : we are looking for something like below , where we can exclude these ports so they will never be picked up by spring boot application.
exclude.ports= 18080,28080
I have an application which is running on multiple AWS hosts behind a load balancer. All of these instances load the configuration from a spring config server. I can use spring boot admin server to identify the the URL's so that I can execute the POST at hostname:port/actuator/refresh command for individual host using POSTMAN. As the number of hosts increase, it becomes difficult to run a command for each one of the hosts. Is there a way I can do the same with a single command?
We use something similar for our application
i.e Spring applications fetching properties from config server and a spring boot admin server to which all these application registers.
We have exposed an post api in bootadmin which calls refresh endpoint on all instances of specified app.
Since bootadmin has all information about registered apps, we are using it to 'publish' message to all 'subscribed' apps.
I was learning Microservice architecture from Spring Microservices In Action book.
As one of things I wanted to migrate examples which were built on Spring Boot 1.4.4 and Spring Cloud Camden.SR5 to Spring Boot 2.1.6 and Spring Cloud Greenwich.SR1.
Now, I'm having problems with migrating of OAuth2 Auth server and resource servers since Spring decided to change packages/placement of classes and I feel completly lost since nothing seems to work.
Documentation seems to be splitted into SpringBoot/SpringSecurity/SpringOAuth2 depedencies.
What is the proper way of implementing OAuth2 AuthServer and ResourceServer in current (2.1.6) version of SpringBoot with Spring cloud Greenwich?
I've setup Keycloak and a public/front-end spring boot app successfully. Everything is working as expected. The front-end Spring Boot App is configured in Keycloak as a client (app-ui) in the realm, user's are able to login through keycloak, tokens pass successfully everything's great. Spring Security is securing endpoints and roles are being respected for endpoints.
Now, I'm trying to add a downstream Spring Boot App (Web Service) in the mix and I want it to be aware of the logged in user to be able to secure calls to it. The front-end Spring Boot App is using Feign Client to call the REST endpoints on the back-end Spring Boot App, but the back-end is not doing any authentication/authorization.
I have a couple questions I'm having trouble figuring out:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
Is there anything specific to configure in the back-end Spring Boot App? Does it talk to Keycloak to verify the authenticated user details it receives from the upstream callers?
I'd love to see a demo or tutorial that takes the one's I've seen about How to integrate Keycloak and Spring Boot one step farther to also secure any other downstream services. If I can figure this out, I'll post one.
I'm assuming this can be done with standard OAuth2 configuration on the back-end Spring Boot App, but I wasn't sure how it's recommended to achieve this architecture.
Here's the architecture I'm trying to setup:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
You need to pass bearer-token in your http request header.
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
You need to add a new client in realm for example "back-end-client" and set its "Access Type" to 'bearer only'. You will need 'keycloak-spring-boot-starter' and 'spring-boot-starter-security' dependencies, also in your add 'keycloak-adapter-bom' .
In your application.properties you should have below mentioned properties
keycloak.realm =
keycloak.auth-server-url = your keycloak url
keycloak.ssl-required =external
keycloak.bearer-only=true
keycloak.resource =your client name
keycloak.credentials.secret= your secret key
keycloak.security-Constraints[0].authRoles[0] = user
keycloak.security-Constraints[0].securityCollections[0].patterns[0] = /*
keycloak.cors=true
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
You need to create a new client and it should be registered as "bearer only"
you can refer this link : https://www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter
I am looking for the best method to host multiple websites developed using Spring Boot.
I have a public IP and it points to EC2 machine.
Already I am running one web application on it, developed using Spring Boot.
Now, I am looking for a way to create my second Spring Boot application(running on a different port).
My configuration should result like this(Single public IP),
www.app1.com(x.x.x.x) => Spring Boot App1
www.app2.com(x.x.x.x) => Spring Boot App2
I found many articles on internet dealing with conf/server.xml file, http://tomcat.apache.org/tomcat-7.0-doc/config/host.html
Can someone help me to achieve the same
The best way is probably to use a reverse proxy front end. E.g. install nginx on your EC2 box, or (probably better if you are serious about it) use an ELB, and Route 53 to register your DNS record.