I have a Spring Boot project with SQL/Web dependencies. I have controllers and models but NO configuration classes. This is a very simple project so I'm doing simple authentication by checking user-specific tokens in the request headers. I would like to use the BCrypt dependency to hash passwords before saving them into my database, but Spring Boot won't let me simply use the static functions.
I have added these three dependencies to my pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
And created an endpoint in my controller just to check the output of the static hashpw function.
#GetMapping("/bcrypt/{pw}")
public String crypt(#PathVariable String pw)
{
return BCrypt.hashpw(pw, "xxwv");
}
But now that I added those 3 dependencies, it keeps redirecting me to a login page that I never created. I just want to use the static hashing functions without Spring Boot adding random security I never asked for.
Adding following exclude parameter to the annotation of my Application class solved the problem:
#SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
Related
My and project team are looking to add Zipkin logging and tracing to our current project. We are working in an microservice environment using Spring Boot (Java 17) and cloud foundery. For the communication between Microservices we are using HttpClient. From what I've gathered from the documentation Zipkin requires an RestTemplate to function. However we don't have time to change this.
We were able to implement Zipkin in every individual project. However, every call generates their own Trace ID. I think we need to configure the HttpClient to work in tandem with Zipkin, however the documentation is not very clear and I have been unable to find anything that explains how to do this.
What can I try on this? I've included the config and dependencies below.
spring:
application:
name: Application_1
zipkin:
baseUrl: http://localhost:9411
sleuth:
sampler:
probability: 1.0
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-sleuth-zipkin</artifactId>
<version>3.1.3</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-sleuth</artifactId>
<version>3.1.3</version>
</dependency>
I'm working with
Spring Boot 2.2.5
Thymeleaf 3.0.11
Thymeleaf Spring Security 5, 3.0.4 Release
I use the following dependencies in my pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
Versions are recognized and the respective jars are included in my project. I also have added the extra namespace of Thymeleaf Security Module to my templates:
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
I have implemented a role based authentication & authorization with Hibernate and MySQL and login / logout, which for my understanding works fine.
The sec:authentication tag of Thymeleaf Security Dialect works fine and also displays the correct roles. The sec:authorize tag seems to work as well when calling the method sec:authorize="isAuthenticated()".
However, I'm struggling when evaluating the role of a user in the templates, both using sec:authorize="hasRole('...')" or th:if="${#authorization.expression('hasRole(''...'')')}". I seems that the roles cannot be evaluated although they are correctly displayed using sec:authentication="principal.authorities".
I have summarized my approaches on a test page, displaying the following result:
Any clue where my bug or misunderstanding hides? Many thanks for your support in advance.
After some more research I figured out my issue. After adding the prefix ROLE_ to the role names (in the datasource), everything works fine.
I am new to DataBase testing and I am trying to Connect the database by using tag #SpringBootTest in class level and by using Autowire, It is not creating instantiation getting always null
#SprintBootTest
Class Test{
#Autowire
DatabaseService databaseService;
}
Can anyone suggest please? If any one did similar like this , can you please give me the instructions
There are multiple ways to test your database and here is a couple of them,
Using In-memory-database(ex: H2) using test scope
It's quite good to use h2(in-memory-DB) for mimicking the database. Though it is not mandatory and we can use mockito to mock the database interactions as well.
Add these dependencies,
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.196</version>
<scope>test</scope>
</dependency>
Now your test class should look like this,
#RunWith(SpringRunner.class)
#SpringBootTest(classes = YourApp.class, webEnvironment = RANDOM_PORT)
Class DatabaseServiceTest{
#Autowired
private DatabaseService databaseService;
}
Replicating actual database configuration properties
First, you need to replicate your properties/yml from main/resources to test/resources directory. Your test class remains the same as given in the above approach. But make sure that you excluded the h2-dependency from your pom.
Please explore these tutorials as well,
spring integration testing
spring boot test
junit and mockito example
I am developing the backend of an Angular + REST APIs application, the application needs some sort of session management (user is authenticated first using OTP then I need to keep track of any of his subsequent requests) ... I saw two examples for managing session with REST , first is using JWT + OAuth2 which I think is somehow over engineered as OAuth2 is not designed as I understand to be used within the same application (resource and authorization server are both within the same application) ... the other example uses redis and I can't introduce it to my current application ... actually what I need is something simple as storing the session in a static map-like structure that I always refer to (and moreover it would be nice to update the token with every client call to the backend, same like OAuth2 but simpler) ... I also checked the spring boot dependencies concerning sessions, all I found name external resource to be included like
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-hazelcast</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-mongodb</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
And I have a restriction not to add any external caching dependency like hazelcast ... also for a jdbc-session management, it will really affect performance to go to database with every client call
I'm trying to in corporate Spring Actuator to my application. I have added the dependency in my pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.4.2.RELEASE</version>
</dependency>
But I get a 404 when trying to access the /health endpoint. After looking online, I've read that I need to also have the spring-boot-starter-web dependency in my POM. I was under the assumption that I only need the actuator dependency in order to get it working
Yes web is needed if you want to access via HTTP (otherwise only JMX is available).
The documentation for actuator states
"Click Dependencies and select Spring Web and Spring Boot Actuator."