We Keep Coding

spring boot with aws secrets manager is not download the secrets

I have updated the Spring boot from 2.0.9.RELEASE to 2.4.3, and I am using the package to get the AWS Secrets version 2.2.5.RELEASE. When I deploy the code, it looks like it didn't find the credentials, and the database connection can't be closed.
bootstrap.properties
spring.application.name=myapp
aws.secretsmanager.region=eu-central-1

With Spring Boot 2.4.0 Bootstrap phase was deprecated, that is why nothing is happening.
Because of deprecation and giving users more control over specifying which secrets they want, a new way of loading secrets was introduced in 2.3.0.
More about the new way and prefered way of loading secrets with spring.config.import can be found on here.
However, if you would still like to use old way of loading secrets with bootstrap phase, please add following dependency:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>{spring-cloud-version}</version>
</dependency>

What are Spring Security default credentials for Spring Boot?

I am working with Spring Boot and I am using spring-data-rest-hal-browser, everything seems to be fine, except when i try to hit the URL: localhost:8080 I get redirected to http://localhost:8080/login to use the HAL browser to navigate my endpoint, then I get a screen requesting for a user and a password that I don't have.
What are the default credentials to login to spring security and how can I change them or disable the login option?
This is the dependency i am using:
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-hal-browser</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
And this is the login screen:

Take a look at the console output after running your application. If you have no run-time exceptions, then you should easily find the credentials. By default the username is "user" and the password is always different and therefore generated from the system.
For more clarity, the login page comes with this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Also, if you want to set some values for the credentials, then go to application.properties file and add those two lines:
spring.security.user.name= your_username
spring.security.user.password= your_password

Default username is user
password can be found in the console when you run your application.
example:
Using generated security password: 18ea5687-bc63-4663-9377-e2817c9d2568
If you want to set them yourself you can do so by overriding the defaults in application.properties:
spring.security.user.name=stack
spring.security.user.password=overflow

How to access secure actuator endpoints without adding spring security

Actuator "sensitive" endpoints secure since 1.5.x version, is it possible to specify user in properties or yml file and access these endpoints without adding spring security into project?
I know that there's property management.security.enabled can be set to false to expose endpoints, but want to keep them secure:)

Yes you can do it.
Just add the below lines in src/main/resources/application.properties file.
management.security.enabled=true
security.user.name=admin
security.user.password=admin1
management.security.roles=SUPERUSER
After this, add below dependency in your application pom.xml file.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Restart your application and try to access any sensetive actuator. You will be prompted to enter username and password. Enter the username and password that you configured in application.priperties.
After entering you will be able to access the sentive actuators.
Hope this helps.
Happy coding

Adding Facebook authentication to my Spring MVC application

I'm trying to configure OAuth2 authentication into an existing Spring MVC app that is currently configured to use simple FORM authentication. I'd like to use Facebook as authentication provider, but I also need to maintain form authentication and to register user data in application DB the same way for both authentication methods (obviously for social auth some fields will be absent, for ex. password).
I'm using Spring Boot 1.4.1 with these additional dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
But I cannot find a tutorial or some clear documentation explaining how to solve my case (FORM + OAuth2).
I tried to follow this tutorial but it is based on Spring Boot + AngularJS, while I'm using plain HTML + Thymeleaf.
This is my current Spring Security configuration:
http.authorizeRequests() //
.antMatchers("/css/**").permitAll() // static resources
.antMatchers("/webjars/**").permitAll() // static resources
.antMatchers("/images/**").permitAll() // static resources
.antMatchers("/login").permitAll().anyRequest().authenticated();
http.formLogin()
.failureUrl("/login?error").defaultSuccessUrl("/").loginPage("/login").permitAll()//
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").permitAll();
What should I add to configure OAuth2 and to get user info once authenticated?
UPDATE After some googlin' I found that the way to go could be to use this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-social-facebook</artifactId>
</dependency>
in place of plain spring-security-oauth2, but I still can't find a simple way to achieve what I want.
The best tutorial I found is this, but is a bit dated and is not based on Spring Boot, so I can't understand if some utility and autoconfiguration exist.

I tried to use this tutorial for other social network, but i got that you application as client has to provide next config in application.yml:
facebook:
client:
clientId: 233668646673605
clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me
this info will be used during outh2 process to get authorization token
I resolve my problem with configuration simple OAuth2 with Spring through my Authorization Server, you can check my answer here if you haven't found how to do it

How do I find a list of beans for a given Spring Boot class/package?

I am currently working with Spring Boot with a number of starter packs, such as the web MVC framework, Thymeleaf templates and security.
Each of these packages have a lot of different configuration options. I have mainly been using the source from the Auto-configuration package to figure out which beans need to be wired up and how to do that.
However, Is there any easy way to find a list of expected beans/classes that are needed by a given Spring package?

To view the beans you can you spring boot actuator
To Enable actuator, you can simply add the actuator starter dependency to your project.
For Gradle
compile("'org.springframework.boot:spring-boot-starter-actuator:1.3.1.RELEASE'
")
For Maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
You can skip the version if you are using spring boot parent pom
Now you can rebuild your application make get request to http://server:port/beans if local and port is 8080 then
http://localhost:8080/beans
If you want to access using CURL command line tool you can
curl http://localhost:8080/beans
For more information visit
http://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html