https not working as expected on swisscom CloudFoundry - cloud-foundry

I have a very simple spring boot application which as one controller:
#RestController
public class HomeController {
#GetMapping(path = "/")
public String getHome() {
return "Hello world";
}
}
and the following security configuration to enforce https:
#Configuration
public class SslWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
// require https!
http.requiresChannel().anyRequest().requiresSecure();
}
}
the application.properties looks like this:
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
the maven dependencies are:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
The manifest.mf looks like this:
applications:
- name: jt-demo
memory: 1G
instances: 1
path: ./target/demo.jar
buildpacks:
- https://github.com/cloudfoundry/java-buildpack#v4.17.2
env:
JAVA_OPTS: -Djava.security.egd=file:///dev/urandom
JBP_CONFIG_OPEN_JDK_JRE: '{jre: { version: 11.+ }}'
I install the app on two different cloudfoundry providers (pivotal and swisscom) via this command: cf push jt-demo -f manifest.yml
when I run this app on https://run.pivotal.io, and access it via https it works as expected and the browser shows me the expected "Hello world". But when I run it on the swisscom developer application cloud (https://developer.swisscom.com), then I get ERR_TOO_MANY_REDIRECTS (to many 302).
It seems the two cloudfoundry environments are not handling HTTPS the same way.
I know pivotal runs the cf api version 2.138.0 and swisscom has 2.136.0 - but I don't expect this to be the reason.
How can I fix the app/configuration for swisscom dev?

I finally found the answer to my problem here Spring Boot HTTPS redirect loop after Swisscom Application Cloud update
https://docs.developer.swisscom.com/devguide-sc/buildpacks/java/caveats.html
it's a bit unexpected to have to configure server.tomcat.internal-proxies for swisscom...

Related

Application error when creating simple web service using Spring Boot

I am getting below error when creating a simple web service that returns "hello" string
Whitelabel Error Page This application has no explicit mapping for
/error, so you are seeing this as a fallback.
My webservice endpoint:
#WebService
public class HelloWs {
#WebMethod
public String hello() {
return "hello";
}
}
My configuration class:
#Configuration
public class WebServiceConfig {
#Autowired
private Bus bus;
#Bean
public Endpoint endpoint() {
Endpoint endpoint = new EndpointImpl(bus, new HelloWs());
endpoint.publish("/hello");
return endpoint;
}
}
My pom.xml dependencies:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-spring-boot-starter-jaxws</artifactId>
<version>3.2.7</version>
</dependency>
</dependencies>
My project structure:
If you are using mvn spring-boot:run then cxf web services are host at /services/*, Thus at url http://localhost:8080/services you will find list of the cxf endpoints, in your case it will be only one. And you get wsdl at location http://localhost:8080/services/hello?wsdl
If you are deploying to any app server add context path before services.

Artifactory OSS 6.5.2 - can't connect to the UI from servers on the network

I have recently installed Artifactory OSS 6.5.2 on a remote server in our network which runs on windows server 2012.
I can enter the UI locally (the machine running the Artifactory instance) through any of the browsers with this address:
"http://{local-ip}:8081/artifactory/webapp/#/"
When I try entering the UI from one of the machines on the network I get a "This site can’t be reached" message after multiple attempts to connect.
The request.log at {ARTIFACTORY_HOME}\logs\request.log shows that the request got through and succeeded:
"REQUEST|{remote-ip}|anonymous|GET|/webapp/|HTTP/1.1|200|0"
The same is showed for requests coming from the server running the Artifactory instance:
"REQUEST|{local-ip}|anonymous|GET|/webapp/|HTTP/1.1|200|0"
However, in contrary to the previous request from a remote machine, the initial request is followed by more requests:
"REQUEST|{local-ip}|anonymous|GET|/ui/auth/screen/footer|HTTP/1.1|200|0
REQUEST|{local-ip}|anonymous|GET|/ui/treebrowser/repoOrder|HTTP/1.1|200|0
REQUEST|{local-ip}|anonymous|GET|/ui/onboarding/initStatus|HTTP/1.1|200|0
REQUEST|{local-ip}|anonymous|GET|/ui/auth/current|HTTP/1.1|200|0"
I thought maybe there is an automatic redirection that uses 'localhost' instead of the ip or hostname so I tried changing the {ARTIFACTORY_HOME}\tomcat\conf\server.xml:
<Service name="Catalina">
<Connector port="8081" sendReasonPhrase="true" relaxedPathChars='[]' relaxedQueryChars='[]'/>
<!-- Must be at least the value of artifactory.access.client.max.connections -->
<Connector port="8040" sendReasonPhrase="true" maxThreads="50"/>
<!-- This is the optional AJP connector -->
<Connector port="8019" protocol="AJP/1.3" sendReasonPhrase="true"/>
<Engine name="Catalina" defaultHost="localhost">
<Host **name="localhost" -> name="{hostname}** appBase="webapps" startStopThreads="2"/>
</Engine>
</Service>
But then the Artifactory failed to initialize:
"[art-init] [INFO ] (o.a.s.a.ArtifactoryAccessClientConfigStore:643) -
Using Access Server URL: http://localhost:8040/access (bundled)
source: detected
[art-init] [INFO ] (o.a.s.a.AccessServiceImpl:308) - Waiting for
access server...
[art-init] [WARN ] (o.j.a.c.AccessClientHttpException:41) -
Unrecognized ErrorsModel by Access. Original message: Failed on
executing /api/v1/system/ping, with response: Not Found"
I did not set any proxies or reverse proxies as I don't think it's related, but I may be mistaken as I don't have a lot of experience with web services.
Any ideas or suggestions?
Thnx,
Tom.
I was deploying artifactory 6 via helm, then upgraded to 6.8.2 and ran into this.
had to
cd $ARTIFACTORY_HOME && chown -R artifactory:artifactory .
artifactory itself, on startup, seemed not to be able to deploy the access.war and then maybe also was not able to read the credentials it needed to hit this /access context health check "ping" api endpoint.

Override security constraint in Jetty 9

We are forcing redirect from http to https using security constraint policy set to CONFIDENTIAL. Although in local development we want to remove the constraint. With Jetty 7 we were using override-web.xml that was reassigning transport security from CONFIDENTIAL to NONE. Now after we migrated to Jetty 9 it suddenly stopped doing so. I suspect that now with Jetty 9 instead of overriding transport security it adds constraint to the list.
How to override security constraint from CONFIDENTIAL to NONE in local environment?
This is the part that is coming from web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Some server</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
In local development we are running jetty with jetty-maven-plugin and specifying override-web.xml. This is the part that is coming from override-web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Some server</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Jetty version before: 7.6.10.v20130312
Jetty version after: 9.2.18.v20160721
This functionality should be working in Jetty 9 as in Jetty 7.
You can find the WebApp configuration instructions from here
They've changed the tags a bit in Jetty 9 so be extra careful when reading the configuration. You should have something like this in your pom.xml:
<configuration>
<webApp>
<overrideDescriptor>{path_to_your_override_xml}</overrideDescriptor>
</webApp>
</configuration>
For example, the tag
<webApp> </webApp>
was earlier
<webAppConfig> </webAppConfig>
Follow the Jetty startup log and verify that your overrides are applied:
[INFO] Web overrides = {path_to_your_override_xml}

Spring boot deploy external tomcat

I'm using spring boot with a simple hello world controller. I would like to deploy it to external tomcat server. I've noticed that web.xml file is missing. I expected to see this file inside web-inf directory.
When running spring boot internally (with the internal tomcat of spring boot, it works. But I would like to deploy my app to external tomcat server.
After deploying the war file to external tomcat server, I can see the hello world in the available services list, but I can't use the hello world service - I get 404 error message instead.
I'm using maven, Jdk 1.8, IntelliJ
This is my pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework</groupId>
<artifactId>gs-spring-boot</artifactId>
<version>0.1.0</version>
<packaging>war</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>3.3.9</version>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
<version>1.9.2.RELEASE</version>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<attachClasses>true</attachClasses>
</configuration>
</plugin>
</plugins>
</build>
</project>
This is my Application class:
import java.util.Arrays;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.web.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
#SpringBootApplication
public class Application extends SpringBootServletInitializer {
#Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
System.out.println("Let's inspect the beans provided by Spring Boot:");
String[] beanNames = ctx.getBeanDefinitionNames();
Arrays.sort(beanNames);
for (String beanName : beanNames) {
System.out.println(beanName);
}
}
}
What is the right way to deploy the hello world app to external tomcat service?
When deploying on tomcat, there should be a context path added by the container and that have to be included as first element path in your URL. Check tomcat startup logs to get the context path and retry calling the service as indicated.
If Spring boot app on external Tomcat is deployed successfully and no error are thrown, it is reachable not through localhost:8080/ but localhost:8080/your-deployed-war-file-name.
You can add finalName to your pom.xml to avoid adding versions to built war filename - Maven : How to avoid version appended to a war file in Maven?:
<build>
<finalName>${project.artifactId}</finalName>
</build>

setting the ContextPath in Jetty running under ServiceMix (OSGI)

Here is my brief background of environment.
I am trying to convert a myapp WAR to an OSGi compliant by making the MANIFEST.MF as shown below, and wanted to deploy this war in ServiceMix an OSGi based container.
MANIFEST.MF
Manifest-Version: 2.0
Bundle-SymbolicName: myapp
Bundle-Version: 2.1.dev
Bundle-Name: Jetty.myapp
Bundle-Vendor: ABC
Created-By: 1.6.0_25-b06 (Sun Microsystems Inc.)
Bundle-ClassPath: .,WEB-INF/lib, WEB-INF/classes, xforms/xsltforms
Web-ContextPath: myapp
Webapp-Context: myapp
Import-Package: javax.servlet
Built-By: root
Project-Name: ABC_PRJ
Project-Version: 2.1.dev
Project-Build: ${DSTAMP}
SVN-Revision: ${svn.revision}
The ContextPath is getting set to null, where should I set the contextPath and how? You may observe the 'null' string in the FileNotFound Exception.
log:
java.io.FileNotFoundException: null/WEB-INF/myForms-config.xml (No such file or
directory)
My web.xml in myapp is :
<contextPath>/</contextPath>
<context-param>
<param-name>myForms.configfile</param-name>
<param-value>WEB-INF/myForms-config.xml</param-value>
</context-param>
Is it the problem with myapp or jetty or serviceMix? Any Clue?
You need to set the web-contextpath via the Manifest and not via the web.xml
for more information take a look at Pax-Web