GRPC - .IllegalArgumentException: Jetty ALPN/NPN has not been properly configured - jetty

I am trying to spin up the GRPC server with TLS enabled in docker container on pods but getting below error during server start up
I am trying referring https://github.com/grpc/grpc-java/blob/master/SECURITY.md#transport-security-tls
Java : jdk1.8.0_131
OpenSSL version: OpenSSL 1.0.1e-fips
Exception:
*Exception in thread "main" java.lang.IllegalArgumentException: Jetty ALPN/NPN has not been properly configured.
at io.grpc.netty.GrpcSslContexts.selectApplicationProtocolConfig(GrpcSslContexts.java:174)
at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:151)
at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:139)
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:119)
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:377)
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:63)*
also want to know how I can test openssl approach locally ?
this is how I am trying to run the jar: java -jar -Denv=e1 app.jar
Below are the additional GRPC related POM dependencies specific to GRPC -I have in my POM:
-- extension --
<extensions>
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>1.4.0.Final</version>
</extension>
</extensions>
--- plugin ----
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>0.5.0</version>
<configuration>
<protocArtifact>com.google.protobuf:protoc:3.2.0:exe:${os.detected.classifier}</protocArtifact>
<pluginId>grpc-java</pluginId>
<pluginArtifact>io.grpc:protoc-gen-grpc-java:1.3.0:exe:${os.detected.classifier}</pluginArtifact>
</configuration>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>compile-custom</goal>
</goals>
</execution>
</executions>
</plugin>
--- dependencies ---
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.1.Final</version>
</dependency>
Can Openssl / jdk version be the problem ?

You need to add a dependency on Netty TCNative in order to get a correct security dependecy. From the SECURITY.md file for gRPC, you need to add the following:
<project>
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>1.1.33.Fork26</version>
</dependency>
</dependencies>
</project>
Note that this will change in the upcoming 1.4 release of gRPC to point to netty-tcnative-parent-2.0.1.Final

Although this question has been answered. I was in similar situation till today as i was not able to start the jetty server (Embedded).
This solution might help some who is using spring boot application with embedded jetty server.
Following should be the entries in pom.xml file.
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative</artifactId>
<version>2.0.6.Final</version>
<classifier>${os.detected.classifier}</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.6.Final</version>
<classifier>${os.detected.classifier}</classifier>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.mortbay.jetty.alpn</groupId>
<artifactId>alpn-boot</artifactId>
<version>8.1.11.v20170118</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.alpn</groupId>
<artifactId>alpn-api</artifactId>
<version>1.1.3.v20160715</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
The version of alpn-boot should be dependent on the JDK that you use. Please refer following link for checking the version:
http://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-versions
Once this done rebuild your project and add the following entry to your JVM arguments if you are using STS to start the spring boot application.
java -Xbootclasspath/p:%path_to_alpn_boot_jar%
And then start the server and it should work.
Thanks.

Related

Unable to override uri-endpoint-override override-endpoint options for STS

Our goal is to no longer access AWS endpoints via a custom proxy but to access them via VPC endpoints from AWS. To make this work in our secured network we use our own VPC endpoints which we configure with the option: uri-endpoint-override (string) and override-endpoint (boolean). Now the problem is that the options are not used at all and the application always uses the default endpoints which have no access in our network. Because of this the STS component can't execute a HTTP request.
And in the console the following error message appears:
Unable to execute HTTP request: Connect to sts.eu-central-1.amazonaws.com:443 [sts.eu-central-1.amazonaws.com/54.239.54.207] failed: Connect timed out, ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set
As taken from the error message, the default endpoint sts.eu-central-1.amazonaws.com:443 is used.
This is how our application.properties looks in which the options are set:
camel.component.aws2-sts.override-endpoint=true
camel.component.aws2-sts.uri-endpoint-override=https://vpce-???-???.sts.eu central1.vpce.amazonaws.com
We are using the following versions:
Apache Camel 3.14.2
Spring Boot 2.5.10
Dependencies
<properties>
<java.version>14</java.version>
<camel.version>3.14.2</camel.version>
<spring-boot.version>2.5.10</spring-boot.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.camel.springboot</groupId>
<artifactId>camel-aws2-s3-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.camel.springboot</groupId>
<artifactId>camel-aws2-sts-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-jetty</artifactId>
<version>${camel.version}</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-json-validator</artifactId>
<version>${camel.version}</version>
</dependency>
</dependencies>
Info
With ticket CAMEL-16171 , Camel added the usage of uri-endpoint-override and override-endpoint options attributes for all AWS components among others for STS.
Do you have any idea why the options are not overwritten? Thanks a lot for your help!

Unable to start embedded Tomcat On EC2 Instance

I am new to AWS, and I want to deploy my SpringBoot application on My LINUX EC2 instance with the AWS S3 bucket. And for that i have created a SpringBoot Application, Uploaded my Application's jar on S3 bucket successfully, I have installed Java 1.8 on my EC2 instance, I "wget" my jar on my instance. But when I am trying to run command java -jar <myfilename.jar> it gives error: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat.
Could you please tell me what should I do now?
Here is my POM.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.ab</groupId>
<artifactId>SpringBootTryApplication-2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SpringBootTryApplication-2</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version> 5.2.1.Final</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.6.7</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
It says Java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/exc/InvalidDefinitionException. It means that this particular version of jackson-binder library does not have this particular class.
It Looks like the version 2.6 does not have this class.But the 2.9 does.
You should use the newer versions of jackson-databind library. The latest version seems to be 2.11.2 as of today.

AWS RDS gives java.lang.NoSuchMethodError

I am facing the following issue while connecting to AWS RDS.
I have tried changing the maven dependencies(from 1.11.458 and above) but I'm still facing the same issue while creating AWSRdsClient.
Exception in thread "main" java.lang.NoSuchMethodError: com.amazonaws.client.AwsSyncClientParams.getAdvancedConfig()Lcom/amazonaws/client/builder/AdvancedConfig;
at com.amazonaws.services.rds.AmazonRDSClient.<init>(AmazonRDSClient.java:334)
at com.amazonaws.services.rds.AmazonRDSClient.<init>(AmazonRDSClient.java:318)
at com.amazonaws.services.rds.AmazonRDSClientBuilder.build(AmazonRDSClientBuilder.java:61)
at com.amazonaws.services.rds.AmazonRDSClientBuilder.build(AmazonRDSClientBuilder.java:27)
at com.amazonaws.client.builder.AwsSyncClientBuilder.build(AwsSyncClientBuilder.java:46)
at com.cloudlytics.war.rules.RDS.main(RDS.java:35)
Here is what worked for me:
From https://github.com/aws/aws-sdk-java
Add this to the dependencyManagement section of your POM:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bom</artifactId>
<version>1.11.549</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
And then use the SDK Maven modules without specifying a version:
<dependencies>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-ec2</artifactId>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-dynamodb</artifactId>
</dependency>
</dependencies>

AWS Beanstalk: Cannot determine embedded database driver class

I have a spring boot application which runs just fine on my local instance (through Intellij) but while deploying on AWS BEanstalk, the application throws the following error (sorry about the formatting. This is how spring generated the exception):
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfig
uration$JdbcTemplateConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationExcept
ion: Could not autowire field: private javax.sql.DataSource org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration$JdbcTemplateConfigur
ation.dataSource; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in cla
ss path resource [org/springframework/boot/autoconfigure/jdbc/DataSourceAutoConfiguration$NonEmbeddedConfiguration.class]: Bean instantiation via factor
y method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method
'dataSource' threw exception; nested exception is org.springframework.boot.autoconfigure.jdbc.DataSourceProperties$DataSourceBeanCreationException: Cann
ot determine embedded database driver class for database type NONE. If you want an embedded database please put a supported one on the classpath. If you
have database settings to be loaded from a particular profile you may need to active it (the profiles "aws" are currently active).
pom.xml
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-dynamodb</artifactId>
<version>1.10.56</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<archive>
<manifest>
<mainClass>com.my.app.path.MyApplication</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
</plugins>
</build>
application.properties
spring.profiles.active=aws
dynamodb.tablename=my_dynamodb_table
application-aws.properties
spring.profiles.active=aws
The application uses a table in dynamodb. Could this be because I might need to set permissions in AWS to allow beanstalk to talk to dynamodb? If so, please let me know how to do that.
My EC2 instance is tomcat8 type.
Found the solution to my question on this post. See the answer by #user672009.
Just add this to your pom.
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.3.156</version>
</dependency>

Why does Maven Jetty Plugin not find a class in a standard jetty jar

I'm using Jetty 9.0.4v20130625 running it using the maven-jetty-plugin. I have implemented my own LoginService class to handle users logging in to a realm. On one of the lines, I attempt to use the org.eclipse.jetty.util.security.Credential class but during execution it throws a NoClassDefFoundError on that line.
My target directory contains everything being deployed to the Jetty instance. Within it the WEB-INF/lib folder does not contain the jetty-util-9.0.4.v20130625.jar as expected because the plugin should already have it so I believe that rules out conflicting jars. So what could be causing the jetty instance to not find this jar?
I am using eclipse, and it shows no errors in the code. I set it up as a Maven project and Maven handles the dependencies. I set it to not to package the jetty jars as they should be provided by Jetty when deployed. Here is my pom.xml:
<project ...>
...
<packaging>war</packaging>
...
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-webapp</artifactId>
<version>9.0.4.v20130625</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<version>2.11.2</version>
</dependency>
</dependencies>
<build>
<finalName>...</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.0.4.v20130625</version>
<configuration>
<scanIntervalSeconds>10</scanIntervalSeconds>
<webApp>
<contextPath>/...</contextPath>
</webApp>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Test Realm</realm-name>
<form-login-config>
<form-login-page>/loginAuth.html?param=redirect</form-login-page>
<form-error-page>/loginAuth.html?param=failed</form-error-page>
</form-login-config>
</login-config>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-scm-plugin</artifactId>
<version>1.8.1</version>
<configuration>
<connectionType>developerConnection</connectionType>
</configuration>
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<phase>install</phase>
<configuration>
<tasks>
<ant target="deploy" />
</tasks>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.50</version>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-jsch</artifactId>
<version>1.9.2</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
I checked to be sure the plugin depends on the jetty-util.jar and it does as seen here
Something that may be part of the problem: To implement a new LoginService interface class, I am extending the MappedLoginService class which already implements LoginService (it's in the Jetty jars) and I'm overriding some of its methods. Could that be causing a problem?
Jetty hides almost all of its implementation classes from the webapp's classloader. If you need access to them from inside your webapp, then you need to put them into your webapp's WEB-INF/lib (in your case add a dependency for jetty-util jar).
This classloading mechanism is described here: http://www.eclipse.org/jetty/documentation/current/jetty-classloading.html
BTW, the configuration for the jetty-maven-plugin from your pom.xml seems to contain some lines from web.xml (i.e. those inside the elements). I believe maven ignores configuration it doesn't understand, but perhaps things are not configured the way you think they are? Also, I don't see any setup for using your custom LoginService.