I put session time out in deployment descriptor file but it is not working and I am using Spring Security. Is anything need to configure in Spring Security.
This is the configuration in Spring Security:
http.sessionManagement()
.invalidSessionUrl("/login?invalid=1")
.maximumSessions(1)
.expiredUrl("/login?time=1")
.maxSessionsPreventsLogin(true);
This is in deployment descriptor:
<session-config>
<session-timeout>1</session-timeout>
</session-config>
Related
I am enabling SSL in my mulesoft application.
I have added a keyStore in my application in http request connector.
Everything works fine. Deployed to cloudhub by skipping Munits and tested. Everything works fine. Munit are running fine in local machine.
But when I run MUnit tests in jenkins. It throws below error.
Caused by:
org.mule.runtime.api.lifecycle.InitialisationException:Unable to
initialise TLS configuration
Caused by:org.mule.runtime.api.lifecycle.CreateException: Failed to
load KeyStore:
/mnt/jenkins/workspace/mule-jobs/application-prc-nonprod/target/munitworkingdir-5223661232046316/container/apps/application-prc/server-keystore-nonprod.jks
Caused by: java.io.IOException: Invalid keystore format
I have enabled this TLS for mulesoft system API and I am mocking this request connector. Not sure why it wants this jks file from jenkins location as shown in the error.
Any lead would be really helpful.
Http connection configuration
<http:request-config name="Mule_AWS_Request_configuration" doc:name="HTTP Request configuration" doc:id="067166d7-313b-432a-b653-88617b728c5a" responseTimeout="${muleApi.aws.response.timeout}">
<http:request-connection protocol="HTTPS" host="${muleApi.aws.host} " connectionIdleTimeout="${muleApi.aws.idletTimeout}">
<reconnection >
<reconnect frequency="${muleApi.aws.retryFrequency}" count="${muleApi.aws.reconnectionAttempts}" />
</reconnection>
<tls:context>
<tls:trust-store insecure="true"/>
<tls:key-store type="jks" path="${tls.keyStore.path}" keyPassword="${secure::tls.keyStore.keyPassword}" password="${secure::tls.keyStore.password}" />
</tls:context>
</http:request-connection>
</http:request-config>
Http request
<http:request method="POST" doc:name="POST ZIP / aws system api call" doc:id="965033c6-4623-45cd-9326-920534684ace" config-ref="Mule_AWS_Request_configuration" path="${muleApi.aws.path}" responseTimeout="600000" requestStreamingMode="ALWAYS">
<non-repeatable-stream />
<http:headers><![CDATA[#[output application/java
---
{
"client_secret" : p('secure::muleApi.aws.client_secret'),
"Content-Type" : "application/zip",
"client_id" : p('secure::muleApi.aws.client_id')
}]]]></http:headers>
<http:query-params><![CDATA[#[output application/java
---
{
"bucketName" : p('muleApi.aws.params.bucketName'),
"key" : vars.key,
"extractZipContent": vars.extractZipContent default "true",
"extractContentType": vars.extractContentType default "csv"
}]]]></http:query-params>
<http:response-validator>
<http:success-status-code-validator values="200..499" />
</http:response-validator>
</http:request>
Location of keyStore.
path: src/main/resource/server-keystore-nonprod.jks
I am just mocking the request connector as shown below.
[![enter image description here][3]][3]
Mule Version is 4.4.0
MUnit version is 2.3.5
Providing the logs till i see this error below.
INFO 2022-12-07 09:27:52,417 [munit.01] org.mule.munit.runner.remote.api.server.RunnerServer: Waiting for client connection
INFO 2022-12-07 09:27:52,418 [munit.01] org.mule.munit.runner.remote.api.server.RunnerServer: Client connection received from localhost - true
WARN 2022-12-07 09:27:52,859 [munit.01] org.mule.runtime.config.internal.dsl.spring.ComponentConfigurationBuilder: Parameter ignore from extension munit has a defaultValue configured in the componentBuildingDefinition but not in the extensionModel.
INFO 2022-12-07 09:27:53,029 [munit.01] org.mule.runtime.api.message.AbstractMuleMessageBuilderFactory: Loaded MuleMessageBuilderFactory implementation 'org.mule.runtime.core.internal.message.DefaultMessageBuilderFactory' from classloader 'java.net.URLClassLoader#3bbf841e'
WARN 2022-12-07 09:27:53,056 [munit.01] org.mule.runtime.core.internal.security.tls.TlsProperties: File tls-default.conf not found, using default configuration.
INFO 2022-12-07 09:27:53,057 [munit.01] org.mule.runtime.api.tls.AbstractTlsContextFactoryBuilderFactory: Loaded TlsContextFactoryBuilderFactory implementation 'org.mule.runtime.module.tls.api.DefaultTlsContextFactoryBuilderFactory' from classloader 'java.net.URLClassLoader#3bbf841e'
WARN 2022-12-07 09:27:53,097 [munit.01] org.mule.runtime.module.tls.internal.DefaultTlsContextFactory: TLS context trust store set as insecure. No certificate validations will be performed, rendering connections vulnerable to attacks. Use at own risk.
INFO 2022-12-07 09:27:57,038 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-HTTP-requestConfig-implicit
INFO 2022-12-07 09:27:57,054 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Starting Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-HTTP-requestConfig-implicit
INFO 2022-12-07 09:27:58,454 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.DynamicConfigurationProvider-JSON_Logger_Config
INFO 2022-12-07 09:27:58,458 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-Mule_AWS_Request_configuration
org.mule.runtime.api.exception.MuleRuntimeException: org.mule.runtime.api.lifecycle.InitialisationException: Unable to initialise TLS configuration
Caused by: org.mule.runtime.api.lifecycle.InitialisationException: Unable to initialise TLS configuration
Caused by: org.mule.runtime.api.lifecycle.CreateException: Failed to load KeyStore: /mnt/jenkins/workspace/mule-jobs-nonprod/biz-prc-marketing-bulk-api-nonprod/target/munitworkingdir-5223661232046316/container/apps/biz-prc-marketing-bulk-api/server-keystore-nonprod.jks
Caused by: java.io.IOException: Invalid keystore format
I've added keycloak to my API Gateway and since then its failed to startup, more specifically after adding tokenRelay as default-filter, here's the log
org.springframework.context.ApplicationContextException: Failed to start bean 'eurekaAutoServiceRegistration'; nested exception is reactor.core.Exceptions$ErrorCallbackNotImplemented: java.lang.IllegalArgumentException: Unable to find GatewayFilterFactory with name TokenRelay
I've declared all necessary dependencies
jose
resource server
oauth2 client
starter-security
and my application class has eureka enabled and consuming properties from the config server.
I'm using boot version: 2.3.12.RELEASE, cloud: Hoxton.RELEASE, java 8
I've added in application.yml
...
default-filters:
- TokenRelay
I'm planning to start using PrimeFaces Push coming with PrimeFaces 5.0.
I've tried to run the same example found here http://www.primefaces.org/showcase/push/notify.xhtml using Wildfly 8.1 but I can't receive any push message from backend bean.
Here is what I've on wildfly console :
01:50:34,926 INFO [org.atmosphere.cpr.AtmosphereFramework] (Thread-261) Latest version of Atmosphere's JavaScript Client 2.2.2
01:50:34,926 INFO [org.atmosphere.cpr.AtmosphereFramework] (Thread-261)
Current version of Atmosphere 2.2.0-RC3
Newest version of Atmosphere available 2.1.7
01:50:37,447 ERROR [org.atmosphere.interceptor.JavaScriptProtocol] (default task-61) Invalid Atmosphere Version 2.2.0-javascript
01:50:37,448 WARN [org.atmosphere.websocket.protocol.SimpleHttpProtocol] (default task-61) Status code higher or equal than 400 Status 501 Message OK
01:50:41,957 INFO [stdout] (default task-62) sending message
01:55:37,760 ERROR [org.atmosphere.cpr.AsynchronousProcessor] (default task-63) Failed to cancel resource: 8cf3d711-00c2-4e52-9d78-97cd04c0b585: java.lang.NullPointerException
at org.primefaces.push.impl.PushEndpointHandlerProxy.onStateChange(PushEndpointHandlerProxy.java:241) [primefaces-5.0.jar:5.0]
at org.atmosphere.cpr.AsynchronousProcessor.invokeAtmosphereHandler(AsynchronousProcessor.java:492) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at org.atmosphere.cpr.AsynchronousProcessor.completeLifecycle(AsynchronousProcessor.java:444) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at org.atmosphere.cpr.AsynchronousProcessor.endRequest(AsynchronousProcessor.java:548) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at org.atmosphere.websocket.DefaultWebSocketProcessor.executeClose(DefaultWebSocketProcessor.java:676) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at org.atmosphere.websocket.DefaultWebSocketProcessor.close(DefaultWebSocketProcessor.java:628) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at org.atmosphere.container.JSR356Endpoint.onClose(JSR356Endpoint.java:221) [atmosphere-runtime-2.2.0-RC3.jar:2.2.0-RC3]
at io.undertow.websockets.jsr.UndertowSession.close(UndertowSession.java:181) [undertow-websockets-jsr-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.websockets.jsr.UndertowSession.close(UndertowSession.java:171) [undertow-websockets-jsr-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.websockets.jsr.FrameHandler$1.run(FrameHandler.java:93) [undertow-websockets-jsr-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.websockets.jsr.ServerWebSocketContainer$1.run(ServerWebSocketContainer.java:303) [undertow-websockets-jsr-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.websockets.jsr.OrderedExecutor$ExecutorTask.run(OrderedExecutor.java:49) [undertow-websockets-jsr-1.0.15.Final.jar:1.0.15.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Here is my web.xml configuration for PrimeFaces push:
<context-param>
<param-name>primefaces.PUSH_SERVER_URL</param-name>
<param-value>http://127.0.0.1:8080</param-value>
</context-param>
<servlet>
<servlet-name>Push Servlet</servlet-name>
<servlet-class>org.primefaces.push.PushServlet</servlet-class>
<load-on-startup>0</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>Push Servlet</servlet-name>
<url-pattern>/primepush/*</url-pattern>
</servlet-mapping>
I appreciate your help to solve this issue.
I had the same problem using Primefaces 5.0 and Atmosphere Runtime 2.2.0.
Solved it, by changing to Atmosphere 2.1.7 (which is still the newest version according to log output). Now push messages work fine...
This text is directly from my console logger when running this locally. The second line immediately follows the first. I'm not sure what is happening behind the scenes that is providing the access denied exception.
2014-01-30 07:48:14.854 INFO 5452 --- [nio-8085-exec-3] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#957e: RemoteIpAddress: 127.0.0.1; SessionId: 2C7EC273522BB6880EE3410201F8A41F}]
2014-01-30 07:48:14.859 INFO 5452 --- [nio-8085-exec-4] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
My code is compiled using Spring Boot version 1.0.0.RC1, Spring Security 3.1.0.Release and thymeleaf for spring 2.1.1.Release. I know there are some conflicts with the underlying spring dependencies and thymeleaf for spring 3 as spring boot uses spring 4.
I don't think my issues lie their.
Here's the code from WebSecurityConfiguration extending WebSecurityConfigurerAdapter. My authentication is using ldap.
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/error").anonymous()
.antMatchers("/navigation").anonymous()
.antMatchers("/**").hasRole("ADMIN") // #4
.and()
.formLogin()
.permitAll()
.defaultSuccessUrl("/")
.and()
.csrf().disable();
}
Your "r2n" user appears not to have "ADMIN" authorities. Maybe you set him up with "ROLE_ADMIN" and the access rule is "ADMIN" or something?
P.S. I think you mean Spring Security 3.2.0.RELEASE (the Javaconfig isn't in 3.1).
we've fought with following problem using spring security 1.2.1, grails 1.3.7 and tomcat 7.0.22. on our dev machines we had no problems during login in our app. i think the grails tomcat plugin uses a 6.x verion of tomcat. we defined following test cace for the login process:
delete all cookies
login
as you can see a very simple test case :-). the result of the test looks as follows: the user was successfully authenticated, but after login gets redirected to the access denied page. the session was created, because the user was able to perform other permitted actions and the log shows a successful authentification (enabeld spring secured log on debug level). so why does the redirect to the access denied page happen?
tocmat 7.x assumes that no cookies are activated and adds the sessionid to the redirect url and addtionally set the cookie via "set cookie" http header. that's the point where the spring security plugin is confused.
http response of j_spring_security_check
HTTP/1.1 302 Moved Temporarily
Connection: Keep-Alive
Content-Length: 0
Date: Fri, 14 Oct 2011 06:41:59 GMT
**Location: https://myserver/main;jsessionid=8341CD832CAF4569A95BBF436395744E**
Server: Apache-Coyote/1.1
**Set-Cookie: JSESSIONID=8341CD832CAF4569A95BBF436395744E;** Path=/etsweb/; HttpOnly
followed by a http get https://myserver/main;jsessionid=8341CD832CAF4569A95BBF436395744E
http response
HTTP/1.1 302 Moved Temporarily
Connection: Keep-Alive
Content-Length: 0
Date: Fri, 14 Oct 2011 06:41:59 GMT
Location: https://myserver/login/denied
Server: Apache-Coyote/1.1
the solution was to disable url rewriting by setting following tag in web.xml file
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
I don't know whether this is a spring sec bug or a thinking bug.
Also, make sure wild card in your security settings is using IS_AUTHENTICATED_ANONYMOUSLY, and not ROLE_ANONYMOUS.
'/**': ['IS_AUTHENTICATED_ANONYMOUSLY']