By default spring boot exposes a number of JMX endpoints, has anyone had any experience securing these, it seems there is no security surrounding JMX.
The only config available to Spring boot:
endpoints.jmx.enabled=true
endpoints.jmx.domain= # the JMX domain, defaults to 'org.springboot'
endpoints.jmx.unique-names=false
endpoints.jmx.enabled=true
endpoints.jmx.staticNames=
I have seen examples using JmxSecurityAuthenticator, should I follow this pattern.
AFAIK securing the JMX connections is all about how you set up the server. I think you just need to add a #Bean of type ConnectorServerFactoryBean.
Related
Without keycloak maven dependencies.
This is using okta and google. I wonder can I use spring security + ouath2 with keycloak?
https://www.baeldung.com/spring-security-openid-connect
Yes you can use withouth keycloak springboot auto-configuration
Look here: Spring Cloud Gateway with OAuth2
You can see the configuration used to connect with Keycloak
Let me know if you get your answer
Where in the configuration do you enable/disable authentication for JMX in Artemis? In the artemis.profile file I have -Dcom.sun.management.jmxremote.authenticate=false on two instances of Artemis, one on a local VM and one on a remote VM. The local one doesn't require authentication (such as from JConsole) and will fail if I give is the user/password. The remote instance requires authentication, which accepts the user/password I created when setting up Artemis.
Is there another configuration I'm missing?
ActiveMQ Artemis guards JMX calls using role based authentication that leverages Artemis's JAAS plugin support with the login.config file. This is configured via the authorisation element in the management.xml configuration file and can be used to restrict access to attributes and methods on mbeans.
I am writing an application in Spring Boot. I am using the Spring boot default security mechanism. But I want to disable security for certain endpoints like monitoring, healthcheck etc.
You can add following configuration in Spring Boot application.properties
security.ignored= # Comma-separated list of paths to exclude from the default secured paths
Use security.ignored=Url Paths to be ignored property in application.properties
I have used ldap based camunda-auth to login to the application using HttpBasicAuthenticationProvider provided by camunda, where how can I implement https login and is it supported by camunda (or) we need to use spring security?
Please send any link related or config to camunda - https implementation.
I am not sure I understood you correctly- you want to set up camunda to have TLS and additionally you want LDAP authorization?
To set up TLS, you need to configure it directly on Tomcat server.
First you need to obtain/generate certificates.
Then you need to point to those certificates in server.xml configuration file.
Just google "TLS on Tomcat". I'm sure there are hundreds of tutorials how to do this step by step.
When it comes to LDAP integration - follow documentation:
https://docs.camunda.org/manual/7.8/installation/full/tomcat/configuration/#ldap
We want to use spring-amqp-net in our applications to listen for messages in RabbitMQ.
https://github.com/spring-projects/spring-net-amqp
We couldn't figure out any configuration parameter for SSL connection neither in the source code nor in the documentation.
Does anybody now if spring-amqp-net supports SSL connection to RabbitMQ?
If yes, how can we configure the SSL connection in our .net application's Application.xml file?
Thank you.
I am not familiar with .NET, or that project (I am the lead for the Java Spring AMQP project).
With the Java Spring AMQP library, SSL is configured by appropriately configuring the underlying RabbitConnectionFactory and then that instance is injected into the Spring CachingConnectionFacrtory.
Looking at the code, it appears a similar mechanism is available in the .NET library...
public CachingConnectionFactory(ConnectionFactory rabbitConnectionFactory)
: base(rabbitConnectionFactory) { }
whereby you can configure the underlying ConnectionFactory with SSL and provide it to the CachingConnectionFactory.