I'm using grails oauth plugin standard configuration as part of Config.groovy
environments {
production {
oauth {
providers {
linkedin {
api = LinkedInApi
key = 'mykey'
secret = 'mySecret'
successUri = "/userLogin/linkedinLogin"
callback = "https://myserverdomain/oauth/linkedin/callback"
}
}
}
}
}
When using the same configuration in external file and reference it by
grails.config.locations = ["file:external-config.groovy"]
There is an error "No oauth configuration found. Please configure the oauth scribe plugin".
Notice:
1. other configuration properties are working fine.
2. Problem exist only in production mode. Using the same configuration file in development mode works fine.
Related
Spring security 5.1.0.Rc1 has come up with support for OAuth2 Resource Servers in webflux - https://spring.io/blog/2018/08/21/spring-security-5-1-0-rc1-released .
The example given here talks about Oauth2 based on JWT format .
how can i configure a oauth2 resource server based and specify the token decoding uri .
In spring MVC i could use #EnableResourceServer and security.oauth2.resource.token-info-uri property . How would i do the same with webflux ?
I don't know if it actually worked with RC1 but with 2.1.0.M1 I could get it to work like this:
build.gradle:
repositories {
mavenCentral()
maven {
url 'https://repo.spring.io/libs-snapshot'
}
}
dependencyManagement {
imports {
mavenBom 'org.springframework.cloud:spring-cloud-gateway:2.1.0.M1'
}
}
dependencies {
compile 'org.springframework.boot:spring-boot-starter-security'
compile 'org.springframework.security:spring-security-oauth2-jose'
compile 'org.springframework.security:spring-security-oauth2-client'
compile 'org.springframework.security:spring-security-oauth2-resource-server'
}
application.yaml
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/certs
Also there's a sample at https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux
we do have a Jenkins server and an Artifactory repository. We have published several libraries to that artifactory repo and it works well. We have also published the anyline sdk as an aar-module. In our projects we reference the artifactory-repo and the aar-module as such:
dependencies { ... compile 'anyline:anyline:3.6.1#aar' ... }
repositories {
jcenter()
mavenLocal()
// External Third Party Libs lookup
maven {
url "https://MYURL/artifactory/libs-snapshot-local"
credentials {
username = bla
password = blubb
}
}
// External Third Party Libs lookup
maven {
url "https://MYURL/artifactory/libs-release-local"
credentials {
username = bla
password = blubb
}
}
// External Third Party Libs lookup
maven {
url "https://MYURL/artifactory/ext-release-local"
credentials {
username = bla
password = blubb
}
}
}
The url for the aar-package is this:
https://MYURL/artifactory/ext-release-local/anyline/anyline/3.6.1/anyline-3.6.1.aar
Locally the build just runs fine but on the jenkins it throws the following error:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring project ':BLABLUBB_app'.
> Could not find anyline.jar (anyline:anyline:3.6.1).
Searched in the following locations:
https://MYURL/artifactory/libs-release-local/anyline/anyline/3.6.1/anyline-3.6.1.jar
Now there are two weird things going on here:
1.) Why does the jenkins-build look up a jar-file? Isn't it supposed to look up an aar-file or am I missing something?
2.) The server seems to search in the wrong folder. It should also search in
ext-release-local
and not only in
libs-release-local where obviously no anyline-lib is located.
Does anyone have a hint on whats going wrong here?
The build script on the server is the same as the local one of course, the local repo and the server point to the same git.
Help appreciated,
Thanks
Daniel Sahm
I'm trying to publish to Artifactory using the project's Gradle wrapper and credentials keyed into the user's gradle.properties.
In my build.gradle file, I have the following snippet to publish to Artifactory:
artifactory {
contextUrl = "https://path.to/artifactory"
publish {
repository {
repoKey = 'plugins-release-local'
username = ${artifactory_user}
password = ${artifactory_password}
maven = true
}
defaults {
publications ('mavenJava')
}
}
}
publishing {
publications {
mavenJava(MavenPublication) {
from components.java
}
}
}
Here is the content of my gradle.properties file:
me#workstation ~/.gradle
$ cat gradle.properties
artifactory_user=xxx
artifactory_password=yyy
With the username and password hard coded in build.gradle, this works:
./gradlew artifactoryPublish
While attempting to read from the ~/.gradle/gradle.properties
./gradlew artifactoryPublish
HTTP response code: 502. HTTP response message: Bad Gateway
While Attempting to pass the credentials via the CLI:
./gradlew -Dartifactory_user=xxx -Dartifactory_password=yyy artifactoryPublish
HTTP response code: 401. HTTP response message: Unauthorized
Update #1
Update of build.gradle per #RaGe:
artifactory {
contextUrl = "https://path/to/artifactory"
publish {
repository {
repoKey = 'plugins-release-local'
username = artifactory_user
password = artifactory_password
maven = true
}
defaults {
publications ('mavenJava')
}
}
}
publishing {
publications {
mavenJava(MavenPublication) {
from components.java
}
}
}
Result: getting a 401 instead of a 502 using:
./gradlew artifactoryPublish
./gradlew -Dartifactory_user=xxx -Dartifactory_password=yyy artifactoryPublish
Update #2
Artifactory runs on Tomcat8/Java8 accessed through a reverse proxy on Apache 2.2.
Update #3
Note to solution: under Cygwin, make sure to edit the right gradle.properties, located in C:\Users\username.gradle\gradle.properties
Looks like a syntax issue. remove the ${} around your variables.
username = artifactory_user
password = artifactory_password
Using the Jenkins Artifactory Plugin and Gradle, I am able to deploy to my Artifactory instance successfully. However, I have not been able to use the credentials entered into Jenkins configuration to resolve the artifact from the same repository.
Here is the build.gradle, adopted right from Artifactory's "Generate Build Script" feature in Artifactory.
apply plugin: 'java'
sourceCompatibility = 1.5
version = '1.0'
buildscript {
repositories {
maven {
url 'http://artifactory.myorg.com:8081/artifactory/plugins-release'
credentials {
username = "${artifactory_user}"
password = "${artifactory_password}"
}
}
}
dependencies {
//Check for the latest version here: http://plugins.gradle.org/plugin/com.jfrog.artifactory
classpath "org.jfrog.buildinfo:build-info-extractor-gradle:3.0.3"
}
}
allprojects {
apply plugin: "com.jfrog.artifactory"
}
artifactory {
contextUrl = "${artifactory_contextUrl}" //The base Artifactory URL if not overridden by the publisher/resolver
publish {
repository {
repoKey = 'libs-release-local'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
resolve {
repository {
repoKey = 'libs-release'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
}
dependencies {
compile group: "com.myorg", name: "internal-library", version: '1.0'
testCompile group: 'junit', name: 'junit', version: '4.11'
}
Job configuration on Jenkins:
Jenkins Artifactory plugin configuration:
Error:
FAILURE: Build failed with an exception.
* Where:
Build file '/var/lib/jenkins/jobs/deleteme/workspace/build.gradle' line: 10
* What went wrong:
A problem occurred evaluating root project 'untitled2'.
> Could not find property 'artifactory_user' on Credentials [username: null].
Locally, resolving artifacts works (artifactory_user etc are resolved, because I configured them in my local ~/.gradle/gradle.properties). However, builds fail, because artifactory_user is not defined. Of course, I can configure a gradle.properties for Jenkins to use (and this works), however how is this supposed to work? It appears the Jenkins Artifactory Plugin Gradle integration is supposed to somehow communicate resolver credentials. Is there a way to do this without replicating the credentials in two places on Jenkins?
tl;dr username = "${project.getProperty('artifactory.publish.username')}"
Note: I haven't tested this on a Jenkins machine yet
The Jenkins artifactory plugin's gradle integration appears to do two things
Inject the artifactory configuration using a [gradle init script]
Provide build and artifactory configuration information
Both involve writing files to a temporary folder (i.e. /tmp on linux). If you have access to your build server you will probably have a lot of buildInfo\d{19}.properties and init-artifactory\d{19}gradle files in your temp folder.
Looking inside one of these buildInfo files reveals the resolve and publish credentials are stored in artifactory.resolve.username and artifactory.publish.username, respectively.
Trying to setting and trying to use ${artifactory.publish.username} directly doesn't work on my local machine; I assume it has to do with gradle trying to access the property before it is set. But the project.getProperty method works.
buildscript {
repositories {
maven {
url 'http://artifactory.myorg.com:8081/artifactory/plugins-release'
credentials {
username = "${project.getProperty('artifactory.resolve.username')}"
password = "${project.getProperty('artifactory.resolve.password')}"
}
}
}
}
artifactory {
publish {
contextUrl = "${project.getProperty('artifactory.publish.contextUrl')}"
repository {
repoKey = 'libs-release-local'
username = "${project.getProperty('artifactory.publish.username')}"
password = "${project.getProperty('artifactory.publish.password')}"
maven = true
}
}
resolve {
repository {
contextUrl = "${project.getProperty('artifactory.resolve.contextUrl')}"
repoKey = 'libs-release'
username = "${project.getProperty('artifactory.resolve.username')}"
password = "${project.getProperty('artifactory.resolve.password')}"
maven = true
}
}
}
You will have to update your local ~/.gradle/gradle.properties accordingly
artifactory.publish.contextUrl=<artifactory-url>
artifactory.publish.username=<username>
artifactory.publish.password=<password>
artifactory.resolve.contextUrl=<artifactory-url>
artifactory.resolve.username=<username>
artifactory.resolve.password=<password>
I am also banging my head against the wall with this one...I tried all the combinations myself and the only one that seems to be working is adding the gradle.properties to the jenkins server.
Finally I ended up not using the artifactory gradle plugin from jenkins alltogether.R ather add it to the build.gradle and simply call artifactoryPublish from Jenkins Server gradle plugin.
I have a few log.debugs() that I don't want to process (since they are heavy) unless the app is currently in debug mode (not production).
Is there a way to check if the grails app is currently in debug mode/development mode?
You can test if the current environment is dev (for example) using the following:
import grails.util.Environment
if (Environment.current == Environment.DEVELOPMENT ) {
// Do your dev logging here
}
IMO, a better solution than hard-coding the env where this logging happens, is to configure it. For example, to enable debug logging for this class only in the dev environment. add the following to Config.groovy
log4j = {
appenders {
// config for stdout and logfile appenders omitted
}
// log everything at error level to stdout and logfile appenders
root {
error 'stdout', 'logfile'
}
environments {
development {
// log this class at debug level in dev env only
debug 'com.example.MyClass'
}
}
}
in the config.groovy the environments are defined.
you can specify what you want the log configuration to be based on the environment the application in running in
environments {
development {
log4j = {
// determine what appenders are logging in development...
}
}
production {
log4j = {
// determine what appenders are logging in production...
}
}
}