These are chat archives for spring-cloud/spring-cloud

23rd
May 2016
dragontree101
@dragontree101
May 23 2016 10:50
how can i use spring-boot-starter-security in spring cloud config? i want to server set password to prevent any client visit my server? thanks
what will i do in server and client ? thanks
Dave Syer
@dsyer
May 23 2016 10:52
Are you asking how to secure a config server?
dragontree101
@dragontree101
May 23 2016 10:55
i want to set a password in spring cloud config server, and only spring cloud config client who has password can visit this server.
and i find an issue spring-cloud/spring-cloud-config#297 likes my questions, but i doesn't find how to config server
Dave Syer
@dsyer
May 23 2016 10:58
HTTP Basic is the default with Spring Boot if you just add the dependency.
What is it that isn't working?
That issue isn't about password protection
(it's about encrypting properties)
dragontree101
@dragontree101
May 23 2016 10:59
i add spring-boot-starter-security in server, i need to set username and password
Dave Syer
@dsyer
May 23 2016 10:59
Indeed.
So what's the problem? Did you see this section in the user guide: http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_security_2?
dragontree101
@dragontree101
May 23 2016 11:08
i add spring-boot-starter-security in server, and startup has log Using default security password: c3f92320-363e-4b01-8202-9ebbe5c51606
security:
user:
name: user
password: c3f92320-363e-4b01-8202-9ebbe5c51606
and in client yaml
but client has Could not locate PropertySource: 401 Unauthorized
Dave Syer
@dsyer
May 23 2016 11:10
In the client you have to configure the same password in spring.cloud.* (per that link I just pasted).
dragontree101
@dragontree101
May 23 2016 11:12
spring:
cloud:
config:
uri: http://localhost:8888
name: user
password: c3f92320-363e-4b01-8202-9ebbe5c51606
label: master
profile: development
but also Could not locate PropertySource: 401 Unauthorized
name is user?
Dave Syer
@dsyer
May 23 2016 11:13
That's the default
Get some DEBUG logs from org.springframework.security on the server. You will see why the access is denied.
dragontree101
@dragontree101
May 23 2016 11:18
in server's pom i only add spring-boot-starter-security dependency and in client i only add spring.cloud.name: user and spring.cloud.passowrd: c3f92320-363e-4b01-8202-9ebbe5c51606
does any other is miss?
Dave Syer
@dsyer
May 23 2016 11:22
You didn't configure the password in the server?
dragontree101
@dragontree101
May 23 2016 11:23
no, i start up server has log Using default security password: 1855ab84-2482-413a-870f-1f5cf7e94dd5
and i curl -I user:1855ab84-2482-413a-870f-1f5cf7e94dd5@localhost:8888/dragon/development/master
HTTP/1.1 401 Unauthorized
Dave Syer
@dsyer
May 23 2016 11:24
It's a different random password every time you start the server, unless you configure the value
dragontree101
@dragontree101
May 23 2016 11:24
yes now i only test
Dave Syer
@dsyer
May 23 2016 11:25
Why not set the password to something easier to type then?
dragontree101
@dragontree101
May 23 2016 11:39
i set password
curl -u user:password@127.0.0.1:8888/dragon/development/master
is ok, but in properties, spring:
profiles: development
application:
name: dragon
cloud:
config:
uri: http://localhost:8888/admin
name: user
password: password
label: master
profile: development
also 401Could not locate PropertySource: 401 Unauthorized
Dave Syer
@dsyer
May 23 2016 11:43
can you put you code in github and/or use markdown to format source code in gitter, please?
I can't read that YAML because it isn't formatted
Are you running your app in the "development" profile?
If not, then that YAML isn't going to be used it it?
dragontree101
@dragontree101
May 23 2016 11:44
thanks
Dave Syer
@dsyer
May 23 2016 11:50
Your config-server has @EnableWebSecurity
So you switched off the default Spring Boot settings
It is sending 302 (not 401) to unauthenticated requests
dragontree101
@dragontree101
May 23 2016 11:52
so i could delete Your config-server has @EnableWebSecurity
Dave Syer
@dsyer
May 23 2016 11:53
Yes (I think, if I follow what you're asking). If you setup the password with security.user.password.
dragontree101
@dragontree101
May 23 2016 12:01
i delete @EnableWebSecurity but also 401 :(
maybe i need to learn some spring-boot-starter-security
Dave Syer
@dsyer
May 23 2016 12:04
Maybe that as well
You main problem is that you aren't configuring the client correctly
In your app the config server bits are in application*.yml which is loaded too late to affect the config client
You need that in bootstrap*.yml
(Like in the link I pasted above)
Or some other early config setting (command line, or in the main method, for instance)
dragontree101
@dragontree101
May 23 2016 12:31
@dsyer i change application.yml to bootstrap.yml
it's ok
but i use name: user and password: password auth is ok but properties not get
Dave Syer
@dsyer
May 23 2016 12:33
Yeah, I noticed you had "name: user" so you are picking up config properties for the app called "user"
I think you meant to write "username: user"
dragontree101
@dragontree101
May 23 2016 12:34
o
i see not name
thanks very much
orz。。。
Jakub Kubryński
@jkubrynski
May 23 2016 12:46
Hi! is there any option to deregister application from eureka when shutting down the application?
Dave Syer
@dsyer
May 23 2016 13:04
That's the default
I don't think it's easy to change
Jakub Kubryński
@jkubrynski
May 23 2016 14:09
hmm - I see that after shutting down the application it's still visible in eureka for around 20s, for example under /eureka/apps
Dieter Hubau
@Turbots
May 23 2016 14:16
yes, thats because eureka doesnt check the presence of all apps constantly… it has various refresh intervals and timings to maintain its registry
Jakub Kubryński
@jkubrynski
May 23 2016 14:16
and second question - is there any option to register application just after startup? currently it's registered with first heartbeat, which is by default 30sec
@Turbots you mean that even if I have one eureka instance and the app is unregistered from this instance, it still returns stale data?
this documentation has more information about Eureka in Spring-Cloud-Netflix
Jakub Kubryński
@jkubrynski
May 23 2016 14:21
I know that I can change the lease interval. I'm asking why the first heartbeat happens after 30 seconds from starting, and not in second 0
Jakub Kubryński
@jkubrynski
May 23 2016 14:49
OK - i've found the solution. There is responseCacheAutoExpirationInSeconds property which by default is 180s
Dieter Hubau
@Turbots
May 23 2016 15:58
nice!
sorry my response didnt help as much, I dont always know how good people’s knowledge of spring-cloud already is
Jakub Kubryński
@jkubrynski
May 23 2016 16:00
No problem. I also found there is a second level cache so I also needed to update responseCacheUpdateIntervalMs :)
now it works like a charm ;)
ccit-spence
@ccit-spence
May 23 2016 20:51
Question - Is it acceptable to put a load balancer in front of a few Spring Cloud Config instances?
Spencer Gibb
@spencergibb
May 23 2016 20:52
@ccit-spence absolutely. Until we have client side loadbalancing, it’s the way to go.
ccit-spence
@ccit-spence
May 23 2016 20:53
@spencergibb thanks, for the quick response. finally getting things here into production and jumping the last few hurdles