Using Spring 4 Condition To Control Bean Registration

Spring 4 introduces the Condition interface which supports a condition to checked and registers a bean only when the condition is matched. In this blog, I will demonstrate how to implement a custom condition interface which will register beans when the active profiles match a regex defined in the condition. This would be useful, for example, to inject mock beans when testing while using the actual implementations at deployment. The classes implemented here is a slight modification of the standard @Profile annotation and supporting classes.

@ProfileRegex

First we define the interface @ProfileRegex as follows

@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Conditional(ProfileRegexCondition.class)
public @interface ProfileRegex {
      /**
      * The profile regex for which the annotated component should be registered.
      */
      String value();
}

The interface requires a String value attribute which define the regex to use to match the spring context’s active profiles. Note the use of @Condition annotation to define the class that implements the Condition interface, i.e. ProfileRegexCondition.

ProfileRegexCondition

The class ProfileRegexCondition implements the Condition interface

class ProfileRegexCondition implements Condition {

 @Override
 public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
       Environment environment = context.getEnvironment();
       if (environment != null) {
            String[] profiles = environment.getActiveProfiles();
            MultiValueMap<String, Object> attrs = metadata.getAllAnnotationAttributes(ProfileRegex.class.getName());
           if (attrs != null) {
                for (Object value : attrs.get("value")) {
                     for (String profile : profiles) {
                          boolean matches = Pattern.matches((String) value, profile);
                          if (matches) {
                             return true;
                          }
                     }
                }
                return false;
          }
      }
      return true;
 }
}

The Condition interface has only one method matches() which determines whether the condition is matched. In our implementation, it iterates all the active profiles and return true if the profile matches the regex as defined in the value of the @ProfileRegex annotation.

Example

Suppose we want to register a mock bean for unit testing. We could define the following bean configuration class

@Configuration
@EnableAutoConfiguration
@ComponentScan
@ProfileRegex("test")
public class TestConfiguration {
     @Bean
     MyService myServiceMockBean() {
         return mock(MyService.class);
     }
}

Note the use of @ProfileRegex annotation to only register the beans when the active profile matches the regex “test”.  Also, the @ProfileRegex annotation can also be applied to the individual @Bean method to provide a more fine control over bean registration. The following configuration class does the opposite of the above and registers whenever the active profiles does not match the regex “test”.

@Configuration
@ProfileRegex("((?!test).)*")
public class ServiceConfiguration {

    @Bean
    MyService myServiceBean() {
         return new MyServiceImpl();
    }
}

Below is the unit test to verify the correct (mock) bean is registered

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = TestConfiguration.class)
@ActiveProfiles({"test"})
public class ServiceConfigTest {
 
    @Autowired
    private ApplicationContext context;

    @Test
    public void testProfileRegexCondition() {
         MyService service = context.getBean(MyService.class);
         assertThat(service, CoreMatchers.notNullValue());
         assertThat(new MockUtil().isMock(service), equalTo(true));
    }
}

Finally, Spring Boot provides a number of useful conditional annotations under the package org.springframework.boot.autoconfigure.condition. See the javadoc for more details.

Query MongoDB using the Java Driver

In this blog I will demonstrate how to get start with MongoDB Java Driver with examples on how to execute some common queries to the database.

Set up

I use Spring Boot (v1.2.1) with Maven for my project setup and include the following Maven dependency

 <dependency>
      <groupId>org.mongodb</groupId>
      <artifactId>mongo-java-driver</artifactId>
 </dependency>

My MongoDB server is on version 2.6

Example Document

For the rest of this blog, I will use the following example document

{
    "firstname" : "John",
    "lastname" : "Smith",
    "fullname" : "John N Smith"
    "age" : 25,
    "qualifications" : [
        "Master of Science",
        "B. Eng"
    ]
}

Exact Match

The Java driver API implements a query as a DBObject which is then used as an input to the Collection’s find method for executing a query. The query DBObject can be constructed using a BasicDBObjectBuilder. The following codes demonstrate how to find all documents within a collection with field name “firstname” with value “John”.

 BasicDBObjectBuilder builder = BasicDBObjectBuilder.start().add("firstname", "john");
 DBObject query = builder.get();
 DB db = mongoClient.getDB("mydb");
 DBCursor cursor = db.getCollection("myCollection").find(query);
 List<DBObject> dbObjects = cursor.skip(5).limit(100).toArray();

Note the 5 and 100 in the last line to indicate the first and the maximum number of records to return by the cursor.

Like

To perform like query as in relational database, you have to use regular expression when building the query DBObject using BasicDBObjectBuilder. For example,

BasicDBObjectBuilder builder = BasicDBObjectBuilder.start()
                              .add("fullname", Pattern.compile("john"));

will return documents with fullname “john smith” and “lee john” etc.

Greater Than &/or Less Than

To query with greater than or less than, create a DBObject using $gt(e) and $lt(e).

To get documents with age greater than 18:

BasicDBObjectBuilder builder = BasicDBObjectBuilder.start()
                               .add("age", new BasicDBObject("$gt", 18));

To get documents with age less than 50:

BasicDBObjectBuilder builder = BasicDBObjectBuilder.start()
                              .add("age", new BasicDBObject("$lt", 50));

To get documents with age between 18 and 50 (exclusive):

BasicDBObjectBuilder builder = BasicDBObjectBuilder.start()
                            .add("age", new BasicDBObject("$lt", 50).append("$gt", 18));

Match Value in Array

To query for all documents with matching element in array. For example to find all persons with qualification “B. Eng.”

 BasicDBObject in = new BasicDBObject("$elemMatch", new BasicDBObject("$eq", "B. Eng."));
 BasicDBObjectBuilder builder = BasicDBObjectBuilder.start().add("qualifications", in);

Combining query criteria

The BasicDBObjectBuilder can be used to combine multiple query criteria together, for example

 BasicDBObjectBuilder builder = BasicDBObjectBuilder.start()
                                .add("firstname", "john")
                                .add("age", new BasicObject("$gt", 18))

Custom Json Serializer and Deserializer for Joda datetime objects

This post demonstrates how to add custom Json serializer and deserializer classes for Joda datetime objects when used with Jackson JSON processor. I use LocalDateTime in the examples here but the same approach applies to other joda date(time) classes.

Default Serialization

By default, Jackson serializes the whole joda object as is. For example, consider the following object:

 public class ExampleDto {
      private LocalDateTime asDefault = LocalDateTime.now();
      ...

Serializing it with Jackson with

import com.fasterxml.jackson.databind.ObjectMapper;
...
ObjectMapper mapper = new ObjectMapper(); 
String json = mapper.writeValueAsString(new ExampleDto());

will return something like below in the json string:

{"asDefault":{"era":1,"dayOfMonth":24,"dayOfWeek":6,"dayOfYear":24,"year":2015,"yearOfEra":2015,...}

Not really useful

LocalDateTimeSerializer / LocalDateTimeDeserializer

Jackson provides an alternative for handling Joda objects. For example

public class ExampleDto {
       @JsonSerialize(using = LocalDateTimeSerializer.class)
       @JsonDeserialize(using = LocalDateTimeDeserializer.class)
       private LocalDateTime asArray = LocalDateTime.now();

This will return an array of integer representing the datetime in the json string, for example:

{"asArray":[2015,1,24,10,31,3,379]}

Custom Serializer and Deserializer

It is also possible to customize the output json by adding custom serialization and deserialization classes. For example, to generate json like:

{"custom":
     {"date":"2015-01-24",
      "time":"10:31:03"
}

The above format is useful when you have to persist the Json in NoSQL database such as MongoDB for datetime queries. To achieve this, first modify the @JsonSerialize and @JsonDeserialize annotations with the names of custom classes and then implements the custom classes:

public class ExampleDomain {
      @JsonSerialize(using = CustomLocalDateTimeSerializer.class)
      @JsonDeserialize(using = CustomLocalDateTimeDeserializer.class)
      private LocalDateTime custom = LocalDateTime.now();

Class CustomLocalDateTimeSerializer

public class CustomLocalDateTimeSerializer extends StdScalarSerializer<LocalDateTime> {

      private final static DateTimeFormatter DATE_FORMAT = DateTimeFormat.forPattern("yyyy-MM-dd");
      private final static DateTimeFormatter TIME_FORMAT = DateTimeFormat.forPattern("HH:mm:ss");
 
      public CustomLocalDateTimeSerializer() {
            super(LocalDateTime.class);
      }

      protected CustomLocalDateTimeSerializer(Class<LocalDateTime> t) {
            super(t);
      }

      @Override
      public void serialize(LocalDateTime value, JsonGenerator jgen, SerializerProvider prov      ider) throws IOException, JsonProcessingException {
            jgen.writeStartObject();
            jgen.writeStringField("date", DATE_FORMAT.print(value));
            jgen.writeStringField("time", TIME_FORMAT.print(value));
            jgen.writeEndObject();
      }
}

Class CustomLocalDateTimeDeserializer

public class CustomLocalDateTimeDeserializer extends StdScalarDeserializer<LocalDateTime> {
      private final static DateTimeFormatter DATETIME_FORMAT = DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss");

      public CustomLocalDateTimeDeserializer() {
            super(LocalDateTime.class);
      }

      protected LocalDateTimeDeserializerMongoDb(Class<?> vc) {
            super(vc);
      }

      @Override
      public LocalDateTime deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
           String dateStr = null;
           String timeStr = null;
           String fieldName = null;
           
           while (jp.hasCurrentToken()) {
                JsonToken token = jp.nextToken();
                if (token == JsonToken.FIELD_NAME) {
                     fieldName = jp.getCurrentName();
                } else if (token == JsonToken.VALUE_STRING) {
                     if (StringUtils.equals(fieldName, "date")) {
                          dateStr = jp.getValueAsString();
                     } else if (StringUtils.equals(fieldName, "time")) {
                          timeStr = jp.getValueAsString();
                     } else {
                          throw new JsonParseException("Unexpected field name", jp.getTokenLocation());
                     }
                } else if (token == JsonToken.END_OBJECT) {
                     break;
                }
           }
           if (dateStr != null && timeStr != null) {
                  LocalDateTime dateTime = LocalDateTime.parse(dateStr + " " + timeStr, DATETIME_FORMAT);
                  return dateTime;
            }
         return null;
      }
}

Note how the JsonParser is used in the deserializer. Also, the datetime formats used in the serializer and deserializer must match.

Implementing OAuth2 with Spring Security

I would share my notes on understanding how to set up Spring Security to implement OAuth2. My ultimate goal is to implement an authority provider (Authorization Server in OAuth2 terminology) to support multiple microservices. In this post, I will describe step by step on how to setup Spring Security with OAuth2 and demonstrate how a web server client should interact with the Oauth2 servers.

OAuth2 Roles

OAuth2 consists of the following “roles”:

  1. User / Resource Owner – an entity capable of granting access to a protected resource.
  2. Resource Server – server hosting the protected resources, capable of accepting and responding to protected resource requests using access token
  3. Client – An application making requests to protected resources on behalf of the owner. It can be a web app server, a mobile app, or a client side (e.g. javascript) application.
  4. Authorization Server – Server issuing access tokens to client after successfully authentication the resource owner and obtaining authorization.

Note:

  1. Many common servers, e.g. Facebook, Google APIs, implement both the Authorization and Resource Servers.
  2. Depending on the type of clients, the interaction with the OAuth2 servers varies. This blog will focus on a web server client. Aaron Parecki’s blog post provides a concise description of OAuth2 and the interactions required by various client applications

Spring Security OAuth2 Configuration

The codes used in this blog post are largely taken from the sample here, with some minor additions/changes.

Authorization Server

The codes to configure an authorization server are shown below.

@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
public class Application {

 private static final String RESOURCE_ID = "blog_resource";

 public static void main(String[] args) {
      SpringApplication.run(Application.class, args);
 }

 @Configuration
 @EnableAuthorizationServer // [1]
 protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

      @Autowired
      private AuthenticationManager authenticationManager;

      @Override // [2]
      public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
           endpoints.authenticationManager(authenticationManager);
      }

      @Override // [3]
      public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
           // @formatter:off
           clients.inMemory()
           .withClient("client-with-registered-redirect")
           .authorizedGrantTypes("authorization_code")
           .authorities("ROLE_CLIENT")
           .scopes("read", "trust")
           .resourceIds(RESOURCE_ID)
           .redirectUris("http://anywhere?key=value")
           .secret("secret123")
           .and()
           .withClient("my-client-with-secret")
           .authorizedGrantTypes("client_credentials", "password")
           .authorities("ROLE_CLIENT")
           .scopes("read")
           .resourceIds(RESOURCE_ID)
           .secret("secret");
           // @formatter:on
      } 

 }
}

Note:

  1. The convenient annotation @EnableAuthorizationServer is used. The server is customized by extending the class AuthorizationServerConfigurerAdapter which provides empty method implementations for the interface AuthorizationServerConfigurer. See the javadoc here for more information.
  2. By default, the authorization server does not secure the authorization end point (/oauth/authorize). The configure method here injects the Spring Security authentication manager (set up in @EnableWebSecurity as in normal Spring Security)
  3. The configure method here setup the clients that can access the server. An in memory client detail service is used here for demo purpose.

Resource Server

The codes to configure a resource server are shown below

 @RequestMapping("/") //[1]
 public String home() {
      return "Hello World";
 }

 @Configuration
 @EnableResourceServer // [2]
 protected static class ResourceServer extends ResourceServerConfigurerAdapter {

      @Override // [3]
      public void configure(HttpSecurity http) throws Exception {
           // @formatter:off
           http
           // Just for laughs, apply OAuth protection to only 2 resources
           .requestMatchers().antMatchers("/","/admin/beans").and()
           .authorizeRequests()
           .anyRequest().access("#oauth2.hasScope('read')"); //[4]
           // @formatter:on
      }

      @Override
      public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
           resources.resourceId(RESOURCE_ID);
      }

 }

Note:

  1. For testing purpose, a resource end point is included here
  2. Like the Authorization Server, the convenient annotation @EnableResourceServer is used with a bean that extends ResourceServerConfigurerAdapter. See javadoc here for more details
  3. The configure method shows how to setup resources for OAuth2 protection.
  4. Spring Security’s expression based support is used here, i.e. #autho2.hasScope(). An expression handler is registered by default by @EnableResourceServer.

Web Server Client

Now with the OAuth2 servers setup, we can demonstrate how a web server client can access protected resource on behalf of the end user via OAuth2. It consists of the following sequence of interactions:

  1. Client redirects user to the authorization server. User login and approve client access to the resource
  2. Authorization server redirects back to client with the access code
  3. Client exchange the access code with an access token from the authorization server
  4. Client uses the access token to get resource from  the resource server

I won’t have a client web server implemented here but will use a chrome rest client plugin to issue the requests to the oauth2 servers. You may use curl to send the equivalent requests.

Also, for the following to work, you will need to setup normal Spring Security and have a login page so that the end user can login with his credential at the oauth2 server so that he can approve the client for accessing the resource on his behalf. For example, as shown in the codes here.

1: Client redirects user to the authorization server. User login and approve client access to the resource

The client redirects the user to the following URL:

http://localhost:8080/oauth/authorize?
     response_type=code
     &client_id=client-with-registered-redirect
     &redirect_url=http://client_host?key=value
     &scope=read

Running the above on your browser should redirect it to the oauth2 server’s login page. Once the user enters and submits his username and password, The OAuth approval page should display as below. I will need to work out how to customize this page later…

blogOauth2Approve

2: Authorization server redirects back to client with the access code

When the user clicks “Approve”, the authorization server will redirect back to the client url as defined in the redirect_url parameter of the original request, together with an authorization code, i.e.

http://client_host/?key=value&code=3X42jv

Since we don’t have a client server implemented,  the above will cause browser error. But we do now has the authorization code from the authorization server.

3: Client exchange the access code with an access token from the authorization server

Now the client has to exchange the access code with the authorization server for an access token by the following:

POST http://localhost:8080/oauth/token
Header: Authorization: Basic Y2xpZW50LXdpdGgtcmVnaXN0ZXJlZC1yZWRpcmVjdDpzZWNyZXQxMjM=
Payload: grant_type=authorization_code&code=3X42jv

Note that base authorization is set up by default with the @EnableAuthroizationServer annotation for the token endpoint. The string “Y2xp…M=” is the Base64 encoded text of the client’s id and password of the form <client_id>:<client_secret>, i.e.  client-with-registered-redirect:secret123. Ignoring this header will result in the oauth2 server returning an “Full authentication is required to access this resource” error. 

The authorization server should return something like below:

{
     access_token: "cd515d9d-56b1-4ef6-ae99-317d8975f292     token_type: "bearer     expires_in: 43199 
     scope: "read"
}

4: Client uses the access token to get resource from  the resource server

With the access token, the client can now get the resource on behalf of the user. Remember we set up 2 toy resources to be protected under oauth2 when setting up the resource server? Let’s try go get hold of it

GET http://localhost:8080/ 
Header : Authorization: Bearer cd515d9d-56b1-4ef6-ae99-317d8975f292

It should return “Hello World” in the response body.

That’s it. We finally got the resource after all these interactions!

A few words on grant type

The client here uses authorization code grant type. As demonstrated above, this means the authorization code is obtained using the authorization server as an intermediate between the client and the resource owner. Note the resource onwer’s credential is never shared with the client. Also, the access token is passed directly from the authorization server to the ciient without going through resource owner’s user-agent, adding a level of security.

You may notice the authorization server config also includes a client my-client-with-secret with grant type client_credentials. This is intended for the client to get access token for accessing its own account. For example:

POST http://localhost:8080/oauth/token
Header: Authorization: Basic bXktY2xpZW50LXdpdGgtc2VjcmV0OnNlY3JldA==
Payload: grant_type=client_credentials

Another interesting grant type is implicit, which is intended for client-side (e.g. browse) client.

Wrap Up…for now

That’s it for now. OAuth2 is a flexible protocol and this article only describe a rather simple but hopefully typical use of it in securing web resources. Also, most of Spring Security support for OAuth2 is not explored here. I wish to cover both in future posts.

Using Maven build number plugin to load code revision details

In this blog post, I will demonstrate how to use Maven build number plugin to get build number and version details from your source code repository for use in Spring web applications. I use this technique for a number of web apps I develop to register which version of the codes (i.e. tag) the systems are running on to help operation support and debugging.

Project configuration

I have the following project setup:

  1. Maven 3
  2. Subversion as source code repository
  3. Eclipse IDE with m2e plugin

Getting build number from subversion

1. Add Maven plugin buildnumber-maven-plugin to pom.xml file

First add the following to your pom file:

<plugin>
 <groupId>org.codehaus.mojo</groupId>
 <artifactId>buildnumber-maven-plugin</artifactId>
 <version>1.0</version>
 <executions>
      <execution>
           <phase>validate</phase>
           <goals>
                <goal>create</goal>
           </goals>
      </execution>
 </executions>
 <configuration>
      <doCheck>false</doCheck>
      <doUpdate>false</doUpdate>
      <providerImplementations>
          <svn>javasvn</svn>
      </providerImplementations>
 </configuration>
 <dependencies>
      <dependency>
           <groupId>com.google.code.maven-scm-provider-svnjava</groupId>
           <artifactId>maven-scm-provider-svnjava</artifactId>
           <version>2.0.2</version>
      </dependency>
      <dependency>
           <groupId>org.tmatesoft.svnkit</groupId>
           <artifactId>svnkit</artifactId>
           <version>1.8.6</version>
      </dependency>
 </dependencies>
</plugin>

The above plugin config adds the build number plugin to the build lifecycle. Note the use of the javasvn provider to connect to SVN.

2. Add build property placeholders

The build number plugin is now run every time you build the project and will make build number (e.g. SVN revision number) available to Maven. The next step is to include a properties file so the values can be passed into the web app via Spring. For example, create a build.properties file (e.g. in  src/main/resources) as below and add it to the files to be loaded by Spring property placeholder configurer:

build.properties:
build.version=${version}  # Maven version
build.revision=${buildNumber} # Source code revision number 
build.timestamp=${timestamp} # long value of check in time

Running build should then produce the following files with the values replaced with real ones from subversion, e.g.

build.properties:
build.version=1.2.3
build.revision=9876
build.timestamp=12345459

3. Using build number in web app

Now you can use the build number in your web app. For example, in a Spring MVC controller interceptor to inject the values to the incoming http request for display in the web page footer.

public class PageRequestInterceptor extends HandlerInterceptorAdapter {

@Value(“${build.version}”)
private String buildVersion;

@Value(“${build.revision}”)
private String buildRevision;

private DateTime buildTimestamp;

@Value(“${build.timestamp}”)
public void setBuildTimestamp(String timestamp) {
buildTimestamp = new DateTime(Long.parseLong(timestamp));
}

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

request.setAttribute(“buildVersion”, buildVersion);
request.setAttribute(“buildRevision”, buildRevision);
request.setAttribute(“buildDateTime”, buildTimestamp);

4. Fix up Eclipse m2e plugin lifecycle mapping

If you are using Eclipse, you also need to update the Maven plugin lifecycle mapping to enable the build number plugin. Otherwise, Eclipse auto build will overwrite the resolved build properties file created by the build number plugin, e.g. in /target/classes, with the one in your source path. Add the below in the pom file as child to the <build> tag:

<pluginManagement>
 <plugins>
 <!-- This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself. -->
      <plugin>
           <groupId>org.eclipse.m2e</groupId>
           <artifactId>lifecycle-mapping</artifactId>
           <version>1.0.0</version>
           <configuration>
                <lifecycleMappingMetadata>
                     <pluginExecutions>
                        <pluginExecution>
                            <pluginExecutionFilter>
                            <groupId>org.codehaus.mojo</groupId>
                            <artifactId>buildnumber-maven-plugin</artifactId>
                            <versionRange>[1.0,)</versionRange>
                            <goals>
                                <goal>create</goal>
                            </goals>
                            </pluginExecutionFilter>
                            <action>
                                <execute>
                                  <runOnIncremental>true</runOnIncremental>
                                </execute>
                            </action>
                       </pluginExecution>
                </pluginExecutions>
             </lifecycleMappingMetadata>
          </configuration>
      </plugin>
   </plugins>
 </pluginManagement>

You can verify the above is working by looking at the Project Maven lifecycle properties in Eclipse. RIght click on the project, the select Properties->Maven->Lifecycle Mapping

That’s it.

Setup Spring Security with Active Directory LDAP in Spring Boot Web Application

This post illustrates how to set up Spring Security in Spring Boot configuration with Active Directory LDAP for a Spring MVC web application. I will also show what needs to be configured for the embedded tomcat to accept HTTPS.

Spring Security with LDAP

To configure Spring Security in Spring Boot, add the following Configuration class to your project. Note the use of annotation @EnableWebMvcSecurity. The configuration class extends the WebSecurityConfigurerAdapter class in Spring Security. More information can be found in the Spring Security Reference here.

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

     @Value("${ldap.domain}")
     private String DOMAIN;

     @Value("${ldap.url}")
     private String URL;

     @Value("${http.port}")
     private int httpPort;

     @Value("${https.port}")
     private int httpsPort;

     @Override
     protected void configure(HttpSecurity http) throws Exception {
          /*
           * Set up your spring security config here. For example...
          */
          http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginUrl("/login").permitAll();
          /*
           * Use HTTPs for ALL requests
          */
          http.requiresChannel().anyRequest().requiresSecure();
          http.portMapper().http(httpPort).mapsTo(httpsPort);
     }

     @Override
     protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
          authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
     }

     @Bean
     public AuthenticationManager authenticationManager() {
          return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
     }
     @Bean
     public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
          ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(DOMAIN, URL);
          provider.setConvertSubErrorCodesToExceptions(true);
          provider.setUseAuthenticationRequestCredentials(true);
          return provider;
     }
}

Add HTTPS connector for embedded Tomcat in Spring Boot

Now that Spring Security is set up, you need to update the web server to accept requests from HTTPS. To do that using the embedded Tomcat server in Spring Boot, add the following EmbeddedServletContainerCustomizer bean to the application configuration as shown below. Note I am using anonymous inner classes here instead of lambda expression as I see in other examples for Java 7 compatibility. You will need a keystore file for this to work.

@Bean
EmbeddedServletContainerCustomizer containerCustomizer (

     @Value("${https.port}") final int port, 
     @Value("${keystore.file}") Resource keystoreFile,
     @Value("${keystore.alias}") final String alias, 
     @Value("${keystore.password}") final String keystorePass,
     @Value("${keystore.type}") final String keystoreType) throws Exception {
          final String absoluteKeystoreFile = keystoreFile.getFile().getAbsolutePath();
          return new EmbeddedServletContainerCustomizer() {
               public void customize(ConfigurableEmbeddedServletContainer container) {
                    TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container;
                    tomcat.addConnectorCustomizers(new TomcatConnectorCustomizer() {
                         public void customize(Connector connector) {
                              connector.setPort(port);
                              connector.setSecure(true);
                              connector.setScheme("https");
                              Http11NioProtocol proto = (Http11NioProtocol) connector.getProtocolHandler();
                              proto.setSSLEnabled(true);
                              proto.setKeystoreFile(absoluteKeystoreFile);
                              proto.setKeyAlias(alias);
                              proto.setKeystorePass(keystorePass);
                              proto.setKeystoreType(keystoreType);
                        }
               });
           }
     };
 }

 

Getting Start with Spring Boot Configurations

Spring Boot allows development of Spring applications with minimum configuration. This is particular useful for developing microservices. This blog post will demonstrate a few things that may help in understanding how Spring Boot does its job of auto configuring a Spring application.

Auto-Configuration

So what has been configured?

The main feature of Spring Boot is its ability to automatically configuration the Spring application based on its included jar files. So the first thing you may want to look at is what have been configured for you. This can be done by running the application with the debug flag either by adding “–debug” to the command line or JVM argument “-Ddebug“. You will then see the “Auto Configuration Report” displayed in your console like below:

=========================
AUTO-CONFIGURATION REPORT
=========================

Positive matches:
—————–

AopAutoConfiguration
– @ConditionalOnClass classes found: org.springframework.context.annotation.EnableAspectJAutoProxy,org.aspectj.lang.annotation.Aspect,org.aspectj.lang.reflect.Advice (OnClassCondition)
– SpEL expression on org.springframework.boot.autoconfigure.aop.AopAutoConfiguration: ${spring.aop.auto:true} (OnExpressionCondition)

AopAutoConfiguration.JdkDynamicAutoProxyConfiguration
– SpEL expression on org.springframework.boot.autoconfigure.aop.AopAutoConfiguration$JdkDynamicAutoProxyConfiguration: !${spring.aop.proxyTargetClass:false} (OnExpressionCondition)

// rest omitted…

Negative matches:
—————–

ActiveMQAutoConfiguration
– required @ConditionalOnClass classes not found: javax.jms.ConnectionFactory,org.apache.activemq.ActiveMQConnectionFactory (OnClassCondition)

// rest omitted…

The report should give you an indication of what have been configured for you. It depends mainly on what jar files you have included in your project dependencies.

Excluding an auto configuration

Spring Boot is designed so that you can gradually replaced the auto-configuration as needed. To exclude an auto configuration, use the exclude attribute of the @EnableAutoConfiguration annotation as below:

@Configuration
@ComponentScan
@EnableAutoConfiguration(exclude = ProcessEngineAutoConfiguration.class)
@ImportResource("classpath:/activiti.xml")
public class Application {

public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}

I am using the Activiti Spring Boot module here. Note instead of relying on its auto configuration setup, I have included the activiti.xml configuration file using the @ImportResource annotation to manually configure the process engine used by Activiti.

Configuration properties

Application properties, e.g. JDBC connection string, are to be set in the application.properties file in the classpath. Profile specific properties should be included in a separate application-<profile>.properties file located at the same directory of the application.properties file.

A list of commonly used property keys can be found in the Reference Guide (here). For example, to change the embedded web server port to 8181, add the following line the the application.properties file

### application.properties

server.port=8181

Logging

You may configure Spring Boot to use logging framework of your choice. But first, it may be useful to configure the logger properties and understand what has been configured for you. To do this, add the property of the format logging.level.<package name>=<level> to your application.properties file. For example, to display debug messages for Hibernate, add the following lilne:

logging.level.org.hibernate=DEBUG

That’s it. The above has helped me to get started with Spring Boot, to understand how auto configuration works. The Reference Guide provides a comprehensive documentation of the framework and various how-tos. There are also many tutorials and blog articles around for reference.