Spring Security configured in Springboot project does not work properly on external Tomcat

Asked

Viewed 429 times

0

My problem is this :

I have an application made with Springboot, using the Maven, and making use of Spring Security. Throughout the development process, everything worked normally, I used the springboot Tomcat itself until the application was finished. But when generating the application’s WAR and deploying it to an external Tomcat, spring security does not work properly, it blocks all routes, even if some are configured as allowed routes without authentication.

Note: Generating a factor the application also works normally, since the application continues to make use of the embedded Tomcat. (I found interesting to talk)

Follow my classes and files :

 @Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UsuarioService usuarioService;

    @Autowired
    private JwtAuthenticationEntryPoint unauthorizedHandler;

    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    JwtAuthenticationFilter jwtAuthenticationFilter;

    @Override
    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(usuarioService).passwordEncoder(passwordEncoder());
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().exceptionHandling()
        .authenticationEntryPoint(unauthorizedHandler)
        .and().sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
        .antMatchers("/sefazapi/servico/cadastra").hasRole("ADMIN")
        .antMatchers("/sefazapi/autenticacao/**").permitAll()
        .antMatchers("/sefazapi/servico/lista").permitAll()
        .antMatchers("/sefazapi/cliente/**").permitAll()
        .antMatchers("/sefazapi/map/**").permitAll()
        .antMatchers("/sefazapi/arquivos/**").permitAll()
        .antMatchers("/sefazapi/noticia/**").permitAll()
        .antMatchers("/").permitAll()
        .anyRequest().authenticated()
        .and().logout().logoutUrl("/sefazapi/autenticacao/logout");

        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    }

}


Pom

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <packaging>war</packaging>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.40</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
            <version>2.8.5</version>
        </dependency>

        <dependency>
            <groupId>org.glassfish.jersey.core</groupId>
            <artifactId>jersey-client</artifactId>
            <version>2.22.1</version>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>org.glassfish.jersey.media</groupId>
            <artifactId>jersey-media-json-jackson</artifactId>
            <version>2.22.1</version>
        </dependency>

        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-jsr310</artifactId>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.sun.jersey/jersey-bundle -->
        <dependency>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-bundle</artifactId>
            <version>1.19.4</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->


    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
spring-boot tomcat spring-security

  • See if this link help you.

  • Thanks for the comment ! Actually it doesn’t help much because I’ve already followed this documentation. I can generate WAR normally, but when deploying it on an (external) Tomcat spring security blocks all request routes, even those that are cleared. this only happens when using the external Tomcat

1 answer

0


Well I figured out what was wrong. in the embedded Tomcat the application ran without a contextPath, so I mapped my controller following the pad.

@RestController("meuprojeto/meucontroller")

and in the request I accessed:

http://localhost:8080/meuprojeto/meucontroller/requisicao

And it worked, but in the external Tomcat by default the contextpath is the name of the application, so I ended up making a request for the wrong route because in the external Tomcat the route above turned that:

http://localhost:8080/meuprojeto/meuprojeto/meucontroller/requisicao

note that my project is listed in the url twice.

Anyway, I solved the problem so taking out of my controller the "/meuprojeto" and doing so:

@RestController("meucontroller")

and added in properties a contextpath with

server.servlet.context-path="/meuprojeto"

In this way the Onboard Cat started to work in the same way as the external Onboard Cat, my mappings were correct and solved this misconception

Browser other questions tagged spring-boot tomcat spring-security

You are not signed in. Login or sign up in order to post.