As we know we use Eureka server to monitor the status of our microservices. Eureka server provides a dashboard on which we can see every microservice status and other details like port no on which microservice running and how many instance of microservice are running. But if you see we can easily see dashbord by hitting the URL of Eureak and it is open to all if anybody get your Eureka server URL, they will see all the details about your project.
So to protect our Eureka server we have to define some sort of security so only authorized person can see the server details. In this post we will see how to use HTTP basic security in Eureka Server. so to do this we have to follow below steps:
Add required dependency in your pom.xml file of Eureka Server.
Allow basic security property in your application.properties file with username and password.
Enable security using @EnableWebSecurity annotation in your main class.
Define a configuration class that extends WebSecurityConfigurerAdapter class and overrides configure methos.
Follow below steps:
Add required dependency in your pom.xml file of Eureka Server.
Now Run your application and Hit the Eurka Server URL you will get a popup, Now enter username and password if credentials are valid you will be login otherwise you are not able to login on Eureka server.
Now we have to register our Eureka Client to Eureka server. We know how to connect Eureka client with Eureka Server we use
in application.properties file of our Eureka client. Now if you use the same configuration you will get error that no server found to connect with so you have to change the above property as
In this article we see about Spring Cloud Security. As we know security is the first concern when we work on any project, we don’t want to compromise with user credentials so we have to more concern about security.
JWT ( Json Web Token ) is one of the feature Spring Cloud Security. Any API can be accessed only if user has valid signed token otherwise he will not able to access that APIs.
JWT ( Json Web Token ) consist of three parts. And Structure will be like ( Header.Payload.Secret ). For More Go to ( visit jwt.io )
Header ( Consist of typ that always be JWT and a Hashing algo )
Payload ( Consist of claims or Information )
Signature ( Secret Key that you provide to signed token )
We can use JWT in Spring Boot using below steps:
Add required dependency in your pom.xml file.
Add MySQL configuration in your application.properties file.
Create a class where you define some constatnts like JWT Secret and expire time for JWT token.
Create a utility Class where we can define claim, generate or validate JWT tokens for user.
Create a DAO class where you can perform MySQL activity.
Create a class that implements UserDetailsService and perform user authentication by getting userName and password of user.
create a controller class where we can provide endPoint for getting our Token if authentication successful.
Create Two Model class one is for getting userName and password and other is for JWT Response.
Create a Filter class that perform JWT validation on each request.
create a class that implements AuthenticationEntryPoint for reject every unauthenticated request and Send 401 Error Code for unauthorised user.
Create a class that extends WebSecurityConfigurerAdapter and provide security configuration for endPoint that we want to secure.
After This we will run our application and make a Post request with username and password to authenticate API that we define in controller to get JWT Token.
Now add this Token to your Header with Bearer keyword to get response from Secured APIs. You will get response only if you pass a valid Token.
3- Create a class where you define some constatnts like JWT Secret and expire time for JWT token.
package com.javadream.constant;
public class JwtConstatnt {
public static final String JWT_SECRET = "123@@#&javadream.in#$%";
public static final long JWT_TOKEN_VALIDITY = 5 * 60 * 60;
}
4- Create a utility Class where we can define claim, generate or validate JWT tokens for user.
package com.javadream.utility;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.userdetails.UserDetails;
import com.javadream.constant.JwtConstatnt;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
@Configuration
public class JwtTokenUtility implements Serializable{
private static final long serialVersionUID = -9172337479697036292L;
private static final Logger logger = LoggerFactory.getLogger(JwtTokenUtility.class);
private static final String JWT_SECRET = JwtConstatnt.JWT_SECRET;
private static final long JWT_TOKEN_VALIDITY = JwtConstatnt.JWT_TOKEN_VALIDITY;
//get username from jwt token
public String getUsernameFromToken(String token) {
return getClaimFromToken(token, Claims::getSubject);
}
public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
final Claims claims = getAllClaimsFromToken(token);
return claimsResolver.apply(claims);
}
//for get any information from token we will need the secret key
private Claims getAllClaimsFromToken(String token) {
return Jwts.parser().setSigningKey(JWT_SECRET).parseClaimsJws(token).getBody();
}
//check if the token has expired
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
//retrieve expiration date from jwt token
public Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token, Claims::getExpiration);
}
//generate token for user
public String generateToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>();
return doGenerateToken(claims, userDetails.getUsername());
}
private String doGenerateToken(Map<String, Object> claims, String subject) {
return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000))
.signWith(SignatureAlgorithm.HS512, JWT_SECRET).compact();
}
//validate token
public Boolean validateToken(String token, UserDetails userDetails) {
final String username = getUsernameFromToken(token);
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}
}
5- Create a DAO class where you can perform MySQL activity.
package com.javadream.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class SecureController {
@GetMapping("/SecureAPI")
public String getSecureEndPoint() {
return "Nice try! You have learned Spring Boot JWT Security";
}
}
8- Create Two Model class one is for getting userName and password and other is for JWT Response.
package com.javadream.model;
public class UserBean {
private String userName;
private String password;
public UserBean() {
super();
}
public UserBean(String userName, String password) {
super();
this.userName = userName;
this.password = password;
}
@Override
public String toString() {
return "UserBean [userName=" + userName + ", password=" + password + "]";
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
package com.javadream.model;
import java.io.Serializable;
public class JwtResponse implements Serializable {
private static final long serialVersionUID = 2624374270511956111L;
private final String jwttoken;
public JwtResponse(String jwttoken) {
this.jwttoken = jwttoken;
}
public String getToken() {
return this.jwttoken;
}
}
9- Create a Filter class that perform JWT validation on each request.
package com.javadream.filter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import com.javadream.service.JwtUserDetailService;
import com.javadream.utility.JwtTokenUtility;
import io.jsonwebtoken.ExpiredJwtException;
@Component
public class JwtFilter extends OncePerRequestFilter {
private static final Logger logger = LoggerFactory.getLogger(JwtFilter.class);
@Autowired
private JwtTokenUtility jwtTokenUtil;
@Autowired
private JwtUserDetailService jwtUserDetailsService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String requestTokenHeader = request.getHeader("Authorization");
String username = null;
String jwtToken = null;
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token for this user");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has been expired");
}
} else {
logger.warn("JWT Token do not start with Bearer keyword");
}
// Once we get the token validate it.
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(request, response);
}
}
10- create a class that implements AuthenticationEntryPoint for reject every unauthenticated request and Send 401 Error Code for unauthorised user.
Now our application has been ready to run, Just run your application and first create a user ( SignUp ). we do not define any security on signup API because everybody allow to do SignUp but rest endPoint are secured. So now make a SignUp request using Postman.
12- After This we will run our application and make a Post request with username and password to authenticate API that we define in controller to get JWT Token.
13- Now add this Token to your Header with Bearer keyword to get response from Secured APIs. You will get response only if you pass a valid Token.
As we know security is the first concern when we working on any web application. Spring Boot also provide this feature to prevent our user from unauthorised access. Some time we also want Role wise authentication in our application means we want a user to access API only if he will authorised to use that. In this post we will see how we can manage a complete role wise authentication using MySQL in Spring boot, So to do that we have to follow below steps:
Add required dependency in your pom.xml file.
Add MySQL configuration in your application.properties file
create user and authorities table in your MySQL.
Enable security in your main class using @EnableWebSecurity annotaion.
Create a Model class User.
Create a configuration class that extends WebSecurityConfigurerAdapter and specify security config in this class.
Create a DAO Class that Perform MySQL activity.
Create a class that implements UserDetailsService and perform Spring Boot Security validation.
In above class we override configure method of WebSecurityConfigurerAdapter class. Inside this function we define the APIs end point and the role that can access that APIs. We do not define any type of security on SignUp endPoint because anybody can do Sign Up and we don’t required any authentication for Sing Up process.
7- Create a DAO Class that Perform MySQL activity .
package com.javadream.dao;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Repository;
import org.springframework.security.authentication.*;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.javadream.model.User;
@Repository
public class UserDao {
private static final Logger logger = LoggerFactory.getLogger(UserDao.class);
@Autowired
private JdbcTemplate template;
@Autowired
private PasswordEncoder encoder;
public User getUserInfo(String userName) {
try {
String sql = "SELECT u.username name, u.password pass, a.authority role FROM "
+ "user u INNER JOIN authorities a on u.username=a.username WHERE "
+ "u.enabled =1 and u.username = ?";
List<Map<String, Object>> userResponse = template.queryForList(sql, new Object[] { userName });
logger.info("vvv:: userResponse= " + userResponse);
if (userResponse != null) {
User user = new User(userResponse.get(0).get("name").toString(),
userResponse.get(0).get("pass").toString(),
userResponse.get(0).get("role").toString());
logger.info("vvv:: user= " + user);
return user;
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public int insertUser(User user) {
try {
String userName = user.getUserName();
String pass = user.getPassword();
String role = user.getRole();
logger.info("vvv:: userName= "+userName + " ,pass= "+pass + ", role= "+role);
int updateStatus = template.update("insert into user(username,password,enabled) values(?,?,?)", new Object[] {userName,encoder.encode(pass),"1"});
logger.info("vvv:: updateStatus= "+updateStatus);
if(updateStatus == 1) {
int insertIntoAuthTable = template.update("insert into authorities(username,authority) values(?,?)", new Object[] {userName,role});
logger.info("vvv:: insertIntoAuthTable = "+insertIntoAuthTable);
if(insertIntoAuthTable == 1) {
return 1;
}
}
return 0;
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
}
In above class we define a bean PasswordEncoder , because we don’t want to save our user password in Plain Text in MySQL table so we use PasswordEncoder to encrypt our password before save it to MySQL.
8- Create a class that implements UserDetailsService and perform Spring Boot Security validation.
Second We create a UserController. APIs for this controller is accessed by those who have USER role.
package com.javadream.controller;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.javadream.dao.UserDao;
import com.javadream.model.User;
@RestController
@RequestMapping("userRoleAPIs")
public class UserController {
private static final Logger logger = LoggerFactory.getLogger(UserController.class);
@GetMapping("/testAPI")
public String demo() {
return "Nice Try! You have learned Spring Boot Security With MySql";
}
}
Third we create a AdminController. APIs for this controller is accessed by those who have ADMIN role.
package com.javadream.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/adminRoleAPIs")
public class AdminController {
@GetMapping("/testAPI")
public String demo() {
return "Nice Try! You have learned Spring Boot Security With MySql";
}
}
Fourth we create a AnyRoleController. APIs for this controller is accessed by those who any role ADMIN role or USER role.
package com.javadream.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/anyRoleAPIs")
public class AnyRoleController {
@GetMapping("/testAPI")
public String demo() {
return "Nice Try! You have learned Spring Boot Security With MySql";
}
}
Now Run this application and use below steps to test your application functionality.
Make a Post Request to Sign Up URL using postman .
Define role parameter accordingly for Admin role use parameter ROLE_ADMIN and for user role use parameter ROLE_USER
Now try to access any API from any controller ( UserController, AdminController, AnyRoleController).
when you hit API a default SignUp Page will open now enter your credentials if your user has valid credential and valid role then you will get the response otherwise 403 error will display.
We know that Spring boot micro services application is divided into modules or separate application. And in many cases it is necessary that we have to call the one application end point from another application. So to Call one application end point from another application Spring boot provided two choices.
In this example we are using Feign Client to communicate between two applications.
So to working with Feign Client we have to create two applications with some end Point. You can follow myCreate Application in Spring boot microserviceBlog to see how to create application in Spring boot Microservices.
Suppose we have two differnet application hosted on Eureka Server with name CLIENT1 , CLIENT2.
Note: CLIENT1 and CLIENT2 are the name that you give to your application inside application.properties using.
spring.application.name=client1
Now Suppose we are Calling end point of CLIENT2 application from CLIENT1
So we will perform some steps in CLIENT1 application
As we know in microservice architecture we have many independent application and some time it is needed that one application communicates with other application to do some operation. So if we want to communicate between two microservice then spring cloud provide us two useful Component
RestTemplate
Feign Client
In This Post we will discuss how two microservice communicate between them using RestTemplate. Make Sure you have your Eureka Server Running and both the application is registered on that. To use RestTemplate in our application we have to follow below steps:
Add required dependeny in your pom.xml file.
Create Two MicroService project. In this we create two project one is MicroService-1 and another is MicroService-2.
Give ApplicationName , Port and Eureka server path in your application.properties file.
Create a Bean for RestTemplate because we can’t auto-wired RestTemlate directly. So we create a configuration class and initialize a Bean for RestTemplate.
Autowired RestTemplate in your Service class to call Rest End Point of another application.
In Last Post ( Eureka Server ) we have seen that how to create a Eureka Server. Now we learn how to register our microservices on Eureka Server, We register our microservice on Eureka because of we need a dashboard where we can check status of our all microservices. So for registering them on eureka we have to follow below steps.
Create a project and add required dependency in your pom.xml file
Enable your main class as a client using @EnableEurekaClient annotation.
Define Eureka Server path in your application.properties file.
Now run this application and check your Eureka Server You will get a instance of MICROSERVICE-1 on port 8081.
NOTE: Make Sure before running your microservice-1 application your eureka server is already running otherwise it will throw exception that no server found.
We know that in Monolithic application complete Code is at one place, in MicroService we divide this big monolithic application in small small microservices.
Suppose we create a separate application named EurekaClient-1 with some rest end points and host this application on Eureka Server so we don’t need to worry about details of this application.
To create this separate client application names EurekaClient-1 we have to follow below steps:
Eureka Server is used to monitor all the application. With the help of Eureka Server we don’t need to worry about information like which application running on which port and how many instances of application are running, all this are take cares by Eureka Server.So to Create a Eureka Server we have to follow below steps:
Add required dependency in you pom.xml file
Enable Your main class as a Eureka Server using @EnableEurekaServer annotation.
Define applicationName and portNo in application.properties file.
By Default Eureka act as a client but now we want this application to work as Eureka Server so we make Eureka registry as false in application.properties file.
1- Add the Eureka Server dependency in your pom.xml file.
2- Enable Eureka Server by using @EnableEurekaServer annotation in your main class.
@EnableEurekaServer
@SpringBootApplication
public class EurekaServerApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaServerApplication.class, args);
}
}
3- By Default Eureka Server application running as a client so if we have want to act this application as a server then we have to add below properties in application.properties file
server.port define the port on which Eureka Server running in our case it is running on 8761 port so to access your eureka server just hit below URL in your browser.
In this post we will see spring boot profiles. We know that our application go through many phases like development, testing, production. So for them we have to do configuration accordingly.
Spring boot provides profile feature for this. So Using spring boot profiles we can use different properties in different phases. Suppose i have three environment development, testing, production.
Now if we want that developer will use property defined for developers and tester will use properties defined for tester and in production our application use properties for production environment.
To see How to set profiles in spring boot we have to follow the below steps:
2- create application.properties for development and testing phase syntax would be like
application-{Your-Phase-Name}.properties
Eg: application-dev.properties // this is for development phase
application-test.properties //this is for testing phase
application-dev.properties – In this property file we will define the property that will be used by the developer. Suppose i define only one property with key as name and value as development.
name=development environment
application-test.properties – In this property file we will define the property that will be used by the tester. And here we define only one property same as in developer property with key as name and value as testing.
name=testing environment
3- application.properties – This is our main property file here we define which profile need to be activated. Suppose currently developer is working on the application so our application should fetch property from application-dev.properties file so for this we have to write below property in our application.properties file.
spring.profiles.active=dev
Above syntax define that our application-dev.properties is activated. Now suppose the application is in testing phase so now tester wants that his property will be fetched so for using testing profile we will use below property in our application.properties file
spring.profiles.active=test
Now Check this using code suppose i want to print the name property value that i have defined in both the dev and test property. Suppose first i want to print the name from dev property than in my main application.properties file i will use spring.profiles.active=dev
And when we have to print the name from test property than in my main application.properties file i will use spring.profiles.active=test
Now create a controller class and get the value from dev or test profiles.
4- Create a controller with a rest end point that return name property value for different phase.
@RestController
public class ProfileController {
@Value("${name}")
private String name;
@GetMapping("/profile")
public String testProfile() {
return "Current Envirnment is "+ name;
}
}
In this post we will see how to use log4j in java or spring boot . Logging is a most important feature that we use to detect if any error occurs or not .
Spring boot by default provides slf4j logging in spring boot. For Using slf4j logging we have to include only web starter dependency.
Logging plays a important role while we debug our application on server. using log4j in java is very important. So try to make as simple as possible so anybody can understand about the issue after seeing your logs.
In this post we will see how to use Apache Log4j in spring boot application. To use Apache Log4j we have to follow below steps.
1- Add below dependency in your pom.xml file or get this frommaven Repositry to enable log4j in java
For Window Console or your Eclipse Console make below entry in your log4j.properties :
pattern=%d %5p [%24t] %32c{2}|%L - %m%n
log4j.rootLogger=DEBUG, Console, Appender1
# console is set to be a ConsoleAppender.
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.layout=org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=${pattern}
log4j.appender.Console.Threshold=info
# Define the file appender
log4j.appender.Appender1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.Appender1.File=/var/log/R2faSupportNew.log
#log4j.appender.Appender1.File=${catalina.home}/logs/revesecure_api.log
log4j.appender.Appender1.DatePattern='.'yyyy-MM-dd
# Set the append to false, should not overwrite
log4j.appender.Appender1.Append=true
# Set the threshold to debug mode
log4j.appender.Appender1.Threshold=info
# Define the layout for file appender
log4j.appender.Appender1.layout=org.apache.log4j.PatternLayout
log4j.appender.Appender1.layout.conversionPattern=${pattern}
3- Now go to your class and initialize the Logger object like below
private static final Logger logger = Logger.getLogger(CalculateSMSCost.class.getName());
4- Now go to your java class and print your logs like below.
logger.info("Apache log4j logging Example");
Now run your application and see the logs on console.
