spring-native
spring-native copied to clipboard
Spring cloud config server - encrypt/decrypt endpoints not working with spring native
I am trying to build a spring cloud config server instance to run in native mode, using sping native. According to the documentation https://docs.spring.io/spring-native/docs/current/reference/htmlsingle/, "Spring Native 0.11.3 has been tested against Spring Cloud 2021.0.1" and is compatible with spring-cloud- config-server The documentation also states "Spring Cloud Bootstrap is no longer supported."
My pom.xml is as follows
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>es.luis</groupId>
<artifactId>spring-config-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-config-server</name>
<description>Probando spring cloud server</description>
<properties>
<java.version>11</java.version>
<spring-cloud.version>2021.0.0</spring-cloud.version>
<spring-native.version>0.11.2</spring-native.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<exclusions>
<exclusion>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.experimental</groupId>
<artifactId>spring-native</artifactId>
<version>0.11.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<classifier>${repackage.classifier}</classifier>
<image>
<builder>paketobuildpacks/builder:tiny</builder>
<env>
<BP_NATIVE_IMAGE>true</BP_NATIVE_IMAGE>
</env>
</image>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.experimental</groupId>
<artifactId>spring-aot-maven-plugin</artifactId>
<version>0.11.2</version>
<executions>
<execution>
<id>generate</id>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.eclipse.jkube</groupId>
<artifactId>openshift-maven-plugin</artifactId>
<version>1.6.0</version>
</plugin>
</plugins>
</build>
<repositories>
<!-- ... -->
<repository>
<id>spring-release</id>
<name>Spring release</name>
<url>https://repo.spring.io/release</url>
</repository>
</repositories>
<pluginRepositories>
<!-- ... -->
<pluginRepository>
<id>spring-release</id>
<name>Spring release</name>
<url>https://repo.spring.io/release</url>
</pluginRepository>
</pluginRepositories>
<profiles>
<profile>
<id>native</id>
<properties>
<repackage.classifier>exec</repackage.classifier>
<native-buildtools.version>0.9.3</native-buildtools.version>
</properties>
<dependencies>
<dependency>
<groupId>org.graalvm.buildtools</groupId>
<artifactId>junit-platform-native</artifactId>
<version>${native-buildtools.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.graalvm.buildtools</groupId>
<artifactId>native-maven-plugin</artifactId>
<version>${native-buildtools.version}</version>
<executions>
<execution>
<id>test-native</id>
<phase>test</phase>
<goals>
<goal>test</goal>
</goals>
</execution>
<execution>
<id>build-native</id>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
And my application.yml is:
server:
port: 8888
spring:
cloud:
config:
server:
git:
cloneOnStart: false
uri: https://github.com/luidoc/spring-cloud-config-repo
default-label: master
security:
user:
name: root
password: password
encrypt:
key: asdfajazdfjalasdfasdf
I have enabled endpoint encrypt and decrypt
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf()
.ignoringAntMatchers("/encrypt/**")
.ignoringAntMatchers("/decrypt/**");
super.configure(http);
}
}
I manage to compile the project without problems and it runs correctly.
./spring-config-server
2022-02-28 15:52:45.628 INFO 16415 --- [ main] o.s.nativex.NativeListener : AOT mode enabled
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.6.3)
2022-02-28 15:52:45.793 INFO 16415 --- [ main] e.l.c.s.SpringConfigServerApplication : Starting SpringConfigServerApplication v0.0.1-SNAPSHOT using Java 11.0.13 on xxxx with PID 16415 (/mnt/d/Users/xxx/desarrollo/spring-config-server-master/target/spring-config-server started by luis in /mnt/d/Users/xx/desarrollo/spring-config-server-master/target)
2022-02-28 15:52:45.793 INFO 16415 --- [ main] e.l.c.s.SpringConfigServerApplication : No active profile set, falling back to default profiles: default
2022-02-28 15:52:46.141 INFO 16415 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8888 (http)
2022-02-28 15:52:46.148 INFO 16415 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-02-28 15:52:46.148 INFO 16415 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.56]
2022-02-28 15:52:46.186 INFO 16415 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-02-28 15:52:46.186 INFO 16415 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 393 ms
2022-02-28 15:52:46.644 INFO 16415 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@3726654a, org.springframework.security.web.context.SecurityContextPersistenceFilter@176abef0, org.springframework.security.web.header.HeaderWriterFilter@12ba60af, org.springframework.security.web.csrf.CsrfFilter@2163465, org.springframework.security.web.authentication.logout.LogoutFilter@26dfd51b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2db9b9e, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@20a83784, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@4b25d06d, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@50b9b5a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1d25be6c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@442be013, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@60ddf67a, org.springframework.security.web.session.SessionManagementFilter@7310aaa1, org.springframework.security.web.access.ExceptionTranslationFilter@1605e9d0, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1ac1fbca]
2022-02-28 15:52:47.650 INFO 16415 --- [ main] o.s.cloud.commons.util.InetUtils : Cannot determine local hostname
2022-02-28 15:52:47.695 INFO 16415 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 1 endpoint(s) beneath base path '/actuator'
2022-02-28 15:52:47.714 INFO 16415 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8888 (http) with context path ''
2022-02-28 15:52:48.715 INFO 16415 --- [ main] o.s.cloud.commons.util.InetUtils : Cannot determine local hostname
2022-02-28 15:52:48.716 INFO 16415 --- [ main] e.l.c.s.SpringConfigServerApplication : Started SpringConfigServerApplication in 4.901 seconds (JVM running for 5.462)
2022-02-28 15:53:26.101 INFO 16415 --- [nio-8888-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-02-28 15:53:26.101 INFO 16415 --- [nio-8888-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-02-28 15:53:26.102 INFO 16415 --- [nio-8888-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
However when I run the binary I try to use endpoint encrypt and decrypt doesn't work, I get the error: curl -u root:password localhost:8888/encrypt --data-urlencode any_text {"description":"No key was installed for encryption service","status":"NO_KEY"}
If I run the project in non-native mode, enpoint encrypt and decrypt work.
Any idea.
Please share a repro project.
https://github.com/luidoc/spring-config-server-master.git
@OlgaMaciaszek Could you please take care of this one?
@sdeleuze , sure, will take a look.
I was able to reproduce the issue. Verifying.
Have created a PR with the fix in Spring Cloud Config: https://github.com/spring-cloud/spring-cloud-config/pull/2065
Closing in favour of https://github.com/spring-cloud/spring-cloud-config/pull/2065
Testing with spring-cloud version 2021.0.2-SNAPSHOT. The problem persists:
./spring-config-server
2022-03-31 13:30:05.745 INFO 19367 --- [ main] o.s.nativex.NativeListener : AOT mode enabled
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.6.5)
2022-03-31 13:30:05.749 INFO 19367 --- [ main] e.l.c.s.SpringConfigServerApplication : Starting SpringConfigServerApplication v0.0.1-SNAPSHOT using Java 11.0.14 on fedora with PID 19367 (/root/desarrollo/spring-config-server-master/target/spring-config-server started by root in /root/desarrollo/spring-config-server-master/target)
2022-03-31 13:30:05.749 INFO 19367 --- [ main] e.l.c.s.SpringConfigServerApplication : No active profile set, falling back to 1 default profile: "default"
2022-03-31 13:30:05.776 INFO 19367 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8888 (http)
2022-03-31 13:30:05.776 INFO 19367 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-03-31 13:30:05.776 INFO 19367 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.60]
2022-03-31 13:30:05.785 INFO 19367 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-03-31 13:30:05.785 INFO 19367 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 36 ms
2022-03-31 13:30:05.878 INFO 19367 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will not secure any request
2022-03-31 13:30:05.915 INFO 19367 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 1 endpoint(s) beneath base path '/actuator'
2022-03-31 13:30:05.942 INFO 19367 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8888 (http) with context path ''
2022-03-31 13:30:05.943 INFO 19367 --- [ main] e.l.c.s.SpringConfigServerApplication : Started SpringConfigServerApplication in 0.218 seconds (JVM running for 0
curl -u root:password localhost:8888/encrypt --data-urlencode any_text {"description":"No key was installed for encryption service","status":"NO_KEY"}
Right, @luidoc - had to backport it to 3.1.x
- thanks for bringing this up.
Had to remove the changes as they caused a regression. Further analysis is required and changes might be needed in AOT to provide bootstrap context beans support.
Spring Native is now superseded by Spring Boot 3 official native support, see the related reference documentation for more details.
As a consequence, I am closing this issue, and recommend trying your use case with latest Spring Boot 3 version. If you still experience the issue reported here, please open an issue directly on the related Spring project (Spring Framework, Data, Security, Boot, Cloud, etc.) with a reproducer.
Thanks for your contribution on the experimental Spring Native project, we hope you will enjoy the official native support introduced by Spring Boot 3.