New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Serving logging.config from a secured config server #721
Comments
So, I don't think this an issue with config server, but the client that loads the logging config. |
Makes sense. But I see a call to
that throws an exception prior to ever getting to the logback library and class that does the actual read of the file. If the above line of code is in place and not modified, changes to read a logging.config file from a secured config server will not work even if the logback library is changed. |
How about a full stack trace? |
Here are some snapshots...
Thread [restartedMain] (Suspended)
PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).reinitializeLoggingSystem(ConfigurableEnvironment,
String, LogFile) line: 130
PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).initialize(ConfigurableApplicationContext)
line: 105
SpringApplication.applyInitializers(ConfigurableApplicationContext) line:
635
SpringApplication.prepareContext(ConfigurableApplicationContext,
ConfigurableEnvironment, SpringApplicationRunListeners,
ApplicationArguments, Banner) line: 349
SpringApplication.run(String...) line: 313
SpringApplication.run(Object[], String[]) line: 1186
SpringApplication.run(Object, String...) line: 1175
RulesApplication.main(String[]) line: 25
NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not
available [native method]
NativeMethodAccessorImpl.invoke(Object, Object[]) line: 62
DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43
Method.invoke(Object, Object...) line: 498
RestartLauncher.run() line: 49
[image: Inline image 2]
…On Mon, Jun 19, 2017 at 10:00 AM, Spencer Gibb ***@***.***> wrote:
How about a full stack trace?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#721 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADVJnVlzKq23tsX2qAG4xZvUGlYgUbRpks5sFozwgaJpZM4N8hb2>
.
|
Please, no images of stack traces. |
|
If the code above did not throw an exception, I believe the next issue would be in the LogbackLoggingSystem class in the following method. There is a call to ResourceUtils.getURL(location)) that would not use Basic Authentication
|
Decided to go a different route and utilize Spring Security to "permitAll" to a list of URLs from the secured Spring Cloud Config Server. This will allow the logback-spring.xml file to be accessed without Basic Authentication attached to the URL request. All other requests to the secured Spring Cloud Config Server for an application properties from the a config server client will still require basic authentication attached to the request which is part of the Spring Cloud Config Client. |
So the conclusion is that it is not possible to have the property like below? |
I was able to find a way around but not solve it. |
Currently serve up the logging.config file via plain text from an unsecured config server. Using:
logging.config: ${spn.spring.cloud.config.runtime.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
Have now secured the web server with basic authentication and would like to use:
logging.config: http://${spring.cloud.config.username}:${spring.cloud.config.password}@localhost:8888/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
The above throws:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://user:cde3$RFV@localhost:8888/spn-rules-svc/local-cloud,debug,unsecured/WD-1675-the-management-env-dump-etc-endp/logback-spring.xml
It appears the Basic Authentication used to pull the remote configuration from the Config service for the microservice client is not used to pull the Plain text as well.
I am able to pull the clients configuration via curl with basic auth.
curl --user 'user:cde3$RFV' http://localhost:8888/spn-eureka-svc/local-cloud,unsecured,debug/WD-1675-the-management-env-dump-etc-endp/logback-spring.xml
Is Serving Plain text from a secured (basic auth) Config Server currently supported? And if so, where can I find any documentation on the proper configuration.
If not supported, where is the best place to start making changes to use a "Secured" Rest Template to add support for serving plain text from a secured config server?
The text was updated successfully, but these errors were encountered: