Showing posts from August, 2017

Enable SSL in Spring Boot


In this article I'll show you how you can enble SSL using self signed certificate.

Remember this will show you a warning if you access app from the browser saying your connection is not private. Like this,

Using self signed certificate is useful in development environment but we'll see in future article how we can enable it in production environment.
1. Generate Keystore
keytool -genkey -keyalg RSA -alias keyname -keystore keystore.jks -storepass keypass -validity 360 -keysize 2048
Here we're creating a keystore named 'keystore.jks' with a password 'keypass' and an alias 'keyname'. Well not yet, after executing this command your terminal will prompt to get some informations like this

A keystore (keystore.jks) will be generated in your current directory. No you need to use this keystore to enable ssl.

2. Enable SSL
First copy kaystore.jks file in your project root directory or any directory you want. Write some configuration properties in your application…

Enable CORS globally in Spring Boot

People, I'm about to show how you can enable CORS globally in your spring boot application.
1. Configuration
Create a configuration class and annotate with @Configiration anntation. Please make sure that this class is being scanned by component scanner. If not use annotation @ComponentScan to scan your package. Subpackages will automatically be scanned.
public class AppConfig {


2. Configure CORS Filter
public class AppConfig {

public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();

Using OAuth2 and web security simultaneously in Spring Security


I've been experiencing a pretty annoying trouble using both web security and OAuth2. I implemented OAuth2 first for my rest api and then when I tried form login using, it was giving an error and user wans't logged in.

So I dug a bit deeper in google and found the solution. It wan't the problem of configuration, it was a silly mistake that wasn't suppose to happen.

Anyway I'm posting both Resource Server and Web security config classed here.

Configure Resource Server
@Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .antMatchers("/", "/login**") .permitAll() .anyRequest() .authenticated() .and().logout().log…