Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Took me some time to understand as well so I'm glad share :) I'm in process of tuning this setup so just out of curiosity how did you set up the Wicket properties file(s)? I don't like the idea to having properties in src/main/java and looking for proper way to load them from custom location like src/main/resources/properties/MyWicketApplication.properties. In out previous project we used I18n.init() method but I'm thinking more Wicket-y way, maybe using BundleStringResourceLoader ? But so far no luck making that work... Zbynek On Fri, Jan 25, 2019 at 6:34 AM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > Yes this is exactly how I've done it :) Thanks for taking time to help... > > @WicketSignInPage > @MountPath("page/login") > public class LoginPage extends BasePage { > > public LoginPage(PageParameters parameters) { > super(parameters); > > if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) { > continueToOriginalDestination(); > } > add(new LoginForm("loginForm")); > } > > private class LoginForm extends StatelessForm { > > private String username; > private String password; > > public LoginForm(String id) { > super(id); > setModel(new CompoundPropertyModel<>(this)); > add(new FeedbackPanel("feedback")); > add(new RequiredTextField("username")); > add(new PasswordTextField("password")); > } > > @Override > protected void onSubmit() { > AuthenticatedWebSession session = AuthenticatedWebSession.get(); > if (session.signIn(username, password)) { > setResponsePage(HomePage.class); > } else { > error("Login failed"); > } > } > } > } > > > On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros > wrote: > > > Is seems you have mixed my code with your code somehow. > > You must configure formLogin() and specify loginPage() pointing to your > > Wicket login page (maybe using @MountPath?). > > The .loginProcessingUrl() points to "/fake-url" because the > authentication > > itself is called from Wicket login page > > via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism > > in your Wicket login page? > > > > Zbynek > > > > On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael < > > nino.martinez.w...@gmail.com> wrote: > > > > > It sort of works, If I go to the actuator I get the http basic auth, > if I > > > on the same session goto my pages.. I get an "ugly" access denied page > > and > > > not the configured wicket login page. So it sort of works.. > > > > > > If I just goto localhost:8080/ I get an default spring login page not > the > > > wicket one.. Upon succesfull login it forwards me to the wicket login > > page, > > > where I can login again and then get to the real application.. > > > > > > Below my current code: > > > > > > > > > package dk.netdesign.ccadmin.frontend.security; > > > > > > import org.springframework.context.annotation.Bean; > > > import org.springframework.context.annotation.Configuration; > > > import org.springframework.core.annotation.Order; > > > import > org.springframework.security.authentication.AuthenticationManager; > > > import > > > > > > > > > org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; > > > import > > > > org.springframework.security.config.annotation.web.builders.HttpSecurity; > > > import > > > > > > > > > org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; > > > import org.springframework.security.config.http.SessionCreationPolicy; > > > import org.springframework.security.core.Authentication; > > > import org.springframework.security.core.context.SecurityContextHolder; > > > import org.springframework.security.core.userdetails.User; > > > import > org.springframework.security.core.userdetails.UserDetailsService; > > > import > org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; > > > import > > > org.springframework.security.provisioning.InMemoryUserDetailsManager; > > > import org.springframework.stereotype.Component; > > > > > > @Configuration > > > public class WicketWebSecurityAdapterConfig extends > > > WebSecurityConfigurerAdapter { > > > > > > > > > @Configuration > > > @Order(1) > > > public static class RestSecurityConfig extends > > > WebSecurityConfigurerAdapter { > > > > > > @Override > > > protected void configure(HttpSecurity http) throws Exception { > > > > > > > > > > > > > > > http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR") > > > .and().csrf().disable() > > > > > > > > > > > > .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) > > > .and().httpBasic(); > > > } > > > } > > > > > > @Configuration > > > @Order(2) > > > public static class WicketSecurityConfig extends > > > WebSecurityConfigurerAdapter { > > > @Override > > > protected void configure(HttpSecurity http) throws Exception { > > >
Re: Wicket 8 and Edge : Known compatibilities problem ?
Hi, We are not aware of any issues with MS Edge. The error message is really strange though! Here is something that I've found: https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_store/youll-need-a-new-app-to-open-this-https/631579eb-4051-42d9-96cc-3909690421e5 On Thu, Jan 24, 2019 at 8:02 PM andre seame wrote: > Hello, > > I have a wicket application that is Ok with Mozilla. > My company will to use windows 10 and Edge. I did some test and I have an > error message : You need a new application to see this page. > > Is this a know bug for edge ? A bad configuration of my HTML code ? a New > security option of the network administrator that would say "Edge is not > allowed on internal intranet network" ? > > Thanks, > >
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Yes this is exactly how I've done it :) Thanks for taking time to help... @WicketSignInPage @MountPath("page/login") public class LoginPage extends BasePage { public LoginPage(PageParameters parameters) { super(parameters); if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) { continueToOriginalDestination(); } add(new LoginForm("loginForm")); } private class LoginForm extends StatelessForm { private String username; private String password; public LoginForm(String id) { super(id); setModel(new CompoundPropertyModel<>(this)); add(new FeedbackPanel("feedback")); add(new RequiredTextField("username")); add(new PasswordTextField("password")); } @Override protected void onSubmit() { AuthenticatedWebSession session = AuthenticatedWebSession.get(); if (session.signIn(username, password)) { setResponsePage(HomePage.class); } else { error("Login failed"); } } } } On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros wrote: > Is seems you have mixed my code with your code somehow. > You must configure formLogin() and specify loginPage() pointing to your > Wicket login page (maybe using @MountPath?). > The .loginProcessingUrl() points to "/fake-url" because the authentication > itself is called from Wicket login page > via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism > in your Wicket login page? > > Zbynek > > On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > > > It sort of works, If I go to the actuator I get the http basic auth, if I > > on the same session goto my pages.. I get an "ugly" access denied page > and > > not the configured wicket login page. So it sort of works.. > > > > If I just goto localhost:8080/ I get an default spring login page not the > > wicket one.. Upon succesfull login it forwards me to the wicket login > page, > > where I can login again and then get to the real application.. > > > > Below my current code: > > > > > > package dk.netdesign.ccadmin.frontend.security; > > > > import org.springframework.context.annotation.Bean; > > import org.springframework.context.annotation.Configuration; > > import org.springframework.core.annotation.Order; > > import org.springframework.security.authentication.AuthenticationManager; > > import > > > > > org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; > > import > > org.springframework.security.config.annotation.web.builders.HttpSecurity; > > import > > > > > org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; > > import org.springframework.security.config.http.SessionCreationPolicy; > > import org.springframework.security.core.Authentication; > > import org.springframework.security.core.context.SecurityContextHolder; > > import org.springframework.security.core.userdetails.User; > > import org.springframework.security.core.userdetails.UserDetailsService; > > import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; > > import > > org.springframework.security.provisioning.InMemoryUserDetailsManager; > > import org.springframework.stereotype.Component; > > > > @Configuration > > public class WicketWebSecurityAdapterConfig extends > > WebSecurityConfigurerAdapter { > > > > > > @Configuration > > @Order(1) > > public static class RestSecurityConfig extends > > WebSecurityConfigurerAdapter { > > > > @Override > > protected void configure(HttpSecurity http) throws Exception { > > > > > > > > > http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR") > > .and().csrf().disable() > > > > > > > .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) > > .and().httpBasic(); > > } > > } > > > > @Configuration > > @Order(2) > > public static class WicketSecurityConfig extends > > WebSecurityConfigurerAdapter { > > @Override > > protected void configure(HttpSecurity http) throws Exception { > > http.antMatcher("/page/**").authorizeRequests() > > .antMatchers("/page/login**").permitAll() > > .antMatchers("/page/**").hasAnyAuthority("USER", > > "ADMIN") > > > > > > > .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url") > > > > .and().csrf().disable(); > > } > > } > > > > @Bean > > public static BCryptPasswordEncoder passwordEncoder() { > > return new BCryptPasswordEncoder(); > > } > > > > @Bean(name = "authenticationManager") > > @Override > > public AuthenticationManager authenticationManagerBean() throws > > Exception { > > > > return super.authenticationManagerBean(); > > } > > public interface IAuthenticationFacade { > > Authentication getAuthentication(); > > } > > @Component > > public class AuthenticationFacade
Wicket 8 and Edge : Known compatibilities problem ?
Hello, I have a wicket application that is Ok with Mozilla. My company will to use windows 10 and Edge. I did some test and I have an error message : You need a new application to see this page. Is this a know bug for edge ? A bad configuration of my HTML code ? a New security option of the network administrator that would say "Edge is not allowed on internal intranet network" ? Thanks,
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Is seems you have mixed my code with your code somehow. You must configure formLogin() and specify loginPage() pointing to your Wicket login page (maybe using @MountPath?). The .loginProcessingUrl() points to "/fake-url" because the authentication itself is called from Wicket login page via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism in your Wicket login page? Zbynek On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > It sort of works, If I go to the actuator I get the http basic auth, if I > on the same session goto my pages.. I get an "ugly" access denied page and > not the configured wicket login page. So it sort of works.. > > If I just goto localhost:8080/ I get an default spring login page not the > wicket one.. Upon succesfull login it forwards me to the wicket login page, > where I can login again and then get to the real application.. > > Below my current code: > > > package dk.netdesign.ccadmin.frontend.security; > > import org.springframework.context.annotation.Bean; > import org.springframework.context.annotation.Configuration; > import org.springframework.core.annotation.Order; > import org.springframework.security.authentication.AuthenticationManager; > import > > org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; > import > org.springframework.security.config.annotation.web.builders.HttpSecurity; > import > > org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; > import org.springframework.security.config.http.SessionCreationPolicy; > import org.springframework.security.core.Authentication; > import org.springframework.security.core.context.SecurityContextHolder; > import org.springframework.security.core.userdetails.User; > import org.springframework.security.core.userdetails.UserDetailsService; > import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; > import > org.springframework.security.provisioning.InMemoryUserDetailsManager; > import org.springframework.stereotype.Component; > > @Configuration > public class WicketWebSecurityAdapterConfig extends > WebSecurityConfigurerAdapter { > > > @Configuration > @Order(1) > public static class RestSecurityConfig extends > WebSecurityConfigurerAdapter { > > @Override > protected void configure(HttpSecurity http) throws Exception { > > > > http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR") > .and().csrf().disable() > > > .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) > .and().httpBasic(); > } > } > > @Configuration > @Order(2) > public static class WicketSecurityConfig extends > WebSecurityConfigurerAdapter { > @Override > protected void configure(HttpSecurity http) throws Exception { > http.antMatcher("/page/**").authorizeRequests() > .antMatchers("/page/login**").permitAll() > .antMatchers("/page/**").hasAnyAuthority("USER", > "ADMIN") > > > .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url") > > .and().csrf().disable(); > } > } > > @Bean > public static BCryptPasswordEncoder passwordEncoder() { > return new BCryptPasswordEncoder(); > } > > @Bean(name = "authenticationManager") > @Override > public AuthenticationManager authenticationManagerBean() throws > Exception { > > return super.authenticationManagerBean(); > } > public interface IAuthenticationFacade { > Authentication getAuthentication(); > } > @Component > public class AuthenticationFacade implements IAuthenticationFacade { > > @Override > public Authentication getAuthentication() { > return SecurityContextHolder.getContext().getAuthentication(); > } > } > > @Bean > public UserDetailsService userDetailsService() { > InMemoryUserDetailsManager manager = new > InMemoryUserDetailsManager(); > manager.createUser( > User.withUsername("admin") > > .password(passwordEncoder().encode("admin")).authorities("USER", "ADMIN") > .build()); > > manager.createUser( > User.withUsername("actuator") > > .password(passwordEncoder().encode("actuator")).roles("ACTUATOR") > .build()); > > return manager; > } > } > > > On Thu, Jan 24, 2019 at 3:19 PM nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > > > Thanks will try it:) > > > > On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros > > wrote: > > > >> In my case it works something like this: > >> > >> @Configuration > >> @EnableWebSecurity > >> public class SecurityConfiguration { > >> > >> @Configuration > >> @Order(1) > >> public static
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
It sort of works, If I go to the actuator I get the http basic auth, if I on the same session goto my pages.. I get an "ugly" access denied page and not the configured wicket login page. So it sort of works.. If I just goto localhost:8080/ I get an default spring login page not the wicket one.. Upon succesfull login it forwards me to the wicket login page, where I can login again and then get to the real application.. Below my current code: package dk.netdesign.ccadmin.frontend.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.stereotype.Component; @Configuration public class WicketWebSecurityAdapterConfig extends WebSecurityConfigurerAdapter { @Configuration @Order(1) public static class RestSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR") .and().csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().httpBasic(); } } @Configuration @Order(2) public static class WicketSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/page/**").authorizeRequests() .antMatchers("/page/login**").permitAll() .antMatchers("/page/**").hasAnyAuthority("USER", "ADMIN") .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url") .and().csrf().disable(); } } @Bean public static BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean(name = "authenticationManager") @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } public interface IAuthenticationFacade { Authentication getAuthentication(); } @Component public class AuthenticationFacade implements IAuthenticationFacade { @Override public Authentication getAuthentication() { return SecurityContextHolder.getContext().getAuthentication(); } } @Bean public UserDetailsService userDetailsService() { InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser( User.withUsername("admin") .password(passwordEncoder().encode("admin")).authorities("USER", "ADMIN") .build()); manager.createUser( User.withUsername("actuator") .password(passwordEncoder().encode("actuator")).roles("ACTUATOR") .build()); return manager; } } On Thu, Jan 24, 2019 at 3:19 PM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > Thanks will try it:) > > On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros > wrote: > >> In my case it works something like this: >> >> @Configuration >> @EnableWebSecurity >> public class SecurityConfiguration { >> >> @Configuration >> @Order(1) >> public static class RestSecurityConfig extends >> WebSecurityConfigurerAdapter { >> >> .. user details service, auth providers etc >> >> @Override >> protected void configure(HttpSecurity http) throws Exception { >> >> >> http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated() >> .and().csrf().disable() >> >> >> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) >> .and().httpBasic(); >> } >> } >> >> @Configuration >> @Order(2) >> public static class WicketSecurityConfig extends >> WebSecurityConfigurerAdapter { >> >> .. user details service, auth providers etc >> >> @Override >>
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Thanks will try it:) On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros wrote: > In my case it works something like this: > > @Configuration > @EnableWebSecurity > public class SecurityConfiguration { > > @Configuration > @Order(1) > public static class RestSecurityConfig extends > WebSecurityConfigurerAdapter { > > .. user details service, auth providers etc > > @Override > protected void configure(HttpSecurity http) throws Exception { > > http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated() > .and().csrf().disable() > > .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) > .and().httpBasic(); > } > } > > @Configuration > @Order(2) > public static class WicketSecurityConfig extends > WebSecurityConfigurerAdapter { > > .. user details service, auth providers etc > > @Override > protected void configure(AuthenticationManagerBuilder auth) throws > Exception { > auth.authenticationProvider(wicketAuthenticationProvider); > } > > @Override > protected void configure(HttpSecurity http) throws Exception { > http.antMatcher("/page/**").authorizeRequests() > .antMatchers("/page/login**").permitAll() > .antMatchers("/page/**").hasRole("ROLE") > > .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url") > .and().csrf().disable(); > } > > @Override > @Bean(name = "authenticationManager") > public AuthenticationManager authenticationManagerBean() throws > Exception { > return super.authenticationManagerBean(); > } > } > } > > The RestSecurityConfigwould be what you would do for actuators, for me > thats the REST API. > Not the order of "antMatcher", "authorizeRequests" and " antMatchers". > > Zbynek > > On Thu, Jan 24, 2019 at 3:09 PM nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > > > do you have an example? OR is it just to cut them into two like: > > WebSecurityConfigurerAdapter A: > > > > > http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > > > WebSecurityConfigurerAdapter B: > > http > > .csrf().disable() > > .authorizeRequests().anyRequest().permitAll() > > .and() > > .logout() > > .permitAll(); > > http.headers().frameOptions().disable(); > > > > > > On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros > > wrote: > > > > > Hi, > > > > > > I did similar thing, the trick here is to use two > > > WebSecurityConfigurerAdaptes. > > > > > > Zbynek > > > > > > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < > > > nino.martinez.w...@gmail.com> wrote: > > > > > > > Hope its okay to use the wicket user mailing list for this:) > > > > > > > > First of all thanks to MarcGiffing for making the project. But I > cannot > > > get > > > > actuator endpoints to work with spring security and wicket spring > > boot.. > > > > I've tried a lot of things.. > > > > > > > > IN my WebSecurityConfigurerAdapter: > > > > > > > > http > > > > > > > > > > > > > > > > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > > > > > > > http > > > > .csrf().disable() > > > > .authorizeRequests().anyRequest().permitAll() > > > > .and() > > > > .logout() > > > > .permitAll(); > > > > http.headers().frameOptions().disable(); > > > > > > > > But that just disables actuator and messes with the Wicket side of > the > > > > security.. Any one have some clues= > > > > > > > > -- > > > > Best regards / Med venlig hilsen > > > > Nino Martinez > > > > > > > > > > > > > -- > > Best regards / Med venlig hilsen > > Nino Martinez > > > -- Best regards / Med venlig hilsen Nino Martinez
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
In my case it works something like this: @Configuration @EnableWebSecurity public class SecurityConfiguration { @Configuration @Order(1) public static class RestSecurityConfig extends WebSecurityConfigurerAdapter { .. user details service, auth providers etc @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated() .and().csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().httpBasic(); } } @Configuration @Order(2) public static class WicketSecurityConfig extends WebSecurityConfigurerAdapter { .. user details service, auth providers etc @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(wicketAuthenticationProvider); } @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/page/**").authorizeRequests() .antMatchers("/page/login**").permitAll() .antMatchers("/page/**").hasRole("ROLE") .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url") .and().csrf().disable(); } @Override @Bean(name = "authenticationManager") public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } } } The RestSecurityConfigwould be what you would do for actuators, for me thats the REST API. Not the order of "antMatcher", "authorizeRequests" and " antMatchers". Zbynek On Thu, Jan 24, 2019 at 3:09 PM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > do you have an example? OR is it just to cut them into two like: > WebSecurityConfigurerAdapter A: > > > http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > WebSecurityConfigurerAdapter B: > http > .csrf().disable() > .authorizeRequests().anyRequest().permitAll() > .and() > .logout() > .permitAll(); > http.headers().frameOptions().disable(); > > > On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros > wrote: > > > Hi, > > > > I did similar thing, the trick here is to use two > > WebSecurityConfigurerAdaptes. > > > > Zbynek > > > > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < > > nino.martinez.w...@gmail.com> wrote: > > > > > Hope its okay to use the wicket user mailing list for this:) > > > > > > First of all thanks to MarcGiffing for making the project. But I cannot > > get > > > actuator endpoints to work with spring security and wicket spring > boot.. > > > I've tried a lot of things.. > > > > > > IN my WebSecurityConfigurerAdapter: > > > > > > http > > > > > > > > > > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > > > > > http > > > .csrf().disable() > > > .authorizeRequests().anyRequest().permitAll() > > > .and() > > > .logout() > > > .permitAll(); > > > http.headers().frameOptions().disable(); > > > > > > But that just disables actuator and messes with the Wicket side of the > > > security.. Any one have some clues= > > > > > > -- > > > Best regards / Med venlig hilsen > > > Nino Martinez > > > > > > > > -- > Best regards / Med venlig hilsen > Nino Martinez >
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Hi, I did similar thing, the trick here is to use two WebSecurityConfigurerAdaptes. Zbynek On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > Hope its okay to use the wicket user mailing list for this:) > > First of all thanks to MarcGiffing for making the project. But I cannot get > actuator endpoints to work with spring security and wicket spring boot.. > I've tried a lot of things.. > > IN my WebSecurityConfigurerAdapter: > > http > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > http > .csrf().disable() > .authorizeRequests().anyRequest().permitAll() > .and() > .logout() > .permitAll(); > http.headers().frameOptions().disable(); > > But that just disables actuator and messes with the Wicket side of the > security.. Any one have some clues= > > -- > Best regards / Med venlig hilsen > Nino Martinez >
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
do you have an example? OR is it just to cut them into two like: WebSecurityConfigurerAdapter A: http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); WebSecurityConfigurerAdapter B: http .csrf().disable() .authorizeRequests().anyRequest().permitAll() .and() .logout() .permitAll(); http.headers().frameOptions().disable(); On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros wrote: > Hi, > > I did similar thing, the trick here is to use two > WebSecurityConfigurerAdaptes. > > Zbynek > > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > > > Hope its okay to use the wicket user mailing list for this:) > > > > First of all thanks to MarcGiffing for making the project. But I cannot > get > > actuator endpoints to work with spring security and wicket spring boot.. > > I've tried a lot of things.. > > > > IN my WebSecurityConfigurerAdapter: > > > > http > > > > > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > > > http > > .csrf().disable() > > .authorizeRequests().anyRequest().permitAll() > > .and() > > .logout() > > .permitAll(); > > http.headers().frameOptions().disable(); > > > > But that just disables actuator and messes with the Wicket side of the > > security.. Any one have some clues= > > > > -- > > Best regards / Med venlig hilsen > > Nino Martinez > > > -- Best regards / Med venlig hilsen Nino Martinez
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Already done that.. Thanks for the idea.. On my webservice project I am doing this: http .authorizeRequests() .antMatchers("/services/**").hasRole("USER").and().httpBasic().and(). csrf().disable(); http .authorizeRequests() .antMatchers("/actuator/**").hasRole("ACTUATOR").and().httpBasic().and(). csrf().disable(); And its working fine, I am wondering if its because my mountpoints for wicket all are mapped to root like /home /login .. Which could conflict with /actuator? On Thu, Jan 24, 2019 at 3:01 PM Andrea Del Bene wrote: > I had a problem with Spring Boot 2 and actuator as many of them are > disabled by default in the new version. I don't know if this is the case > for you, but I would try enabling all of them via config file. For example > with yml is something like: > > management: > endpoints: > web: > exposure: > include: "*" > > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > > > Hope its okay to use the wicket user mailing list for this:) > > > > First of all thanks to MarcGiffing for making the project. But I cannot > get > > actuator endpoints to work with spring security and wicket spring boot.. > > I've tried a lot of things.. > > > > IN my WebSecurityConfigurerAdapter: > > > > http > > > > > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > > > http > > .csrf().disable() > > .authorizeRequests().anyRequest().permitAll() > > .and() > > .logout() > > .permitAll(); > > http.headers().frameOptions().disable(); > > > > But that just disables actuator and messes with the Wicket side of the > > security.. Any one have some clues= > > > > -- > > Best regards / Med venlig hilsen > > Nino Martinez > > > > > -- > Andrea Del Bene. > Apache Wicket committer. > -- Best regards / Med venlig hilsen Nino Martinez
Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
I had a problem with Spring Boot 2 and actuator as many of them are disabled by default in the new version. I don't know if this is the case for you, but I would try enabling all of them via config file. For example with yml is something like: management: endpoints: web: exposure: include: "*" On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael < nino.martinez.w...@gmail.com> wrote: > Hope its okay to use the wicket user mailing list for this:) > > First of all thanks to MarcGiffing for making the project. But I cannot get > actuator endpoints to work with spring security and wicket spring boot.. > I've tried a lot of things.. > > IN my WebSecurityConfigurerAdapter: > > http > > > .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); > > http > .csrf().disable() > .authorizeRequests().anyRequest().permitAll() > .and() > .logout() > .permitAll(); > http.headers().frameOptions().disable(); > > But that just disables actuator and messes with the Wicket side of the > security.. Any one have some clues= > > -- > Best regards / Med venlig hilsen > Nino Martinez > -- Andrea Del Bene. Apache Wicket committer.
Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)
Hope its okay to use the wicket user mailing list for this:) First of all thanks to MarcGiffing for making the project. But I cannot get actuator endpoints to work with spring security and wicket spring boot.. I've tried a lot of things.. IN my WebSecurityConfigurerAdapter: http .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic(); http .csrf().disable() .authorizeRequests().anyRequest().permitAll() .and() .logout() .permitAll(); http.headers().frameOptions().disable(); But that just disables actuator and messes with the Wicket side of the security.. Any one have some clues= -- Best regards / Med venlig hilsen Nino Martinez