sloppycoder / nfsx Goto Github PK

When using spring-session the SSO logout does not work correctly. Most likely an issue in spring-security's oauth implementation.

Here is the related SO question and [github issue]/spring-projects/spring-boot/issues/4360)

http://stackoverflow.com/questions/33458696/spring-boot-1-3-m5-oauth2-sso-does-not-work-with-spring-session

code diff:
master...WIP_spring_session

Adding @EnableWebMvc to TestWebAppApplication class causes the AuditTrailTests test fail, with

Caused by: java.lang.IllegalArgumentException: A ServletContext is required to configure default servlet handling
    at org.springframework.util.Assert.notNull(Assert.java:115)
    at org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer.<init>(DefaultServletHandlerConfigurer.java:53)
    at org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport.defaultServletHandlerMapping(WebMvcConfigurationSupport.java:450)
    at org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration$$EnhancerBySpringCGLIB$$6df018b4.CGLIB$defaultServletHandlerMapping$28(<generated>)
    at org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration$$EnhancerBySpringCGLIB$$6df018b4$$FastClassBySpringCGLIB$$eaa49619.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:318)
    at org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration$$EnhancerBySpringCGLIB$$6df018b4.defaultServletHandlerMapping(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
    ... 46 more

the current structure does not make much sense. the JpaRepository class should implement the CustomerService interface. need to refactor that.

Bonus, use Jersey to replace Spring MVC here in order to take advantage of WADL auto-generation.

jacoco coverage report is not generated during build.

trying to disable flyway migration in web-app.ml has no effect.

not sure if it's spring auth server bug or not.

Re-produce:

1. login to http://localhost:8000/app
2. logout, browser shows login window.
3. manually change brewer's URL to http://localhost:8000/dashboard, the page is displayed. the logout to web app server does actually work.

https://github.com/sloppycoder/nfsx/blob/master/ibank/apps/webapp/src/test/java/com/fictional/ibank/web/RedisBasedTest.java

need a way to use dynamically assigned port number and tell spring to use it, so that there is no port number clash during parallel runs of tests.

78092df

adding spring-boot-starter-redis dependency onto class path will trigger spring-boot to initialize redis connectivity, which fails when redis is not running. this happens even when spring-session @EnableRedisHttpSession is not present anywhere in the code.

This behavior basically prevent merging spring-session support into master because it makes all the tests dependent on Redis. Though it is possible to use embedded redis to support testing it is undesirable since it requires extra code in all modules but without much benefits.

It will be desirable to merge spring-session support into master, and enable it with a configuration item in application.yml.

Enable hysteria and turbine integration into bank app.

https://travis-ci.org/sloppycoder/nfsx/builds/93547154

SimulatorTests hangs for more than 10 minutes at initialization.

maybe related to embedded Redis...

build-info.properties created but git commit id etc are not substituted.

When running the application using docker-compose up, the dashboard always display information as if backend services are not available up on first login. Refresh the page displays the correct information.

Is there anyway to test CXF web service client with stub xml files under src/test/resources/xml ?

CORS header not sent despite configuration and code in place.

Need a logout mechanism for web app. currently once login it'll be valid even after close and re-open the browser (why?). there should at least be a logout mechanism.

When profile service is done, dashboard correctly display "anonymous", however the status in Hystrix dashboard seems incorrect.

When cloud-server is running, the configuration are downloaded from config-server even when running test cases, thus causing test case to fail due to inconsistency of configuration between cloud-config server and local applicantion.yml.

There should be a way to disable config-config server download during test run to ensure repeatability of test results.

this sample service starts up fine, but /health end point does not show custom health indicator provided by service-support library.

When using nginx as reverse proxy to front-end web-app, the web-app always redirect to https request to http.

Reproduce:

1. run auth-server with proxied profile
2. run web-app server with proxied profile.
3. configure ngnix with the following configuration:

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$scheme $remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forward_proto""$http_x_forwarded_for"';


  server {
    listen 443 ssl;
    server_name some_domain_that_matches_config_below;

    ssl on;
    ssl_certificate         /usr/local/etc/nginx/certs/ssl_bundle.crt;
    ssl_certificate_key     /usr/local/etc/nginx/certs/www_vino9_net.key;

    access_log /usr/local/etc/nginx/logs/m_vino9_access.log main;
    error_log /usr/local/etc/nginx/logs/m_vino9_error.log;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    location /app {
        proxy_pass http://localhost:8000/app;
    }

    location /uaa {
        proxy_pass http://localhost:19999/uaa;
    }
  }
}

tomcat configuration contains:

spring:
  profiles: proxied

  tomcat:
    protocol-header: X-Forwarded-Proto
    protocol-header-https-value: https
    remote-ip-header:   X-Forwarded-For

but access log shows tomcat still redirect https login request to http. since nginx is not configured to handle http at all, the login page cannot load.

The web-app does not pass credential correctly to profile-service. When profit-service enables oauth2 authorization calling service will fail.

spring cloud documentation describes this behavior should be automatically when configurations are in place. However sine oauth2 implementation is moving out of spring-cloud and into spring-boot, the documentation may not be most relevant.

for modules that uses docker-maven-plugin, the plugin configuration must be specific at each module level, not at parent level, causes massive duplication.

this is caused by an issue in the plugin that the plugin will run even when packing type is POM, which causes error at parent pom level. The issue seems to have been fixed in upstream. pull request.

the configuration should be moved into parent pom when the new release arrives.

To add:

1. check if custom health indicator is present
2. for webapp, check if SSO redirect is happening.
3. add free marker sample to web app sample.