Currently serve up the logging.config file via plain text from an unsecured config server. Using:
logging.config: ${spn.spring.cloud.config.runtime.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
Have now secured the web server with basic authentication and would like to use:
logging.config: http://${spring.cloud.config.username}:${spring.cloud.config.password}@localhost:8888/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
The above throws:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://user:cde3$RFV@localhost:8888/spn-rules-svc/local-cloud,debug,unsecured/WD-1675-the-management-env-dump-etc-endp/logback-spring.xml
It appears the Basic Authentication used to pull the remote configuration from the Config service for the microservice client is not used to pull the Plain text as well.
I am able to pull the clients configuration via curl with basic auth.
curl --user 'user:cde3$RFV' http://localhost:8888/spn-eureka-svc/local-cloud,unsecured,debug/WD-1675-the-management-env-dump-etc-endp/logback-spring.xml
Is Serving Plain text from a secured (basic auth) Config Server currently supported? And if so, where can I find any documentation on the proper configuration.
If not supported, where is the best place to start making changes to use a "Secured" Rest Template to add support for serving plain text from a secured config server?
Comment From: spencergibb
So, I don't think this an issue with config server, but the client that loads the logging config.
Comment From: ulmermark
Makes sense. But I see a call to
ResourceUtils.getURL(logConfig).openStream().close();
in org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration
that throws an exception prior to ever getting to the logback library and class that does the actual read of the file.
If the above line of code is in place and not modified, changes to read a logging.config file from a secured config server will not work even if the logback library is changed.
Comment From: spencergibb
How about a full stack trace?
Comment From: ulmermark
Here are some snapshots...
Thread [restartedMain] (Suspended) PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).reinitializeLoggingSystem(ConfigurableEnvironment, String, LogFile) line: 130 PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).initialize(ConfigurableApplicationContext) line: 105 SpringApplication.applyInitializers(ConfigurableApplicationContext) line: 635 SpringApplication.prepareContext(ConfigurableApplicationContext, ConfigurableEnvironment, SpringApplicationRunListeners, ApplicationArguments, Banner) line: 349 SpringApplication.run(String...) line: 313 SpringApplication.run(Object[], String[]) line: 1186 SpringApplication.run(Object, String...) line: 1175 RulesApplication.main(String[]) line: 25 NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method] NativeMethodAccessorImpl.invoke(Object, Object[]) line: 62 DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43 Method.invoke(Object, Object...) line: 498 RestartLauncher.run() line: 49
[image: Inline image 2]
On Mon, Jun 19, 2017 at 10:00 AM, Spencer Gibb notifications@github.com wrote:
How about a full stack trace?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/spring-cloud/spring-cloud-config/issues/721#issuecomment-309466784, or mute the thread https://github.com/notifications/unsubscribe-auth/ADVJnVlzKq23tsX2qAG4xZvUGlYgUbRpks5sFozwgaJpZM4N8hb2 .
Comment From: spencergibb
Please, no images of stack traces.
Comment From: ulmermark
java.io.IOException: Server returned HTTP response code: 401 for URL: http://user:cde34RFV@localhost:8888/spn-rules-svc/local-cloud,debug,unsecured/WD-1675-the-management-env-dump-etc-endp/logback-spring.xml
[sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840),
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441),
java.net.URL.openStream(URL.java:1045),
org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.reinitializeLoggingSystem(PropertySourceBootstrapConfiguration.java:120),
org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:105),
org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:635),
org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:349),
org.springframework.boot.SpringApplication.run(SpringApplication.java:313),
org.springframework.boot.SpringApplication.run(SpringApplication.java:1186),
org.springframework.boot.SpringApplication.run(SpringApplication.java:1175),
com.spn.rules.RulesApplication.main(RulesApplication.java:25),
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method),
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62),
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),
java.lang.reflect.Method.invoke(Method.java:498),
org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)]
Thread [restartedMain] (Suspended)
PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).reinitializeLoggingSystem(ConfigurableEnvironment,
String, LogFile) line: 130
PropertySourceBootstrapConfiguration$$EnhancerBySpringCGLIB$$5387cdcc(PropertySourceBootstrapConfiguration).initialize(ConfigurableApplicationContext)
line: 105
SpringApplication.applyInitializers(ConfigurableApplicationContext) line:
635
SpringApplication.prepareContext(ConfigurableApplicationContext,
ConfigurableEnvironment, SpringApplicationRunListeners,
ApplicationArguments, Banner) line: 349
SpringApplication.run(String...) line: 313
SpringApplication.run(Object[], String[]) line: 1186
SpringApplication.run(Object, String...) line: 1175
RulesApplication.main(String[]) line: 25
NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not
available [native method]
NativeMethodAccessorImpl.invoke(Object, Object[]) line: 62
DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43
Method.invoke(Object, Object...) line: 498
RestartLauncher.run() line: 49
Comment From: ulmermark
If the code above did not throw an exception, I believe the next issue would be in the LogbackLoggingSystem class in the following method.
There is a call to ResourceUtils.getURL(location)) that would not use Basic Authentication
@Override
protected void loadConfiguration(LoggingInitializationContext initializationContext,
String location, LogFile logFile) {
super.loadConfiguration(initializationContext, location, logFile);
LoggerContext loggerContext = getLoggerContext();
stopAndReset(loggerContext);
try {
configureByResourceUrl(initializationContext, loggerContext,
ResourceUtils.getURL(location));
}
catch (Exception ex) {
throw new IllegalStateException(
"Could not initialize Logback logging from " + location, ex);
}
List<Status> statuses = loggerContext.getStatusManager().getCopyOfStatusList();
StringBuilder errors = new StringBuilder();
for (Status status : statuses) {
if (status.getLevel() == Status.ERROR) {
errors.append(errors.length() > 0 ? String.format("%n") : "");
errors.append(status.toString());
}
}
if (errors.length() > 0) {
throw new IllegalStateException(
String.format("Logback configuration error detected: %n%s", errors));
}
}
Comment From: ulmermark
Decided to go a different route and utilize Spring Security to "permitAll" to a list of URLs from the secured Spring Cloud Config Server.
This will allow the logback-spring.xml file to be accessed without Basic Authentication attached to the URL request. All other requests to the secured Spring Cloud Config Server for an application properties from the a config server client will still require basic authentication attached to the request which is part of the Spring Cloud Config Client.
Comment From: ravasconcelos
Decided to go a different route and utilize Spring Security to "permitAll" to a list of URLs from the secured Spring Cloud Config Server.
This will allow the logback-spring.xml file to be accessed without Basic Authentication attached to the URL request. All other requests to the secured Spring Cloud Config Server for an application properties from the a config server client will still require basic authentication attached to the request which is part of the Spring Cloud Config Client.
So the conclusion is that it is not possible to have the property like below? logging.config: http://${spring.cloud.config.username}:${spring.cloud.config.password}@localhost:8888/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
Comment From: Rohit-Kmr
I was able to find a way around but not solve it.
I put the
logging.config=${spn.spring.cloud.config.runtime.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label:master}/logback-spring.xml
inside the properties file in the git repo.