Hecklers in Development
Code, coffee, & camaraderie. Collection, unordered. ;)

Just a quick tip for the Spring fans out there…

 

If you’ve decided to try out Spring Boot Actuator – and if you haven’t you really should! – you may have run into one of two interesting hitches that are easily resolved:

 

  1. You are unable to access any of the various Actuator endpoints (/beans, /env, et al)
  2. You can access those endpoints and yet are unable to access /actuator, the primary (navigable) Actuator endpoint

 

Unable to access any Actuator endpoints

 

In the case of point #1 above, you may see this in your logs:

 

s.b.a.e.m.MvcEndpointSecurityInterceptor : Full authentication is required to access actuator endpoints. Consider adding Spring Security or set ‘management.security.enabled’ to false.

 

For testing, it’s adequate and acceptable to simply add the suggested entry to your app’s application.properties file:

 

management.security.enabled=false

 

This is far less likely to be a suitable solution for production apps, though. 🙂  Enabling Spring Security properly to secure access to your application is a far more production-ready option.

 

Unable to access /actuator

 

If you can load successfully the various Spring Boot Actuator endpoints but get a 404 error on /actuator, the primary (navigable) Actuator endpoint, you are hitting a different (yet also easily resolved) snag. The hint is in how I phrased the difficulty: the primary (navigable) Actuator endpoint.

 

In order to access /actuator, which uses hypermedia to provide a navigable structure of links to Actuator endpoints, you must include HATEOAS (spring-boot-starter-hateoas) on your classpath. Adding this to your POM will fix that nicely:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-hateoas</artifactId>
</dependency>

That’s all for now, but stay tuned (or follow me on Twitter) for more quick or lengthy Spring tips!

 

Cheers,
Mark

 

Click here for more information about Spring Boot Actuator.

Share

Related Posts:


Tags: , , , , , , , ,

We’ve recently added the capability to send/receive secure, signed and/or encrypted emails.

Why?

Simply put, we have nothing to hide. To paraphrase a movie line, we aren’t even very exciting. 🙂 But just as we don’t put pictures of our underwear & sock drawers online for just anyone to see, we aren’t all that enthused about perfect strangers poring over our grocery lists, family emails, etc. I suspect most people aren’t.

How?

It’s pretty quick and easy to secure your email using PGP/GPG (Pretty Good Privacy and the Gnu Privacy Guard). Here are some links you can use to “get secure” in a matter of minutes on most platforms:

Mac

GPGTools, available here.

Windows

GPG4Win, available here.

GMail in Chrome

Mailvelope, available here and in the Chrome Store.

The Bottom Line

If you’ve never used PKI (Public Key Infrastructure) solutions before, you may want to read up on them a bit. The summary version, though, is that you have a private key that you keep (PRIVATE!) and a public key you publish for others to use when sending you mail. To email someone else, you either retrieve their public key from a central key server or simply copy/paste it from an email or website into your keychain, then address your email to them and choose to sign, encrypt, or both. That’s it.

 

If you’d like to send us a test email, please feel free to either download our public keys from the server or just go here to get them. Good luck, and all the best to you in a more secure future!

 

Share

Related Posts:


Tags: , , , , , , ,

Powered by Wordpress
Theme © 2005 - 2009 FrederikM.de, heavily modified by Mark Heckler
BlueMod is a modification of the blueblog_DE Theme by Oliver Wunder