Closed fanalin closed 1 year ago
ch4mpy
commented
1 year ago I'm curious, how does it answer to requests secured with an access token if it is not "web"? Or is it both a client and a resource server when it's web and just a client when it's batch?
fanalin
commented
1 year ago One use-case is just a regular REST API, the other one is by invoking it as a command line runner. To do that, I include a class implementing CommandLineRunner which is marked as @ConditionalOnNotWebApplication. In the application.properties file I set
spring.main.web-application-type=noneWhen invoked with this property, the CommandLineRunner gets executed, when not specifying this property the rest api gets started.
The command line runner is doing some background tasks which use parts of the same code base as the rest api. Usually you'd break this monolith down into multiple microservices (we are already doing that for new tasks), but it works good enough for now. It's something like a set of microservices (from the look of the k8s cluster, as each server/task is ran separately), while it's a monolith from the point of view of the code base.
ch4mpy
commented
1 year ago This is more or less what you already stated. What I am interested in is what it does regarding OAuth2 when in "batch" mode: Send requests with access token? Receive requests with access tokens? Reads tokens from somewhere else than Authorization header? Validates tokens before taking a decision on the requested processing?
fanalin
commented
1 year ago sorry: spring security is not relevant at all in batch mode
ch4mpy
commented
1 year ago Ok, so I could also add a com.c4-soft.springaddons.security.enabled property, defaulted to true. Maybe, that would be more expressive and also could server other cases where one want to deactivate all of spring-addons auto-config for any reason.
all you'd have to do is set this property to false on the commandline to start your app in batch mode.
What do you think?
fanalin
commented
1 year ago That would be fine as well.
ch4mpy
commented
1 year ago Oups, didn't intend to close the issue before you confirmed it works with the 6.1.4 I just released.
@fanalin please give it a try with com.c4-soft.springaddons.security.enabled=false and close the issue if it's ok for you.
ch4mpy
commented
1 year ago @fanalin I'll consider you would have complained if it was not working and close.
PLease re-open if the solution does not meet your needs.
Is your feature request related to a problem? Please describe. I have a spring application which has a code base which serves both as a "normal" ReST API and is used for batch jobs (started from kubernetes cronjobs). For latter use-case, I have a CommandLineRunner which is annotated with org.springframework.boot.autoconfigure.condition.ConditionalOnNotWebApplication to prevent it from running in web mode.
Unfortunately, this CommandLineRunner is not working anymore when including the spring-addons-webmvc-jwt-resource-server for managing authorization with my keycloak server.
The error message is
Describe the solution you'd like Please add the annotation org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication to com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans to prevent it from getting loaded when not in web mode.
Describe alternatives you've considered I can add a different profiles for the CLI runner which contains
This solves my original issue, but adding the Condition seems a bit saner as the configuration itself is not required in non-web applications.
Anyway, thank you very much for this library.