I have a spring boot application and a traditional javax web servlet running on the same ssl port on an application server.
I want to make a https request to the webservlet from the spring boot app.
Is it possible to communicate between these applications without using SSL? Or, can i reuse the client cert from the client who hit the spring boot app, and pass SSL easily that way?
It seems strange to me that the browser can hop around between the apps easily but the apps cannot communicate directly without proper cert handling.
From what I know of sockets, I don't think this model works. Two applications can't listen to the same port AFAIK.
Related
What is the best way to implement SSL in Spring Boot & Angular application (frontend with backend)?
Should I configure SSL in both applications separately?
Or should I configure SSL in Nginx web server and not taking care about securing applications?
Should I configure SSL in both applications separately?
If you've built out a microservice architecture and both your spring boot application and your Angular application are served off different domains, then yes you should configure SSL on both applications.
Or should I configure SSL in Nginx web server and not taking care about securing applications?
If you are using NGINX to serve your Angular application, then yes you should setup SSL on it.
I'll add that SSL is not the only step required to secure an application. Many applications will require some user management with role based permissions and control access to screens in your app or REST APIs based on user permissions.
I have an app running on AWS that has got a React JS front-end hosted through S3 and Spring Boot back-end hosted on EC2 instances behind a load balancer. I got my SSL certificate for my domain and I use CloudFront to redirect HTTP requests into HTTPS.
My issue is that I can connect through HTTPS to my load balancer, however, my Spring Boot API won't accept HTTPS from the load balancer. Therefore I use HTTP and anytime I send an API call to my backend, my site changes to "Not Secured".
Is there a way to use the Amazon issued certificate in my Spring Boot API in order for it to accept HTTPS calls? I have only found tutorials using self-signed certs and was wondering if I can use my AWS certificate instead.
If there is a way, could you please provide an example of code I need to insert in my application.properties file?
Cheers
Kris
This part of your question is really confusing, since you don't provide details about what you mean:
My issue is that I can connect through HTTPS to my load balancer,
however, my spring-boot API won't accept HTTPS from the load balancer.
Your load balancer should be serving the AWS ACM SSL certificate. You should code your application so that your website makes SSL calls to your API. The load balancer should communicate with your Spring Boot backend server over HTTP, by setting the HTTP protocol and port in the load balancer target group settings.
The traffic flow should look like this:
Web Browser -> (HTTPS) API call to Load Balancer -> (HTTP) call to backend Spring Boot server
I have to make an application in tomcat which core responsibility is to redirect all request coming from browser application to API server. It works like proxy server between browser application and API application. Have to write it on tomcat. How can i achieve this, do i have write a REST API application on tomcat too?
Project Description
Requirement is like we have two application one is developed on React, its a web-portal and the other one is on spring-boot as a backend application (json apis).
spring-boot application is going to be deployed on secure zone and web-portal is in DMZ. web-portal in on internet, backend application is on intranet. As web-portal is a CSR application so the api's calls from web-portal contains backend application IP/URI but it cannot be accessible from internet.
So i am planning to write an application on DMZ zone and it will be deployed on apache tomcat, so like when request comes at tomcat it redirect it to backend application server which is on intranet with all headers/payload and redirect response from backend server to web-portal.
You want to set up a reverse proxy which is a standard pattern. Take a look at the answers at Reverse Proxy Java or just search the web for "reverse proxy java".
If you are not bound to implement it in java take a look at Nginx which we use in many projects to transfer the request from the web app to the REST backend.
I know this question might sound stupid but for me it's new. I have developed a simple Spring Boot Application, provide some backend APIs, running on localhost. I have also bought an webhosting server with my own domain, let's say: www.my-domain.com. Right now in the my-domain.com I just have some simple html code. And what I want to do is having the spring boot application running also under this domain.
Is it possible then? If yes can anyone point me to some references please?. If no, what do I need to run an Java Application under my own domain?
Thank you very much!
You need to run the Spring boot application on the server, then you need to configure your web server (nginx/apache), configure Spring API path and port on the web server, and the traffic will go into your application.
I am making a program all written in Java. Server is Spring Boot RESTful and client is an desktop app made with JavaFX that uses Apache HttpClient library to communicate to the server. Now I need to secure it with SSL/TLS. I am interested in the implementation itself and also whether a self signed certificate is enough since the program will be used only in LAN.