I have an app running on AWS that has got a React JS front-end hosted through S3 and Spring Boot back-end hosted on EC2 instances behind a load balancer. I got my SSL certificate for my domain and I use CloudFront to redirect HTTP requests into HTTPS.
My issue is that I can connect through HTTPS to my load balancer, however, my Spring Boot API won't accept HTTPS from the load balancer. Therefore I use HTTP and anytime I send an API call to my backend, my site changes to "Not Secured".
Is there a way to use the Amazon issued certificate in my Spring Boot API in order for it to accept HTTPS calls? I have only found tutorials using self-signed certs and was wondering if I can use my AWS certificate instead.
If there is a way, could you please provide an example of code I need to insert in my application.properties file?
Cheers
Kris
This part of your question is really confusing, since you don't provide details about what you mean:
My issue is that I can connect through HTTPS to my load balancer,
however, my spring-boot API won't accept HTTPS from the load balancer.
Your load balancer should be serving the AWS ACM SSL certificate. You should code your application so that your website makes SSL calls to your API. The load balancer should communicate with your Spring Boot backend server over HTTP, by setting the HTTP protocol and port in the load balancer target group settings.
The traffic flow should look like this:
Web Browser -> (HTTPS) API call to Load Balancer -> (HTTP) call to backend Spring Boot server
Related
I'm working on a very simple REST API using the Quarkus framework. I'd like to use client authentication, but after a few tries I eventually found the what I'm trying to achieve doesn't seem possible out of the box.
The API is dockerized and published on an azure app service environment. Unfortunately, I can't get the azure load balancer to talk to my app via SSL. Azure App Services passes the client certificate as a base64 payload in a header field dubbed X-ARR-ClientCert.
Maybe I'm missing some very important piece of knowledge here. Is there any way to leverage the TrustStore and Trust / accept the client certificate straight from the header field?
Should I implement my own Security Identity Provider for doing so
extracting the Certificate from the header
create a Security Identity instance
What is the best way to implement SSL in Spring Boot & Angular application (frontend with backend)?
Should I configure SSL in both applications separately?
Or should I configure SSL in Nginx web server and not taking care about securing applications?
Should I configure SSL in both applications separately?
If you've built out a microservice architecture and both your spring boot application and your Angular application are served off different domains, then yes you should configure SSL on both applications.
Or should I configure SSL in Nginx web server and not taking care about securing applications?
If you are using NGINX to serve your Angular application, then yes you should setup SSL on it.
I'll add that SSL is not the only step required to secure an application. Many applications will require some user management with role based permissions and control access to screens in your app or REST APIs based on user permissions.
I have a spring boot application and a traditional javax web servlet running on the same ssl port on an application server.
I want to make a https request to the webservlet from the spring boot app.
Is it possible to communicate between these applications without using SSL? Or, can i reuse the client cert from the client who hit the spring boot app, and pass SSL easily that way?
It seems strange to me that the browser can hop around between the apps easily but the apps cannot communicate directly without proper cert handling.
From what I know of sockets, I don't think this model works. Two applications can't listen to the same port AFAIK.
First of all, I'm new to socket programming and AWS beanstalk.
AS per my initial investigation I have founded AWS Elastic Beanstalk(EB) not support WebSocket. So I need to do a workaround on EB to enable that.
I have developed a java application with one WebSocket request for notification. Its working fine in local machines when I deployed to AWS EB the WebSocket request-response 501 status code. I just investigate this issue I found we need to work around for enabling WebSocket request in EB. but I have no more idea how it does. I'm stuck in This situation. I Already have Load Balancer And security certificate.that are enabled on my EB.
How can I enable WebSocket request without fail existing conditions?
I found One solution But I have doubt Where it put the configuration file described in this link Solution
I don't know about the java application you are running, but I know about how to setup your Elastic Load Balancer to work with websockets.
First of all, websockets doesn't work through CloudFront so you need to setup a separate domain (i.e. websockets.domain.com) that points directly to your load balancer, an A record alias.
Second, setup a new listener to your Elastic Load Balancer to use TCP and SSL. Generate a certificate through ACM.
Last, change your websocket client to use your new domain and port.
I am looking for a Java based REST server which support following authentication mechanism. Also please let me know the best resources for the REST based authentication
Token
Certificate
Kerberos
Oauth
Open Id
I am an architect from WSO2... so my reply could be biased...
You can use the open source WSO2 Application Server to deploy your RESTful services and WSO2 Identity server has the support for 2-legged OAuth...
Thanks...
Partial answer for method 2) Certificate:
If you're planning on using certificates for authentication, I must assume that the API will be consumed by a limited number of trusted client applications. I've recently developed and deployed a REST API for internal use within an organization, and we use server-client certificates for authentication. This solution delivers a really high level of security, but is very impractical to use in an externally exposed API. This post gives some information: Java HTTPS client certificate authentication.
Any Java container should support these with either:
Apache / IIS as a reverse proxy deployed for SSO (Single Sign On)
Authentication plugins