Securing Spring Cloud Config Server with Basic Authentication
Spring Cloud Config Server provides externalization for distributed systems. With the increasing importance of microservices, centrally managing configurations becomes crucial. Securing this configuration server is equally important to prevent unauthorized access. Basic authentication is a simple and effective way to secure a server, requiring users to provide a username and password to access programs.
Spring Cloud Config Server centralizes the configuration of applications in distributed systems. This approach is essential for maintaining consistency and reducing configuration drift across multiple environments. However, exposing configuration data, especially sensitive information, requires proper security measures. Basic Authentication provides a straightforward mechanism to secure the server, ensuring that only authorized users can access the configuration data.
Spring Cloud Config Server
- Purpose: It can servers as the central hub for the configuration data and it can allowing the multiple applications to pull their configurations from the single source.
- Benefits: Centralized management, consistency and the ability to the update the configurations without redeploying applications.
Basic Authentication
- What is Basic Authentication?: It is method for the HTTP user agent to the provide the username and password when making the request. The credentials are encoded and sent in the HTTP server.
- How it works: When the client sends the request then the server can checks the Authorization header for the credentials. If the credentials match, access is granted. If not the 401 unauthorized response is returned.
Implementation to Secure Spring Cloud Config Server with Basic Authentication
Below is the implementation steps to secure spring cloud config server with basic authentication.
Step 1: Create the Spring Project
Create a new Spring Boot project using Spring Initializr and add the required dependencies,
- Spring Web
- Spring Security
- Spring Cloud Config Server
- Lombok
- Spring DevTools
After the project creation done, the folder structure will be like below.
Step 2: Application Properties
Open the application.properties and add the configuration for the security username, password and git uri of the Spring application.
spring.application.name=spring-cloud-config-auth
server.port=8888
spring.security.user.name=admin
spring.security.user.password=secret
spring.cloud.config.server.git.uri=https://github.com/yourrepo/config-repo.git
example.property=Hello from Config Server
Step 3: Create the Security Configuration class.
We will create the SecurityConfig class to configure Spring Security in the project. Go src > org.example.springcloudconfigOauth > SecurityConfig and put the below code.
package org.example.springcloudconfig0auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers("/actuator/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
return http.build();
}
}
Step 4: Create the Controller class.
We will create the ConfigServerController class that will create the secure REST ‘/property’ API of the spring project.
Go src > org.example.springcloudconfigOauth > HomeController and put the below code.
package org.example.springcloudconfig0auth;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/config")
public class ConfigServerController {
@Value("${example.property:default-value}")
private String exampleProperty;
@GetMapping("/property")
public String getExampleProperty() {
return exampleProperty;
}
}
Step 5: Main Class (No Changes are required)
Go src > org.example.springcloudconfigOauth > SpringCloudConfig0AuthApplication and put the below code.
package org.example.springcloudconfig0auth;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringCloudConfig0AuthApplication {
public static void main(String[] args) {
SpringApplication.run(SpringCloudConfig0AuthApplication.class, args);
}
}
Step 6: Run the Application
Now, we will run the application then it will start at port 8888.
Step 7: Test the Application
1. Test without Authentication details, it will show the 401 unauthorized of the HTTP request.
http://localhost:8888/config/property
Postman Output:
2. Test with Authentication credentials, then it shows the 200 OK code and corresponding output of the HTTP request.
http://localhost:8888/config/property
Credentials
- username: admin
- password: secret
Postman Output:
Open the browser, then enter URL. This will show the below prompt.
After entering the credentials it will show the below output.
By the following these steps, we can secure the Spring Cloud Config Server with the Basic and test it using the Postman. By the securing the Spring Cloud Config Server with the Basic Authentication, we can ensure that inly authorized the users can access the configuration data and it can enhance the security and integrity of the distributed systems.
Contact Us