{"id":15430506,"url":"https://github.com/lenisha/spring-registry-server","last_synced_at":"2026-05-07T00:38:46.513Z","repository":{"id":116070925,"uuid":"202210869","full_name":"lenisha/spring-registry-server","owner":"lenisha","description":"SpringBott app with Basic Auth and AppInsights","archived":false,"fork":false,"pushed_at":"2019-08-16T15:20:44.000Z","size":3179,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-18T06:16:04.414Z","etag":null,"topics":["application-insights","azure","azure-app-service","basic-auth","eureka-server","spring-boot"],"latest_commit_sha":null,"homepage":"http://springai.azurewebsites.net/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lenisha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-13T19:27:09.000Z","updated_at":"2019-08-16T15:20:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"9e25b4bb-6bae-4d72-9968-aba32ec8a78d","html_url":"https://github.com/lenisha/spring-registry-server","commit_stats":{"total_commits":8,"total_committers":1,"mean_commits":8.0,"dds":0.0,"last_synced_commit":"fbfde55726b166e3550b9258ce00ce14e2b1c659"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fspring-registry-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fspring-registry-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fspring-registry-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fspring-registry-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lenisha","download_url":"https://codeload.github.com/lenisha/spring-registry-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245977074,"owners_count":20703585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-insights","azure","azure-app-service","basic-auth","eureka-server","spring-boot"],"created_at":"2024-10-01T18:16:45.982Z","updated_at":"2026-05-07T00:38:46.483Z","avatar_url":"https://github.com/lenisha.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Authenticated SpringBoot App with AppInsights\n\nApp Service with \"AlwaysOn\" feature will ping application ROOT every 5 min,\nwhich will cause a lot of \"401\" failures for application with enabled authentication.\n\n![metrics](docs/appinsights401.png)\n\nIn our example we use simple Eureka Server SpringBoot application with Basic Auth.\nUser is set in `WebSecurityConfig` class and password in App Service Application Settings \nin variable `EUREKA_PASSWORD`.\n\n## Unauthenticated Healthcheck endpoint\n\nWe need endpoint without authentication enabled to serve as a healthcheck url.\nActuator `/actuator/health` endpoint is good for this purpose.\nTo disable authentication only on this url for the application add following to `WebSecurityConfig`:\n\n```java\n@Override\nprotected void configure(HttpSecurity http) throws Exception {\n    http\n        .authorizeRequests()\n             // Permit health endpoint only for local invocation\n            .antMatchers(\"/actuator/health\").hasIpAddress(\"127.0.0.1\")\n            // require AUTH for all others \n            .anyRequest().authenticated()\n            .and()\n        .csrf().ignoringAntMatchers(\"/eureka/**\")\n            .and()\n        .httpBasic();\n\n}\n```   \n## Point AlwaysOn to custom URL\n\nBy default `AlwaysOn` hits ROOT url of the application, it does not have configuration that could be changed.\n![401](docs/performance-401.png)\n\nWe could implement a redirect that will happen only for the `AlwaysOn` User-Agent requests by adding a rule to `web.config` that redirects only those request that come from localhot `::1` and with required `User-Agent`:\n\n![metrics](docs/alwayson.png)\n\nAdd rule:\n\n```\n\u003crewrite\u003e\n    \u003crules\u003e\n    \u003crule name=\"Rewrite AlwaysOn\" stopProcessing=\"true\"\u003e\n        \u003cmatch url=\"^$\" /\u003e\n        \u003cconditions\u003e\n        \u003cadd input=\"{HTTP_USER_AGENT}\" pattern=\"^AlwaysOn$\" /\u003e\n        \u003cadd input=\"{REMOTE_ADDR}\" pattern=\"::1\" /\u003e\n        \u003c/conditions\u003e\n        \u003caction type=\"Rewrite\" url=\"/actuator/health\" /\u003e\n    \u003c/rule\u003e\n    \u003c/rules\u003e\n\u003c/rewrite\u003e\n```            \n\n## Point Application Initialization module to custome URL\nOnce we repointed `AlwaysOn` the only 401 errors we still see in log are from the application initialization performed by IIS server\n\n![metrics](docs/appinit.png)\n\nTo repoint add following \n\n```\n\u003capplicationInitialization remapManagedRequestsTo=\"/hostingstart.html\"\n                           skipManagedModules=\"true\" \u003e\n      \u003cadd initializationPage=\"/actuator/health\" /\u003e\n\u003c/applicationInitialization\u003e\n```\nWhile application is being initialized (and java boot app might take a while) the splash screen that app init access is set in `remapManagedRequestsTo` url. We need this URL to be as fast as possible and preferably just static file not coming from Java application. By default when App Service is created it creates file `hostingstart.html` under `wwwroot` and it's exactly  what we could leverage.\nLast step is to make sure we have handler that would serve this staticfile as we configured all the urls to be server by java engine. To add static handler add following to `web.config`:\n\n```\n   \u003cadd name=\"StaticFileStart\" path=\"hostingstart.html\" verb=\"*\" modules=\"StaticFileModule\" resourceType=\"Either\" requireAccess=\"Read\" /\u003e\n```\n\nIt will handle and serve the html file. And now we do not have any 401 errors in the logs and Application Insights.\n\n![metrics](docs/performance-no401.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fspring-registry-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flenisha%2Fspring-registry-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fspring-registry-server/lists"}