Stormpath Spring Boot

Question

I cloned the official Stormpath Spring Boot tutorial git repo, generated and saved my key pair at ~/.stormpath/apiKey.properties, built the project (mvn clean package), and ran it (java -jar target/*.jar).

The tutorial web app demonstrates a webpage with three tabs (Home, Dashboard, Login) that show after the user log-in.

It works as expected on one machine. When I repeat the same process on any other machine the Dashboard tab does not show. All machines use openjdk-1.7.

Answer 1

I've updated the project you referenced to the latest version of the Java SDK and I pushed it up.

In any case other than connections from localhost, you should see this message:

2016-05-18 21:54:50.811  WARN 94320 --- [nio-8080-exec-4] .s.s.f.a.CookieAuthenticationResultSaver : INSECURE IDENTITY COOKIE CONFIGURATION: Your current Stormpath SDK account cookie configuration allows insecure identity cookies (transmission over non-HTTPS connections)!  This should typically never occur otherwise your users will be susceptible to man-in-the-middle attacks.  For more information in Servlet-only environments, please see the Security Notice here: https://docs.stormpath.com/java/servlet-plugin/login.html#https-required and the documentation on authentication state here: https://docs.stormpath.com/java/servlet-plugin/login.html#authentication-state and here: https://docs.stormpath.com/java/servlet-plugin/login.html#cookie-config (the callout entitled 'Secure Cookies').  If you are using Spring Boot, Spring Boot-specific documentation for these concepts are here: https://docs.stormpath.com/java/spring-boot-web/login.html#security-notice https://docs.stormpath.com/java/spring-boot-web/login.html#authentication-state and https://docs.stormpath.com/java/spring-boot-web/login.html#cookie-storage

ngrok is a nice service to setup an SSL tunnel to a service running on localhost. There are others too.

Feel free to send us an email at: [email protected] if this doesn't resolve the issue for you.