Perguntas[spring-boot](coding)

Gostaria de esconder o Keycloak atrás do spring cloud gateway, mas ainda usá-lo como provedor OIDC. Consegui permitir /autho endpoint (do keycloak) para isso, mas agora estou lutando com o http basic auth, que não sei como desabilitar. Toda vez que tento atingir qualquer outro endpoint que deveria ser protegido pelo keycloak, recebo login do formulário do navegador. Com a seguinte configuração

@Bean
@Order(1)
SecurityWebFilterChain publicEndpoints(final ServerHttpSecurity http) {
    return http.authorizeExchange(auth ->
                    auth.pathMatchers("/auth", "/auth/**").permitAll())
            .csrf(ServerHttpSecurity.CsrfSpec::disable)
            .cors(ServerHttpSecurity.CorsSpec::disable)
            .formLogin(ServerHttpSecurity.FormLoginSpec::disable)
            .headers(c -> c.frameOptions(ServerHttpSecurity.HeaderSpec.FrameOptionsSpec::disable))
            .httpBasic(basic ->
                    basic.authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)))
            .build();
}

@Bean
@Order(2)
SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {
    return http.authorizeExchange(auth -> auth.anyExchange().authenticated())
            .oauth2Login(withDefaults())
            .oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()))
            .csrf(ServerHttpSecurity.CsrfSpec::disable)
            .cors(ServerHttpSecurity.CorsSpec::disable)
            .formLogin(ServerHttpSecurity.FormLoginSpec::disable)
            .headers(c -> c.frameOptions(ServerHttpSecurity.HeaderSpec.FrameOptionsSpec::disable))
            //.httpBasic(ServerHttpSecurity.HttpBasicSpec::disable)
            .build();

}

Recebo erro na inicialização do aplicativo:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.server.SecurityWebFilterChain]: Factory method 'publicEndpoints' threw exception with message: authenticationManager cannot be null
2025-03-06T15:35:01.907890843Z  at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:199) ~[spring-beans-6.2.3.jar:6.2.3]
2025-03-06T15:35:01.907892426Z  at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiateWithFactoryMethod(SimpleInstantiationStrategy.java:88) ~[spring-beans-6.2.3.jar:6.2.3]
2025-03-06T15:35:01.907893385Z  at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:168) ~[spring-beans-6.2.3.jar:6.2.3]
2025-03-06T15:35:01.907894343Z  at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-6.2.3.jar:6.2.3]
2025-03-06T15:35:01.907895260Z  ... 39 common frames omitted

já que não quero usar nenhum gerenciador de autenticação, publicEndpointsnão entendo como configurá-lo para desabilitar o login do formulário e usar oauth

Estou usando org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.3para adicionar documentação do swagger ao meu projeto. Eu queria adicionar um exemplo de resposta json, mas este é um arquivo json grande, então estou apenas pegando-o da pasta de recursos.

Veja como é o ponto final do controlador

@Operation(summary = "summary")
@ApiResponses(value = {
        @ApiResponse(responseCode = "200",
                description = "Response",
                content = @Content(mediaType = "application/json",
                        examples = {
                        @ExampleObject(name="Resource response", externalValue = "static/Response.json"),
                        }

                ))})
@PostMapping
public ResponseEntity<Object> myapi() {
        return new ResponseEntity<>(response, HttpStatus.OK);
}

Como você pode ver, estou obtendo a resposta de exemplo em json, externalValue = "static/Response.json"mas quando carrego a página do swagger, ela será carregada a partir v3/static...do que parece ser o padrão usado pelo springdoc/swagger.

Acho que estou sendo muito chato neste momento, mas é possível alterar essa URL base ou até mesmo removê-la /v3/?

Li a documentação do Spring Boot sobre observabilidade e vi a seção sobreBaggage

Você pode criar bagagem com a API Tracer:

@Component
class CreatingBaggage {

  private final Tracer tracer;

  CreatingBaggage(Tracer tracer) {
      this.tracer = tracer;
  }

  void doSomething() {
      try (BaggageInScope scope = this.tracer.createBaggageInScope("baggage1", "value1")) {
          // Business logic
      }
  }

}

Este exemplo cria uma bagagem chamada baggage1 com o valor value1. A bagagem é propagada automaticamente pela rede se você estiver usando a propagação W3C. Se você estiver usando a propagação B3, a bagagem não é propagada automaticamente. Para propagar manualmente a bagagem pela rede, use a propriedade de configuração management.tracing.baggage.remote-fields (isso também funciona para W3C). Para o exemplo acima, definir essa propriedade como baggage1 resulta em um cabeçalho HTTP baggage1: value1.

Se você quiser propagar a bagagem para o MDC, use a propriedade de configuração management.tracing.baggage.correlation.fields. Para o exemplo acima, definir essa propriedade como baggage1 resulta em uma entrada MDC chamada baggage1.

Não me deparei com bagagem no contexto de rastreamento e não consigo encontrar nenhuma definição clara.

Você poderia explicar o que é bagagem e como ela se relaciona com o rastreamento?

Estou trabalhando em um aplicativo Spring Boot
com seu registro padrão (console).
Durante o desenvolvimento, gosto de mantê-lo no TRACE para poder ver as solicitações recebidas e a invocação do filtro,
mas há uma única mensagem do NioEndpoint que continua enviando spam para os registros do TRACE.
É possível suprimir apenas esta mensagem específica?

2025-02-14T12:30:33.238-05:00 DEBUG 46328 --- [nio-8080-Poller] org.apache.tomcat.util.net.NioEndpoint   : timeout completed: keys processed=0; now=1739554233238; nextExpiration=1739554233223; keyCount=0; hasEvents=false; eval=false

Eu tentei definir isso na configuração do meu aplicativo

org.apache.tomcat.util.net=INFO  

e isso

org.apache.tomcat.util.net.NioEndpoint =INFO  

Parece que não faz nada.

Estou construindo um aplicativo Spring Boot usando o padrão Backend for Frontend (BFF) . Estou usando React para o frontend, Spring Cloud Gateway como o cliente OAuth, Keycloak como o servidor de autorização e um projeto Spring Boot como o servidor de recursos OAuth. Estou usando token relay para enviar o token para o servidor de recursos.

Primeiro, esse é um padrão bom e seguro?

Em segundo lugar, estou recebendo este erro no servidor de recursos

2025-02-13T16:43:00.494+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@20d99e58, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@21011db6, org.springframework.security.web.context.SecurityContextHolderFilter@2e86807a, org.springframework.security.web.header.HeaderWriterFilter@43b5021c, org.springframework.security.web.csrf.CsrfFilter@3451f01d, org.springframework.security.web.authentication.logout.LogoutFilter@49a6f486, org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter@705a8dbc, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@590f0c50, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3a4ab7f7, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@728d949d, org.springframework.security.web.access.ExceptionTranslationFilter@6bee793f, org.springframework.security.web.access.intercept.AuthorizationFilter@4ecd00b5]] (1/1)
2025-02-13T16:43:00.494+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /
2025-02-13T16:43:00.494+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/12)
...................other filters
2025-02-13T16:43:00.495+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match And [CsrfNotRequired [TRACE, HEAD, GET, OPTIONS], Not [Or [org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer$BearerTokenRequestMatcher@7cfb4736]]]
2025-02-13T16:43:00.495+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/12)
2025-02-13T16:43:00.495+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2025-02-13T16:43:00.495+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking BearerTokenAuthenticationFilter (7/12)
2025-02-13T16:43:00.510+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.authentication.ProviderManager     : Authenticating request with JwtAuthenticationProvider (1/2)
2025-02-13T16:43:00.543+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] s.o.s.r.a.JwtGrantedAuthoritiesConverter : Looking for scopes in claim resource_access.spring-client.roles
2025-02-13T16:43:00.544+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.o.s.r.a.JwtAuthenticationProvider  : Authenticated token
2025-02-13T16:43:00.544+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] .s.r.w.a.BearerTokenAuthenticationFilter : Set SecurityContextHolder to JwtAuthenticationToken [Principal=org.springframework.security.oauth2.jwt.Jwt@e76a89ac, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (8/12)
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (10/12)
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (11/12)
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (12/12)
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] estMatcherDelegatingAuthorizationManager : Authorizing GET /
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] estMatcherDelegatingAuthorizationManager : Checking authorization on GET / using org.springframework.security.authorization.AuthenticatedAuthorizationManager@357287af
2025-02-13T16:43:00.544+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter  : Did not set SecurityContextHolder since already authenticated JwtAuthenticationToken [Principal=org.springframework.security.oauth2.jwt.Jwt@e76a89ac, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]
2025-02-13T16:43:00.544+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Secured GET /
2025-02-13T16:43:00.549+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2025-02-13T16:43:00.549+05:30 ERROR 20028 --- [resource-server] [nio-9092-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.jwt.Jwt]: Constructor threw exception] with root cause

java.lang.IllegalArgumentException: tokenValue cannot be empty
    at org.springframework.util.Assert.hasText(Assert.java:240) ~[spring-core-6.1.12.jar:6.1.12]
    at org.springframework.security.oauth2.core.AbstractOAuth2Token.<init>(AbstractOAuth2Token.java:61) ~[spring-security-oauth2-core-6.3.3.jar:6.3.3]
    at org.springframework.security.oauth2.jwt.Jwt.<init>(Jwt.java:67) ~[spring-security-oauth2-jose-6.3.3.jar:6.3.3]
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:na]
    at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) ~[na:na]
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) ~[na:na]
    at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:208) ~[spring-beans-6.1.12.jar:6.1.12]
    at org.springframework.validation.DataBinder.createObject(DataBinder.java:994) ~[spring-context-6.1.12.jar:6.1.12]
    at org.springframework.validation.DataBinder.construct(DataBinder.java:903) ~[spring-context-6.1.12.jar:6.1.12]
    at org.springframework.web.bind.ServletRequestDataBinder.construct(ServletRequestDataBinder.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.constructAttribute(ServletModelAttributeMethodProcessor.java:157) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.resolveArgument(ModelAttributeMethodProcessor.java:148) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:122) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:224) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:178) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:926) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:831) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564) ~[tomcat-embed-core-10.1.28.jar:6.0]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) ~[tomcat-embed-core-10.1.28.jar:6.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat-embed-websocket-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:145) ~[spring-security-oauth2-resource-server-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) ~[spring-security-config-6.3.3.jar:6.3.3]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.12.jar:6.1.12]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.12.jar:6.1.12]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.28.jar:10.1.28]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.12.jar:6.1.12]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:1
--- other errros

2025-02-13T16:43:00.555+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@20d99e58, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@21011db6, org.springframework.security.web.context.SecurityContextHolderFilter@2e86807a, org.springframework.security.web.header.HeaderWriterFilter@43b5021c, org.springframework.security.web.csrf.CsrfFilter@3451f01d, org.springframework.security.web.authentication.logout.LogoutFilter@49a6f486, org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter@705a8dbc, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@590f0c50, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3a4ab7f7, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@728d949d, org.springframework.security.web.access.ExceptionTranslationFilter@6bee793f, org.springframework.security.web.access.intercept.AuthorizationFilter@4ecd00b5]] (1/1)
2025-02-13T16:43:00.557+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /error
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking BearerTokenAuthenticationFilter (7/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (8/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (9/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (10/12)
2025-02-13T16:43:00.557+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (11/12)
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (12/12)
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] estMatcherDelegatingAuthorizationManager : Authorizing GET /error
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /error using org.springframework.security.authorization.AuthenticatedAuthorizationManager@357287af
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2025-02-13T16:43:00.558+05:30 TRACE 20028 --- [resource-server] [nio-9092-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter  : Did not set SecurityContextHolder since already authenticated JwtAuthenticationToken [Principal=org.springframework.security.oauth2.jwt.Jwt@e76a89ac, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[]]
2025-02-13T16:43:00.558+05:30 DEBUG 20028 --- [resource-server] [nio-9092-exec-8] o.s.security.web.FilterChainProxy        : Secured GET /error

Aqui está meu cliente OAuth (porta 9091) application.yml:

spring:
  application:
    name: oauth2-client
  security:
    oauth2:
      client:
        registration:
          spring-client:
            client-id: "spring-client"
            client-secret: "dumDmmCxJm0oTH4aUnGpYbocDxLceSOq"
            client-name: "Spring Boot Client 1"
            client-authentication-method: "client_secret_basic"
            authorization-grant-type: "authorization_code"
            provider: "spring-client"
            scope:
              - openid
              - read
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          spring-client:
            issuer-uri: "http://localhost:8080/realms/test"
  cloud:
    gateway:
      routes:
        - id: resource-server
          uri: http://localhost:9092
          predicates:
            - Path=/**
          filters:
            - TokenRelay=
server:
  port: 9091

logging:
  level:
    org.springframework.security: trace

# 8080 - auth server, keycloak
# 9091 - client, gateway
# 9092 - resource server

Aqui está o código do meu servidor de recursos (porta 9092) (por favor, esqueça o estilo do código; este é apenas um POC rápido):

@SpringBootApplication
public class ResourceServerApplication {

    public static void main(String[] args) {
        SpringApplication.run(ResourceServerApplication.class, args);
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity
                .authorizeHttpRequests(req -> req.anyRequest().authenticated())
                .oauth2ResourceServer(rs -> rs.jwt(
                        jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter())
                ))
                .build();
    }

    @Bean
    public JwtAuthenticationConverter jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        grantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
        grantedAuthoritiesConverter.setAuthoritiesClaimName("resource_access.spring-client.roles");

        JwtAuthenticationConverter authenticationConverter = new JwtAuthenticationConverter();
        authenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
        return authenticationConverter;
    }

}

@RestController
class DemoController {

    @GetMapping("/")
    public String demo(Authentication authentication, Jwt jwt) {
        System.out.println("Principal: " + authentication);
        System.out.println("JWT Token: " + jwt.getTokenValue());
        System.out.println("JWT Claims: " + jwt.getClaims());
        return "Hello " + jwt.getSubject();
    }
}

Aqui está meu aplicativo de servidor de recursos application.properties:

spring.application.name=resource-server

server.port=9092

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/test

logging.level.org.springframework.security=TRACE

Aqui está a carga decodificada do token JWT que obtive ao depurar o filtro na primeira vez que ele foi chamado:

{
  "exp": 1739443481,
  "iat": 1739443181,
  "auth_time": 1739442183,
  "jti": "9359c44e-d352-4bf9-93a5-7b80954f418e",
  "iss": "http://localhost:8080/realms/test",
  "aud": "account",
  "sub": "593ca545-528f-4fe9-9fcd-067f5b6e7a51",
  "typ": "Bearer",
  "azp": "spring-client",
  "sid": "13830f59-6cd5-4e7c-b4e7-c5ac35d37cca",
  "acr": "0",
  "allowed-origins": [
    "*"
  ],
  "realm_access": {
    "roles": [
      "default-roles-test",
      "offline_access",
      "uma_authorization"
    ]
  },
  "resource_access": {
    "spring-client": {
      "roles": [
        "read",
        "openid"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid profile email",
  "email_verified": false,
  "name": "kush p",
  "preferred_username": "kush",
  "given_name": "kush",
  "family_name": "p",
  "email": "[email protected]"
}

Estou acessando a porta 9091 e sendo redirecionado para o Keycloak. Após o login, sou redirecionado de volta para a 9091 e recebo um erro 500.

Por que cada filtro está sendo chamado duas vezes? Tentei colocar um ponteiro de depuração no BearerTokenAuthenticationFilter. Na primeira vez, há um token, e na segunda, há um token nulo. Acho que o contexto de segurança está sendo perdido entre as chamadas. Por que isso está acontecendo?

@Autowired não está funcionando, e não sabemos o porquê. O serviço e o controlador estão em módulos e pacotes diferentes, mas presumimos que isso não importa. Podemos instanciar manualmente o serviço, para que o módulo controlador consiga "ver" o módulo comum.

A execução do aplicativo resulta no seguinte erro:

Parameter 0 of constructor in com.xx.campaign_api.controller.MyController required a bean of type 'com.xx.campaign.common.service.MyService' that could not be found.

Temos um projeto multimódulo spring boot 3.4.2 com o seguinte pom:

<project xxx
    <groupId>org.springframework</groupId>
    <artifactId>our-service</artifactId>
    <version>0.1.0</version>
    <packaging>pom</packaging>

    <modules>
        <module>campaign-common</module>
        <module>campaign-api</module>
        <module>campaign-schedule</module>
    </modules>
</project>

no módulo api temos um controlador rest como este:

package com.xx.campaign_api.controller;
import com.xx.campaign.common.service.MyService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MyController {

    private MyService testService;

    @Autowired
    public MyController(MyService testService) {  // THIS LINE IS FAILING
        this.testService = testService;
    }

    @GetMapping("/test")
    public String test() {
    return testService.test();
    }
}

O serviço se parece com isto:

package com.xxx.campaign.common.service;
import org.springframework.stereotype.Service;

@Service
public class MyServiceImpl implements MyService {
    @Override
    public String test() {
        return "test3";
    }
}

package com.xxx.campaign.common.service;
public interface MyService {
    public String test();
}

A classe principal se parece com isso:

package com.xx.campaign_api;
@SpringBootApplication
public class CampaignApiApplication {
    public static void main(String[] args) {
        SpringApplication.run(CampaignApiApplication.class, args);
    }
}

no pom do módulo controlador, temos:

    <dependency>
        <groupId>xx</groupId>
        <artifactId>campaign-common</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <scope>compile</scope>
    </dependency>

Eu também tentei isso:

package com.xx.campaign_api.controller
@SpringBootApplication(scanBasePackages = "com.xx")
@RestController
public class GaController {

    private MyService myService;

    @Autowired
    public GaController(MyService myService) {  // THIS LINE IS FAILING
        this.myService = myService;
    }

Mas este aplicativo não inicia com este erro:

Web application could not be started as there was no org.springframework.boot.web.servlet.server.ServletWebServerFactory bean defined in the context.

Tenho um projeto Spring Boot 3 com um banco de dados H2 que quero executar em um contêiner Docker, mas ele não executa.

Estou usando esses comandos:

docker build -t spring-hope .
docker run -p 8080:8080 spring-hope

Esta é a configuração:

aplicação.yml:

spring:
  application:
    name: hope
  datasource:
    driver-class-name: org.h2.Driver
    username: sa
    password:
  jpa:
    database-platform: org.hibernate.dialect.H2Dialect
    hibernate:
      ddl-auto: update
  properties:
    jakarta.persistence.jdbc.url: jdbc:h2:mem:testdb
    hibernate.dialect: org.hibernate.dialect.H2Dialect
  h2:
    console:
      enabled: true
      path: /h2-console
server:
  error:
    include-message: always
    include-binding-errors: always

E ele lança esta exceção: https://github.com/ocardenasmartinez1984/hope/blob/main/error.txt

Este é o repositório: https://github.com/ocardenasmartinez1984/hope

O que está acontecendo, pessoal?

Atualizei meu aplicativo para Spring Boot 3.4 e a verificação de integridade não está mais funcionando. O que preciso mudar para que a verificação de integridade funcione novamente?

Registros

Se eu chamar docker container inspect, vejo os seguintes logs para a verificação de integridade:

"Health": {
     "Status": "unhealthy",
     "FailingStreak": 6,
     "Log": [
         {
             "Start": "2025-02-10T09:12:40.658415283Z",
             "End": "2025-02-10T09:12:40.716595544Z",
             "ExitCode": -1,
             "Output": "OCI runtime exec failed: exec failed: unable to start container process: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown"
         },

Configuração

<configuration>
    <image>
        <env>
            <BP_SPRING_CLOUD_BINDINGS_DISABLED>true</BP_SPRING_CLOUD_BINDINGS_DISABLED>
            <BP_HEALTH_CHECKER_ENABLED>true</BP_HEALTH_CHECKER_ENABLED>
            <BPE_LANG>en_US.UTF-8</BPE_LANG>​
        </env>
        <buildpacks>
            <buildpack>gcr.io/paketo-buildpacks/adoptium</buildpack>
            <buildpack>urn:cnb:builder:paketo-buildpacks/java</buildpack>
            <buildpack>gcr.io/paketo-buildpacks/health-checker:latest</buildpack>
        </buildpacks>
        <createdDate>${maven.build.timestamp}</createdDate>
    </image>
</configuration>
<goals>
    <goal>build-image-no-fork</goal>
</goals>

Comando

Adicionei ao meu docker container runcomando os parâmetros de verificação de integridade:

      --health-cmd /workspace/health-check
      --health-interval 1m
      --env THC_PORT=8081
      --env THC_PATH=/health

Veja também: Como definir THC_PORT e THC_PATH com o Spring Boot 3.3?

Pesquisar

Li as notas de lançamento do Spring Boot 3.4 :

Paketo tiny Builder para construção de imagens OCI

O construtor padrão Cloud Native Buildpacks usado ao construir imagens OCI para aplicativos JVM usando a spring-boot:build-imagemeta Maven ou a tarefa Gradle bootBuildImagemudou de paketobuildpacks/builder-jammy-basepara paketobuildpacks/builder-jammy-java-tiny. Isso deve resultar em imagens menores. O tinyconstrutor não inclui um shell, portanto, pode não funcionar para aplicativos que exigem um script de inicialização para executar o aplicativo. Ele também inclui um conjunto reduzido de bibliotecas de sistema que, dependendo do seu aplicativo, podem não atender às suas necessidades. Consulte a documentação do Maven ou Gradle para obter informações sobre como personalizar o construtor.

Então não há mais shell na imagem. Isso corresponde aos logs.

Li o tópico Empacotamento de imagens OCI , mas não entendi o que preciso mudar.

Pergunta

O que preciso alterar na configuração do Spring Boot Maven para que a verificação de integridade funcione novamente?

Gostaria de saber quais são as desvantagens do aplicativo Spring Boot, que tem um /healthponto de extremidade do atuador definido como sondas de atividade e prontidão.

Há algum problema relacionado ao desligamento normal ou às atualizações contínuas?

Entidade:

@Getter
@Setter
@NoArgsConstructor
@Entity
@ToString
@DynamicUpdate
@Table(name = "flow_plan_details")
public class FlowPlanDetails extends BaseEntity{
    
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @NotNull(groups = Existing.class)
    @Null(groups = New.class)
    private Long flowPlanId;
    
    private Integer itemNbr;
    private String itemDescription;
    private String season;
    private Integer fiscalYear;
    private String catDesc;
    private String subcatDesc;
    private String gmm;
    private String dmm;
    private String planStatus;
    private String channel;
    
    private Boolean isLcl;
    private String imageUrl;
    private Integer carryOverItemNbr;
    private Integer palletQty;
    private Integer totalContQty;
    private Integer commitmentQty;
    private Integer defaultPresentation;
    private LocalDate inClubDate;
    private LocalDate oosDate;
    private String eventCode;
    private Integer clubCount;
    private Integer percContainerRoundUp;
    private String portOfOrigin;
    private String productId;
    
    
    private String flowRounding;
    private String breakdownCalculation;
    private Integer wos;
    private Integer lastWeekToReceive;
    private String targetOhRule;
    
    
    private Float itemCost;
    private Float itemRetail;
    private Float shippingCostPerPallet;
    private Float shippingCostPerContainer;
    private Float profitPerItem;
    private Float lostSale;
    private Float containerShippingCost;
    private Float totalCost;
    
    
    private String holidayName;
    private LocalDate holidayStartDate;
    private LocalDate holidayEndDate;
    private LocalDate holidayDate;
    private String applyHoliday;
    
    
    private Float plannedContainers;
    private Float plannedPallets;
    private Float flowContainers;
    private Float flowPallets;
    private Float differenceInContainers;
    private Float differenceInPallets;

    private LocalDateTime lastGeneratedFlowPlan;
    private Long rolloutId;
    private Boolean isRolloutRefreshRequired;
    private Boolean isArchived = false;

    private Float weight;
    private Float dimension1;
    private Float dimension2;
    private Float dimension3;
    private Boolean sorted;

    private String impactDropdown;
    private Boolean isReadyForScgs;
    private String finalizedStatus;
    
    public interface Existing {
    }

    public interface New {
    }

    public String getFlowplanIdWithName()
    {
        return this.getFlowPlanId().toString()+" - "+this.getItemDescription()+" - "+ this.getChannel();
    }
}

Estou executando esta consulta:

@Query("""
       select f from FlowPlanDetails f
       where f.last_updated_on between :startDate and :endDate
       and f.plan_status=:planStatus and f.is_archived=:isArchived
       and f.cat_desc= :catDesc
       """) //(:catDesc is NULL OR f.cat_desc= :catDesc)
Page<FlowPlanDetails> customSpotQuery(@Param("catDesc") String catDesc,
        @Param("startDate") ZonedDateTime startDate,
        @Param("endDate") ZonedDateTime endDate,
        @Param("planStatus") String planStatus,
        @Param("isArchived") Boolean isArchived, Pageable page);

Estou recebendo este erro:

Causado por: java.lang.IllegalArgumentException: org.hibernate.QueryException: não foi possível resolver a propriedade: last_updated_on de: com.walmart.sams.services.allocation.configuration.service.model.FlowPlanDetails [selecione f de com.walmart.sams.services.allocation.configuration.service.model.FlowPlanDetails f onde f.last_updated_on entre :startDate e :endDate e f.plan_status=:planStatus e f.is_archived=:isArchived e f.cat_desc= :catDesc]

Agora a coluna last_updated_on vem de BaseEntity. Como resolver isso?