These are chat archives for spring-cloud/spring-cloud

12th
Jan 2015
William Gorder
@wgorder
Jan 12 2015 01:14
I have no idea whats going on. I have the user details for the entire path through the debugger but when I get the authentication off of the security context or pass in the principal they are gone and all that remains is the username.
William Gorder
@wgorder
Jan 12 2015 16:03
@dsyer I am close but I am confounded. If I run the authentication server all by itself (https://github.com/wgorder/auth-server)
and i go to localhost:8083/login and I register and activate a new user and then login.
If I then hit localhost:8083/uaa/user then I see the additional information in the principal as I should
however if I run the api gateway as well.
and click the login link there I am redirected to the auth-server login and I follow the same procedure
however if I then hit the localhost:8083/uaa/user endpoint the principal is only a string with the email and the additional details are not there. Its the same code running either way and the constructor of Oauth2Authentication always has the correct userauth passed to it (instance of AcmeUserDetails) to you have any ideas?
Dave Syer
@dsyer
Jan 12 2015 16:07
8083/login is a real link (or copy-paste error)
William Gorder
@wgorder
Jan 12 2015 16:08
copy paste should have a /uaa/login
Dave Syer
@dsyer
Jan 12 2015 16:08
Right
Are you curling the /user endpoint?
Or is it loading in a browser?
William Gorder
@wgorder
Jan 12 2015 16:08
I just hit it right in the browser
json is returned
Dave Syer
@dsyer
Jan 12 2015 16:08
Maybe it's serving XML?
William Gorder
@wgorder
Jan 12 2015 16:09
its correct if only the auth server is running
Dave Syer
@dsyer
Jan 12 2015 16:09
I thought is is the authserver
William Gorder
@wgorder
Jan 12 2015 16:09
but if the api-gateway server is running it have the principal as a string instead of an acmeuserdetails
it is
which is why I am confused either way its the same auth server
and the same endpoints
Dave Syer
@dsyer
Jan 12 2015 16:10
Cookies
William Gorder
@wgorder
Jan 12 2015 16:10
but when I start my api gateway service it starts acting diffently
everything is header based...
Dave Syer
@dsyer
Jan 12 2015 16:10
I'm on a call. Let me look in a while.
William Gorder
@wgorder
Jan 12 2015 16:10
np thanks
before I forget here is the fig to bring up postgres and redis if you want to try to run it
Dave Syer
@dsyer
Jan 12 2015 17:20
redis
I see
Dave Syer
@dsyer
Jan 12 2015 17:28
The api-gateway is not stateless, and it is secure. And you are sharing session state with Spring Session. So I assume as soon as it is running and you authenticate with it, you are getting its Authentication in the UAA layer.
William Gorder
@wgorder
Jan 12 2015 18:31
Yes all that works. What I was up until 1am trying to figure out is why I was not getting the AcmeUserDetails on the principal. It was just so odd of course as soon as I bug you about it and restarting everyting again its working now without having changed anything....
{"details":{"remoteAddress":"0:0:0:0:0:0:0:1","sessionId":"36c3da0d-8d46-438a-a297-2cacf40dc40e"},"authorities":[{"name":"ROLE_USER","authority":"ROLE_USER"}],"authenticated":true,"principal":{"userId":393216,"email":"minnie@gmail.com","firstName":"minnie","lastName":"mouse","activated":true,"activationKey":null,"createdBy":"system","createdDate":1421078331003,"lastModifiedBy":null,"lastModifiedDate":1421078331003,"username":"minnie@gmail.com","enabled":true,"accountNonLocked":true,"credentialsNonExpired":true,"accountNonExpired":true},"credentials":null,"name":"minnie@gmail.com"}
if you look at that output you see firstName, lastName etc on there
before none of that was coming through
I just pushed some other stuff I was missing too. Alright I guess its like voodoo
all night stepping through Spring security in debug mode and now it just works :-/
I guess I'll do the logout bit so I can start on the products service where I actually have resource to secure. Going to try and work in spring-data-rest, feign and the spring-cloud-bus in to that
William Gorder
@wgorder
Jan 12 2015 18:36
I am looking at ways to run integration tests with docker. Would be nice to test all this stuff as it runs together.