These are chat archives for spring-cloud/spring-cloud

3rd
Nov 2016
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:33
@dsyer Hi ,i change my authentication from from to token base
and add jwt for that
after complete i add sensitiveHeaders: Authorization
but this header remove by zuul
Dave Syer
@dsyer
Nov 03 2016 11:36
That shouldn't happen
Can you make a minimal sample?
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:38
@dsyer thats hard for make that
i add ignoreSecurityHeaders but dose not work again
zuul:
ignoreSecurityHeaders: false
routes:
app:
path: /app/**
sensitiveHeaders: Authorization
url: http://localhost:8082/app/
server:
compression:
enabled: true
port: 8083
Dave Syer
@dsyer
Nov 03 2016 11:39
sensitiveHeaders: Authorization means "do not send Authorization"
You probably meant to just set to the empty string?
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:42
@dsyer you said this 4 day ago
@dsyer
It just needs to pass the headers to the backend
So you need to set "sensitive" headers for that route
It's in the user guide
i change to this
    zuul:
      ignoreSecurityHeaders: false
      routes:
        app:
          path: /app/**
          url: http://localhost:8082/app/
    server:
        compression:
            enabled: true
        port: 8083
Dave Syer
@dsyer
Nov 03 2016 11:43
But then you haven't set the sensitive headers
So they take their default values
It really is in the user guide. But if it's not clear enough we can change it I guess.
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:44
i am confuse
and dont know what i will do that
i want see Authorization header from downservice
Dave Syer
@dsyer
Nov 03 2016 11:46
Right, so you have to explicitly tell Zuul that it is not sensitive
(by not including it in the blacklist)
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:48
can you send this correct 4 line
Dave Syer
@dsyer
Nov 03 2016 11:52
Here's what it says in the user guide: "The sensitive headers can be configured as a comma-separated list per route". What's hard about that?
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:54
i set sensitiveHeaders: Authorization in route and dont see in front
i remove that again but dose not work again
Dave Syer
@dsyer
Nov 03 2016 11:55
that's the expected behaviour
the default value (per the user guide) is Cookie,Set-Cookie,Authorization
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:55
sorry
Dave Syer
@dsyer
Nov 03 2016 11:55
So all you did was allow cookie headers through, but you are still blocking Authorization
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:55
sensitiveHeaders means is ignore header?
Dave Syer
@dsyer
Nov 03 2016 11:57
Effectively yes. They are discarded in both directions.
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 11:58
ok for add in both side i will create sensitiveHeaders='' empty for send ?
Dave Syer
@dsyer
Nov 03 2016 11:58
That would work
We should add that as an example in the user guide
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 12:00
@dsyer thanks work correct . but document is not complete and confused me
:worried:
@dsyer it maybe work for cookie and do not need migrate :worried:
Dave Syer
@dsyer
Nov 03 2016 12:01
Honestly I don't think that is true. I'll add a new example to make it clearer though.
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 12:02
@dsyer thanks Dave
Dave Syer
@dsyer
Nov 03 2016 12:06
Done
Ali Akbar Azizkhani
@removed~azizkhani
Nov 03 2016 12:58
what is example address?
Dave Syer
@dsyer
Nov 03 2016 13:00
address?
Marcin Grzejszczak
@marcingrzejszczak
Nov 03 2016 14:35
yo
we can move the discussion over here - https://gitter.im/spring-cloud/spring-cloud-contract
Henning Hoefer
@hho
Nov 03 2016 17:51
Hi. I upgraded from Camden.RELEASE to Camden.SR1 – and now my Spring Boot app won't start anymore, because the application.properties no longer get interpolated.
    Property: core.datasource.port
    Value: ${db.port}
    Reason: Failed to convert property value of type [java.lang.String] to required type [int] for property 'port'; nested exception is org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.lang.String] to type [int]
Spencer Gibb
@spencergibb
Nov 03 2016 17:53
hmm...
thats a core framework error, right
do you have multiple versions of spring on the class path?
Henning Hoefer
@hho
Nov 03 2016 17:56
AFAICT no, it's all 4.3.3 (managed by Boot 1.4.1)
Only Spring-related version numbers in my POM are -boot 1.4.1.RELEASE, -cloud Camden.SR1 and -kafka 1.1.0.RELEASE.
(and it works when I go back to Camden.RELEASE)
Henning Hoefer
@hho
Nov 03 2016 18:37
nevermind. Whatever it was, upgrading to SR2 fixed it (just found the blog post – you might want to update http://projects.spring.io/spring-cloud/ , which still gives SR1 as "current")