These are chat archives for spring-cloud/spring-cloud

15th
Mar 2018
sethupalaniyappan
@sethupalaniyappan
Mar 15 2018 00:41
@spencergibb how can we config the config server to pull the latest from git and then serve the configuration to the client
Spencer Gibb
@spencergibb
Mar 15 2018 01:49
when a client requests configuration from config server, that is what happens
玹霖
@SoftwareKing
Mar 15 2018 04:17
@spencergibb Hi Spencer, Do you have any github example of spring cloud gateway with jdbc? I want to load the routes dynamically.
ghoddg
@ghoddg
Mar 15 2018 06:04
hi, when i git the rest request with url http://<ip-address>:7001/plato-api-gateway-ref/message
it is not working
but if i mentioned localhost instead of ip-address like http://localhost:7001/plato-api-gateway-ref/message
it works fine
my micro-service is deployed on weblogic and I am trying to connect it through api-gateway with service discovery
ShilpaVKulkarni
@ShilpaVKulkarni
Mar 15 2018 06:20

Hello,

I am trying to logout the user from spring security. I am using micro-services in my project and using cloud foundry UAA as oauth2 server [for authentication]. In the configuration file of api-gateway I have added the following code for logout.

image.png
And I have also invalidated the session by using the following code:
image.png
It is going to logoutUrl and logoutSuccessUrl. But functionality is not getting achieved. It is coming back to the landing page maybe it is using session or cookie and getting logged in even though I have invalidated the session also.
Am I following proper way to logout the user.
Please provide solution in solving this issue.
sethupalaniyappan
@sethupalaniyappan
Mar 15 2018 09:57
@spencergibb is it possible to do @refreshscope from customized url
localhost:8011/refresh is currently using to refresh the scope
but i need to do same operation on localhost:8011/test/scope/refresh
is it possible
Ryan Baxter
@ryanjbaxter
Mar 15 2018 12:36
@sethupalaniyappan /refresh is just another actuator endpoint, so in theory I would imagine you can remap the endpoint just like any other actuator endpoint https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html#production-ready-endpoints-custom-mapping
Bhavani J
@BhavaniJ2_twitter
Mar 15 2018 15:59

@mp911de Hello, after investigation I figured out that VaultProperties.getToken() is returning un-encrypted cipher text defined as environment variable (without decrypting) because of which I am getting 403: permission denied error when trying to access vault to read the secret credentials.

This is my bootstrap.yml with vault properties

spring.cloud.vault:
    host: vault.agro.services
    port: 443
    authentication: TOKEN
    token: ${vcap.services.vault-service.credentials.token}
    generic:
        enabled: false

Vault token vcap.services.vault-service.credentials.token is encrypted environment variable = {cipher}8bfca5ea59185cddce0521b985d42d13d03d9d28a8ad9682e69046e2846a2eccec6976633461d7a8d285780148428f223e60d5e0552598ac6d6a8532190bd10e

This issue is while deploying the application, the unencrypted cipher token is set as Vault Token property in VaultTemplate by VaultBootstrapConfiguration and then later Bootstrap properties are decrypted by EncryptionBootstrapConfiguration

When debugging the spring code in detail, I figured out that BootstrapApplicationListener is loading list of all BootstrapConfiguration class names here:

List<String> names = SpringFactoriesLoader
        .loadFactoryNames(BootstrapConfiguration.class, classLoader);
for (String name : StringUtils.commaDelimitedListToStringArray(
        environment.getProperty("spring.cloud.bootstrap.sources", ""))) {
    names.add(name);
}
org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration
org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration
org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration
org.springframework.cloud.vault.config.DiscoveryClientVaultBootstrapConfiguration
org.springframework.cloud.vault.config.VaultBootstrapConfiguration
org.springframework.cloud.vault.config.VaultBootstrapPropertySourceConfiguration

And then AnnotationAwareOrderComparator.sort(sources); is sorting those Configuration class names in the highest order first because of which VaultBootstrapConfiguration is executed first and then PropertySourceBootstrapConfiguration and EncryptionBootstrapConfiguration

org.springframework.cloud.vault.config.VaultBootstrapPropertySourceConfiguration
org.springframework.cloud.vault.config.VaultBootstrapConfiguration
org.springframework.cloud.vault.config.DiscoveryClientVaultBootstrapConfiguration
org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration
org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration
org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration

Is there an option to modify the order of these BootstrapConfiguration classes to execute VaultBootstrapConfiguration after PropertySourceBootstrapConfiguration and EncryptionBootstrapConfiguration?