These are chat archives for spring-cloud/spring-cloud

26th
Dec 2018
muhmadtabrez
@muhmadtabrez
Dec 26 2018 07:56

Hi @marcosbarbero I am facing a wierd problem when using calling micro service API uisng ZUUL.

I have a following setup with spring cloud (config server, Zuul proxy, eureka registery, mcroservices, and external oauth2 server(cloud foundry uaa).i ahve enabled ZUUL Api gateway with following annotations @EnableEurekaClient,@EnableZuulProxy and i have two WebSecurityConfigurerAdapter filters one to enable csrf and another to enable basic authentication

  1. @EnableOAuth2Sso
    @Configuration
    @Order(value=1)
    public static class ApiWesecurityConfiguration extends WebSecurityConfigurerAdapter

2.@EnableOAuth2Sso
@Configuration
@Order(value=10)
public class FormLoginWebSecurity extends WebSecurityConfigurerAdapter {

When i am trying to access the microservice api using "Authorization Bearer<Token>" Header with angular6 app i am getting 403 response. I can see that /oauth/authorize request is not carrying Authorization header to uaa authoriztion server.I just saw the request headers in fiddler.

But when i am calling the same API with "Authorization" header using Postman App from chrome i am able to the result with api.

Marcos Barbero
@marcosbarbero
Dec 26 2018 08:05
Hi @muhmadtabrez tell me, both requests are going through the Gateway?
muhmadtabrez
@muhmadtabrez
Dec 26 2018 09:19
@marcosbarbero yes
Since i have configured WebSecurityConfigurerAdapter for both the type of requests in gateway it is always goinf through gateway. i can see the logs as well
Marcos Barbero
@marcosbarbero
Dec 26 2018 09:29
Can you show me the Config of zuul? Routes and everything
muhmadtabrez
@muhmadtabrez
Dec 26 2018 09:51
Zuul Routes
muhmadtabrez
@muhmadtabrez
Dec 26 2018 10:02
zuul:
  ignoredServices: '*'
  host:
    connect-timeout-millis: 20000
    socket-timeout-millis: 20000  
  routes:
    core-employee:
      path: /core-employee/**
      stripPrefix: false
      serviceId: core-employee
      sensitiveHeaders: 
    uaa:
      path: /uaa/**
      stripPrefix: true
      url: http://${ENV_HOST_UAA}/uaa/
      sensitiveHeaders: 
  SendErrorFilter:
    error:
      disable: true
My security configuration
security:
  user:
    password: none
  oauth2:
    client:
      accessTokenUri: http://${ENV_HOST_UAA}/uaa/oauth/token
      userAuthorizationUri: http://${ENV_HOST_UAA}/uaa/oauth/authorize
      clientId: client
      clientSecret: secret
      registered-redirect-uri: http://${ENV_HOST}/login
      pre-established-redirect-uri: http://${ENV_HOST}/login
      use-current-uri: false
    resource:
      jwt:
        keyValue: tokenKey
here ENV_HOST_UAA is my authorization servers domain name
Marcos Barbero
@marcosbarbero
Dec 26 2018 10:11
I’m out of my computer now, I’ll check it later
muhmadtabrez
@muhmadtabrez
Dec 26 2018 10:12
@marcosbarbero ok thanks
muhmadtabrez
@muhmadtabrez
Dec 26 2018 12:28
@marcosbarbero i think my problem looks similar to this spring-cloud/spring-cloud-netflix#3126
Marcos Barbero
@marcosbarbero
Dec 26 2018 17:35
@muhmadtabrez my first thought was the sensitiveHeaders, are you sure the Authorization header is being sent by the angular app?