Running a service on localhost:8000. I route to it with Spring Gateway and only get a white page instead of the login page of the service.
I've tried routing using java, and also through a yml file.
Java
#SpringBootApplication
public class GsGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(GsGatewayApplication.class, args);
}
#Bean
public RouteLocator myRoutes(RouteLocatorBuilder builder){
return builder.routes()
.route(p->p
.path("/get")
.uri("localhost:8000/login"))
.build();
}
}
application.yml
server:
port: 8080
spring:
application:
name: api-gateway
cloud:
gateway:
routes:
- id: weblogin
uri: localhost:8000/login
predicates:
- Path=/get
I expect a login page, but get only a blank white page.
By your configuration, when you access localhost/get you will be route to localhost:8080/get
Related
I've been trying to get a successful Oauth2 login with Google and Spring Boot for a while now. This only works partially. Why partly - because I can't manage the logout or when I pressed the logout button I see an empty, white browser page with my URL (http://localhost:8181/ben/"). After a refresh of the page I get error from google, but if I open a new tab, enter my url, I'm still logged in to google, because I can see my user, which I'm outputting to my react application.
#SpringBootApplication
#EnableOAuth2Sso
#RestController
#CrossOrigin
public class SocialApplication extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(SocialApplication.class, args);
}
#RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
#RequestMapping("/logout")
public String fetchSignoutSite(HttpServletRequest request, HttpServletResponse response) {
Cookie rememberMeCookie = new Cookie("JSESSIONID", "");
rememberMeCookie.setMaxAge(0);
response.addCookie(rememberMeCookie);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
auth.getPrincipal();
return "redirect:/ben/login";
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers("/ben/*").permitAll().anyRequest().authenticated().and()
.logout().logoutSuccessUrl("http://localhost:8181/ben/login").invalidateHttpSession(true)
.clearAuthentication(true).deleteCookies("JSESSIONID");
}
My application.yml file looks like this:
# Spring Boot configuration
spring:
profiles:
active: google
# Spring Security configuration
security:
oauth2:
client:
clientId: 415772070383-3sapp4flauo6iqsq8eag7knpcii50v9k.apps.googleusercontent.com
clientSecret: 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
accessTokenUri: https://www.googleapis.com/oauth2/v4/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
clientAuthenticationScheme: form
scope:
- email
- profile
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
preferTokenInfo: true
# Server configuration
server:
port: 8181
servlet:
context-path: /ben
That fetchSignoutSite only emptying the JsessionId and logging out from Spring Security context. So you would still need to add part where you go to google and sign out from there which I have no experience on implementation.
I'm trying to use zuul as a proxy with eureka for my spring boot microservices. On local everything is OK but when I deploy on tomcat, all request to the proxy are redirected to Tomcat home page.
Example:
on locale : http://localhost:9090/serice-1/getAll works fine.
on cloud :
http://xx.yy.zz.ww:8080/gateway/service-1/getAll gives 404
http://xx.yy.zz.ww:8080/gateway/service-1/ gives Tomcat home page
http://xx.yy.zz.ww:8080/gateway/service-1/myservice/getAll works fine
Here is my zuul service application.properties content:
spring.application.name=zuul-server
spring.jmx.default-domain=zuul-server
eureka.client.serviceUrl.defaultZone=http://localhost:8080/eureka/eureka
zuul.ignored-services=*
zuul.host.socket-timeout-millis=60000
zuul.host.connect-timeout-millis=10000
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=60000
ribbon.eureka.enabled=true
eureka.client.register-with-eureka=true
eureka.client.fetch-registry=true
eureka.client.preferSameZoneEureka=true
zuul.routes.myservice.path=/service-1/**
zuul.routes.myservice.serviceId=myservice
This is my GatewayApplication :
#SpringBootApplication(scanBasePackages ="com.gateway")
#EnableZuulProxy
#EnableDiscoveryClient
#EnableFeignClients("com.gateway")
public class GatewayApplication extends SpringBootServletInitializer {
#Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(GatewayApplication.class);
}
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class, args);
}
}
Maybe I am misusing some properties, but I have tried many, none have worked.
I have the /actuator/ Endpoints (in my case manage) on Port 6565. Is it possible to disable Security in Spring Boot 2 only for a specific port? At the moment I can only exclude certain paths from security. That would be insecure if I now run Enpoints under the main application port 1337 under /manage/. In the past we used management.security.enabled: false or was that path related too?
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/manage/**").permitAll()
.anyRequest().authenticated().and().httpBasic().realmName("Hay, the Config Server is here");
}
}
application.yml
spring:
cloud:
config:
server:
git:
uri: https://bitbucket.xxx.net/scm/gpi/springconfiguration.git
username: xxx
password: xxx
searchPaths: application-*
force-pull: true
security:
user:
name: xxxUser
password: xxx
server:
port: 1337
address: 0.0.0.0
management:
server:
port: 6565
metrics:
export:
prometheus:
enabled: true
endpoints:
web:
exposure:
include: '*'
base-path: /manage
endpoint:
prometheus:
enabled: true
I ended up with this as a working solution found here How can I tell spring security to apply authorizeRequests just for a specific port?
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Value("${management.server.port}")
private int managementPort;
#Value("${server.port}")
private int apiPort;
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers(forPortAndPath(managementPort, "/manage/**")).permitAll()
.anyRequest().authenticated().and().httpBasic().realmName("Hay, the Config Server is here");
}
private RequestMatcher forPortAndPath(final int port, final String pathPattern) {
return new AndRequestMatcher(forPort(port), new AntPathRequestMatcher(pathPattern));
}
private RequestMatcher forPortAndPath(final int port, final HttpMethod method,
final String pathPattern) {
return new AndRequestMatcher(forPort(port), new AntPathRequestMatcher(pathPattern, method.name()));
}
private RequestMatcher forPort(final int port) {
return (HttpServletRequest request) -> port == request.getLocalPort();
}
Another Solution is to add the paths to the WebSecurity
#Value("${management.server.port:6565}")
private int managementPort;
#Value("${management.endpoints.web.base-path:/manage}")
private String managementPath;
#Override
public void configure(WebSecurity web) {
if (securityConfiguration.getAuthenticationScenario()
.equals(HwlPortalAuthenticationScenario.DISABLE_SECURITY)) {
web.ignoring().antMatchers("/**");
} else {
web.ignoring().antMatchers(securityConfiguration.securityDisabledPaths().toArray(new String[]{}))
.requestMatchers(forPortAndPath(managementPort,managementPath + "/**"));
}
}
I am working on FileStore application, FileStore is a Spring boot application.
we want didn't to publish the URL of FileStore application, We wanted to put Zuul application,which will work like proxy.
I tried basic Zuul gateway example. It all works good for normal request following below example
https://spring.io/guides/gs/routing-and-filtering/
But it fails for mulitpart request. Can anyone have example for support multipart request using Zuul proxy.
We are trying to upload large files via Zuul proxy...
Exception stacktrace
PreFilter Code:
public class MyPreFilter extends ZuulFilter{
#Override
public String filterType() {
return "pre";
}
#Override
public int filterOrder() {
return 1;
}
#Override
public boolean shouldFilter() {
return true;
}
#Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
return null;
}
}
Thanks in advance.
You can use following configuration on zuul API gateway:
zuul:
routes:
user-service-1:
path: /api/userserv1/**
url: http://localhost:9090
strip-prefix: false
user-service-2:
path: /api/userserv2/**
url: http://localhost:9091
strip-prefix: false
user-service-3:
path: /api/userserv3/**
url: http://localhost:9092
strip-prefix: false
How do you setup a separate Spring OAuth2 ResourceServer only, that uses and 3rd party AuthorizationServer
All examples I see always implement the ResourceServer and AuthorizationServer in same application.
I don't want to implement the AuthorizationServer as someone else is going to provide this.
Have tried with no luck
#Configuration
#EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter
And application.yml includes
security:
oauth2:
resource:
userInfoUri: https://...../userinfo
Adding to my question some further details::
In my understanding - with OAuth there are 4 players:
resource owner: a person
resource server: server exposing a protected API (protected by the authentication server)
authentication server: the server that handles issuing access tokens to clients
client: an application (say website) accessing the resource server API's after resource owner have given consent
I have tried various tutorials, but all seem to implement their own Authorisation server
http://www.swisspush.org/security/2016/10/17/oauth2-in-depth-introduction-for-enterprises
https://gigsterous.github.io/engineering/2017/03/01/spring-boot-4.html
or are examples of implementing the client player
http://www.baeldung.com/spring-security-openid-connect
https://spring.io/guides/tutorials/spring-boot-oauth2/
My Question is:
How do I implement just the Resource Server which secures my REST API, via a 3rd party authentication server, nothing more.
I have work this out - all you need is:
#SpringBootApplication
#EnableResourceServer
public class ResourceServer {
public static void main(String[] args) {
SpringApplication.run(ResourceServer.class, args);
}
}
With the application.yml as posted in the original question of:
security:
oauth2:
resource:
userInfoUri: https://........userinfo
I've created two sample separate applications, one of them acting as oauth client, and another one acting as a resource server, and both of them are using an external authentication server (which is facebook in this example).
The scenario in the example is as follows, the user opens app1 (oauth client) and gets redirected to first page, and once he clicks login, he'll be redirected to facebook login, and after a successful login, he will get back to the first page. If he clicked on the first button, a call to an api within the same application will be made, and will appear beside message 1 label, and if he clicked on the second button, a call to an api within app2 (resource server) will be made, and the message will be displayed beside message 2 label.
If you checked the logs, you will find the api call going from app1 to app2 containing the access token in the request parameters.
Logs for app1 calling app2
Please find the source code on the git repository here
This is the configuration for app1 (oauth client)
app1 web security config
#Configuration
#EnableOAuth2Sso
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll()
.anyRequest().authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
#Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("GET");
config.addAllowedMethod("POST");
config.addAllowedMethod("PUT");
config.addAllowedMethod("DELETE");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
app1 application properties
security:
oauth2:
client:
clientId: <your client id>
clientSecret: <your client secret>
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth?redirect_url=https://localhost:8443/
tokenName: access_token
authenticationScheme: query
clientAuthenticationScheme: form
registered-redirect-uri: https://localhost:8443/
pre-established-redirect-uri: https://localhost:8443/
resource:
userInfoUri: https://graph.facebook.com/me
logging:
level:
org.springframework.security: DEBUG
This is the configuration for app2 (resource server)
app2 resource server config
#Configuration
#EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
String[] ignoredPaths = new String[] { "/error", "/login", "/doLogut", "/home", "/pageNotFound", "/css/**",
"/js/**", "/fonts/**", "/img/**" };
#Value("${security.oauth2.resource.user-info-uri}")
private String userInfoUri;
#Value("${security.oauth2.client.client-id}")
private String clientId;
#Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(ignoredPaths).permitAll().anyRequest().authenticated();
}
#Primary
#Bean
public UserInfoTokenServices tokenService() {
final UserInfoTokenServices tokenService = new UserInfoTokenServices(userInfoUri, clientId);
return tokenService;
}
}
app2 application properties
security:
oauth2:
resource:
userInfoUri: https://graph.facebook.com/me
client:
client-id: <your client id>
logging:
level:
org.springframework.security: DEBUG
This is where app1 controller calls an api on app2 (hi2 api)
#RestController
#CrossOrigin(origins = "*", allowedHeaders = "*")
public class UserController {
#Autowired
OAuth2RestTemplate restTemplate;
#RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
#RequestMapping("/hi")
public String hi(Principal principal) {
return "Hi, " + principal.getName();
}
#RequestMapping("/hi2")
public String hi2(Principal principal) {
final String greeting = restTemplate.getForObject("http://127.0.0.1:8082/api/hello", String.class);
System.out.println(greeting);
return greeting;
}
}