I have Zuul + Eureka + Spring Boot Service Endpoint + Hateoas response configuration. When I access the service through Zuul Gateway, the resource links in the response are direct links to the service endpoints, shouldn't they be the Gateway links? What am i missing here?
Gateway Endpoint : http://localhost:8762/catalog/products/10001
Direct Service Endpoint : http://localhost:8100/products/10001
application.properties for Zuul
spring.application.name=zuul-server
eureka.client.service-url.default-zone=http://localhost:8761/eureka/
# Map paths to services
zuul.routes.catalog-service=/catalog/**
zuul.addProxyHeaders=true
Actual Response on Gateway Endpoint : http://localhost:8762/catalog/products/10001
{
"title" : "The Title",
"description" : "The Description",
"brand" : "SOME BRAND",
"price" : 100,
"color" : "Black",
"_links" : {
"self" : {
"href" : "http://localhost:8100/products/10001"
}
}
}
Expected Response should have Gateway URL in href
{
"title" : "The Title",
"description" : "The Description",
"brand" : "SOME BRAND",
"price" : 100,
"color" : "Black",
"_links" : {
"self" : {
"href" : "http://localhost:8762/catalog/products/10001"
}
}
}
I've got this issue and resolved it via this post on github
The gist is
spring-boot <=2.1
#Bean
ForwardedHeaderFilter forwardedHeaderFilter() {
return new ForwardedHeaderFilter();
}
spring-boot >= 2.2
server.use-forward-headers=true
While #Nikhil said he fixed by just adding #Bean, in my case is just the opposite:
I just added forward-headers-strategy: FRAMEWORK (currently, server.use-forward-headers is deprecated) and it worked for me that way.
Thank you #Zipster!
Additional info:
Property server.use-forward-headers accepts three possible values:
NONE
NATIVE
FRAMEWORK
I tested the three options to check the differences.
My Zuul gateway (port 8080) routes are configured as it follows:
zuul:
prefix: /api/v0
sensitive-headers: Cookie,Set-Cookie # Allow Authorization header forwarding
routes:
api-v0-questions:
path: /questions/**
service-id: api-v0-questions
strip-prefix: false
NATIVE - URL points to gateway and stripping the /api/v0 (top prefix):
"_links": {
"self": {
"href": "http://localhost:8080/questions/5f6fa0300ec87b34b70393ca"
}
FRAMEWORK - URL points to gateway and DOES NOT strip the /api/v0 prefix:
"_links": {
"self": {
"href": "http://localhost:8080/api/v0/questions/5f6fa0300ec87b34b70393ca"
}
NONE - URL points to service, just like as adding no property at all:
"_links": {
"self": {
"href": "http://localhost:8081/questions/5f6f96ba0ec87b34b70393b2"
}
Related
My Elasticsearch7.8.0 is running in OCI OKE (Kubernetes running in Oracle Cloud). I want to setup Elasticsearch backup snapshot with OCI Object store using OCI Amazon S3 Compatibility API. Added repository-s3 plugin and configured ACCESS_KEY and SECRET_KEY in the PODs. While repository, I am getting "s_s_l_peer_unverified_exception"
PUT /_snapshot/s3-repository
{
"type": "s3",
"settings": {
"client": "default",
"region": "OCI_REGION",
"endpoint": "OCI_TENANCY.compat.objectstorage.OCI_REGION.oraclecloud.com",
"bucket": "es-backup"
}
}
Respose :
{
"error" : {
"root_cause" : [
{
"type" : "repository_verification_exception",
"reason" : "[s3-repository] path is not accessible on master node"
}
],
"type" : "repository_verification_exception",
"reason" : "[s3-repository] path is not accessible on master node",
"caused_by" : {
"type" : "i_o_exception",
"reason" : "Unable to upload object [tests-0J3NChNRT9WIQJknHAssKg/master.dat] using a single upload",
"caused_by" : {
"type" : "sdk_client_exception",
"reason" : "Unable to execute HTTP request: Certificate for <es-backup.OCI_TENANCY.compat.objectstorage.OCI_REGION.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]",
"caused_by" : {
"type" : "s_s_l_peer_unverified_exception",
"reason" : "Certificate for <es-backup.OCI_TENANCY.compat.objectstorage.OCI_REGION.oraclecloud.com> doesn't match any of the subject alternative names: [swiftobjectstorage.us-ashburn-1.oraclecloud.com]"
}
}
}
},
"status" : 500
}
I hope you are aware of when to use S3 Compatible API.
"endpoint":"OCI_TENANCY.compat.objectstorage.OCI_REGION.oraclecloud.com"
Please modify OCI_TENANCY to TENANCY_NAMESPACE. Please refer to this link for more information.
You can find your tenancy namespace information in Administration -> Tenancy Details page.
Well you shouldn't be talking to es-backup.OCI_TENANCY.compat.objectstorage.OCI_REGION.oraclecloud.com where your bucket name is part of the domain. You can try it in your browser and you'll get a similar security warning about certs.
If you look at https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/s3compatibleapi.htm#usingAPI you'll see a mention of:
The application must use path -based access. Virtual host-style access (accessing a bucket as bucketname.namespace.compat.objectstorage.region.oraclecloud.com) is not supported.
AWS is migrating from path based to sub-domain based URLs for S3 (https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/) so the ES S3 plugin is probably defaulting to doing things the new AWS way.
Does it make a difference if you use an https:// URL for the endpoint value? Looking at my 6.8 config I have something like:
{
"s3-repository": {
"type": "s3",
"settings": {
"bucket": "es-backup",
"client": "default",
"endpoint": "https://{namespace}.compat.objectstorage.us-ashburn-1.oraclecloud.com/",
"region": "us-ashburn-1"
}
}
}
What I'm guessing is that having a full URL for the endpoint probably sets the protocol and path_style_access or 6.8 didn't require you to set path_style_access to true but 7.8 might. Either way, try a full URL or setting path_style_access to true. Relevant docs at https://www.elastic.co/guide/en/elasticsearch/plugins/master/repository-s3-client.html
In my spring boot app I have endpoints which are validated by header parameter in my springboot app.
Current swagger json looks like this:
// part of current swagger.json
...
"paths": {
"/path1/{param1}": {
"get": {
"parameters": [
{
"name": "param1",
"in": "path",
"type": "string",
"required": true
}
]
}
}
}
...
I want to add missing parameter using springdoc-openapi-ui configuration so it would look like this:
// I want to achieve swagger.json which contains additional parameter
...
"paths": {
"/path1/{param1}": {
"get": {
"parameters": [
{
"name": "param1",
"in": "path",
"type": "string",
"required": true
},
{
"name": "missingParam",
"in": "header",
"type": "string",
"required": true
}
]
}
}
}
...
I tried achieving that by adding to my appplication.yml solution from Common Parameters for Various Paths
#application.yml
...
components:
parameters:
hiddenParam:
in: header
name: missingParam
required: true
schema:
type: string
paths:
/path1:
get:
parameters:
- $ref: '#/components/parameters/hiddenParam'
But it doesn't work.
My questions:
Is there a way to modify my swagger result using application configuration?
I want to define parameter template and add it to all endpoints, how can I achieve that?
You can add the global parameters like header using OperationCustomizer as shown below. This will add your parameter to every service
#Configuration
public class SwaggerConfiguration {
#Bean
public OperationCustomizer customGlobalHeaders() {
return (Operation operation, HandlerMethod handlerMethod) -> {
Parameter missingParam1 = new Parameter()
.in(ParameterIn.HEADER.toString())
.schema(new StringSchema())
.name("missingParam1")
.description("header description2")
.required(true);
Parameter missingParam2 = new Parameter()
.in(ParameterIn.HEADER.toString())
.schema(new StringSchema())
.name("missingParam2")
.description("header description2")
.required(true);
operation.addParametersItem(missingParam1);
operation.addParametersItem(missingParam2);
return operation;
};
}
}
Finally I decided to use different approach.
I defined security scheme and applied it globally as authorization header.
#Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.info(new Info().title("My App").version("1.0.0"))
// Components section defines Security Scheme "mySecretHeader"
.components(new Components()
.addSecuritySchemes("mySecretHeader", new SecurityScheme()
.type(SecurityScheme.Type.APIKEY)
.in(SecurityScheme.In.HEADER)
.name("missingParam")))
// AddSecurityItem section applies created scheme globally
.addSecurityItem(new SecurityRequirement().addList("mySecretHeader"));
}
Now swagger-ui.html allows testing endpoints with authorization header or without it according to tester requirements.
Cheers!
We have a Spring Boot 2 REST service app consisting of multiple micro-services. ELB is used for service registration and discovery, e.g. there are services available at
http://<dev-env>/api/serviceA/actuator/info
{
"app" : {
"name" : "App Name",
"description" : "App Description"
},
"git" : {
"branch" : "origin/brancha",
"commit" : {
"id" : "204f7a0",
"time" : "2019-07-10T11:09:13Z"
}
},
"build" : {
"version" : "0.0.1-SNAPSHOT",
"build" : {
"version" : "v_0.1.151"
},
http://<dev-env>/api/serviceB/actuator/info
....
Every service uses SB 2 Actuator.
How can we aggregate this version information from two or more micro-services into single page(kind of dashboard)? Are there any ready solutions?
In your dashboard application just open a http connection and query all the microservices actuator endpoints. There are tons of ways to get started. You should choose one that you are comfortable with.
I'm building a basic places search page and I'm using the Google Places Javascript library for it (text search). I do get one "photo" element back, but I noticed that the "photo_reference" field is empty. Here a sample request:
var service = new google.maps.places.PlacesService(this.map);
service.textSearch({query: 'harbour bridge'}, this.callback.bind(this));
Repsonse:
{
"formatted_address":"Sydney Harbour Bridge, Sydney NSW, Australia",
"geometry":{
"location":{
"lat":-33.8523063,
"lng":151.21078710000006
}
},
"icon":"https://maps.gstatic.com/mapfiles/place_api/icons/generic_business-71.png",
"id":"e22913360d0b946d099c7a32a77a95e49f9ead66",
"name":"Sydney Harbour Bridge",
"photos":[{
"height":4000,
"html_attributions":["Jasper Straver"],
"width":6000
}],
"place_id":"ChIJ49XqJV2uEmsRPsTAF7eOlGg",
"rating":4.7,
"reference":"[...]",
"types":["point_of_interest", "establishment"],
"html_attributions":[]
}
If I do the same request using the web service, I get the photo_reference. Example:
https://maps.googleapis.com/maps/api/place/textsearch/json?key=[...]&query=harbour%20bridge
Response:
{
"formatted_address" : "Sydney Harbour Bridge, Sydney NSW, Australia",
"geometry" : {
"location" : {
"lat" : -33.8523063,
"lng" : 151.2107871
}
},
"icon" : "https://maps.gstatic.com/mapfiles/place_api/icons/generic_business-71.png",
"id" : "e22913360d0b946d099c7a32a77a95e49f9ead66",
"name" : "Sydney Harbour Bridge",
"photos" : [
{
"height" : 4000,
"html_attributions" : ["\u003ca href=\"https://maps.google.com/maps/contrib/113178678511744469415/photos\"\u003eJasper Straver\u003c/a\u003e"],
"photo_reference" : "CmRdAAAAY-WUame_CRFnMFmUN4UlvFHI7o3tQOqXJxTkjQINgzMQOOheBzLPIm43dlIAIkhFyugFAw8fnf-ItEiUp1j48B23sCDFRtCWM123euhDif_P1jYkvFAjDrPxq1rCnmi2EhCt6LpVl5W-AKPLRkW_tzs6GhRlG4dx2CVuTNZZMFFo3eYMSFWzGg",
"width" : 6000
}
],
"place_id" : "ChIJ49XqJV2uEmsRPsTAF7eOlGg",
"rating" : 4.7,
"reference" : "[...]",
"types" : [ "point_of_interest", "establishment" ]
}
How come there is a difference between the JS and Web Services API? How can I get the photo_reference from the JS library? (I don't want to make a getDetails(...) request for each search result)
Thanks!
photo_reference is for the Google Places API Web Service. With the Places Javascript library you can just call getUrl on the elements of the photos array, e.g. place.photos[0].getUrl({maxWidth: 1000}).
Like the Web Service, search results won't have more than 1 photo.
I have two spring boot applications where one of them is acting as an API Gateway (as discussed here Spring Example). The other which is wired into the first one is exposing a profile service using spring-data-rest (spring-data-neo4j-rest).
The first application is starting on port 8080 and is using zuul to route requests to the second as follows:
zuul:
routes:
profiles:
path: /profiles/**
url: http://localhost:8083/profiles/
This all works fine and requests to http://localhost:8080/profiles are being served from the second app. The problem though is that the HATEOAS links in the response are incorrect. The response from calling that second service are correct:
{
"_links": {
"self": {
"href": "http://localhost:8083/profiles{?page,size,sort}",
"templated": true
},
"search": {
"href": "http://localhost:8083/profiles/search"
}
},
"_embedded": {
"profiles": [
{
"name": "Andrew Rutter",
"_links": {
"self": {
"href": "http://localhost:8083/profiles/0"
}
}
},
{
"name": "Andrew Rutter",
"_links": {
"self": {
"href": "http://localhost:8083/profiles/1"
}
}
}
]
},
"page": {
"size": 20,
"totalElements": 2,
"totalPages": 1,
"number": 0
}
}
But when this comes back to my API Gateway, the links are being rewritten to
{
"name": "Andrew Rutter",
"_links": {
"self": {
"href": "http://localhost:8080/profiles/profiles/0"
}
}
}
Which is the gateway path alias plus the actual service base Uri. Am I missing a zuul option to disable that behavior and just leave the hateoas uri in place with a host adjustment. Or is there a way for my service behind the gateway to be wired to / rather then the default resource endpoint of /profiles (in this case) which would avoid the undesirable path being added in.
Thanks!
Zuul or Spring-Cloud adds the "X-Forwarded-Host" header to all the forwarded requests, which Spring-hateoas respects and modifies the links appropriately. To quote from Spring-Cloud docs:
The X-Forwarded-Host header added to the forwarded requests by
default. To turn it off set zuul.addProxyHeaders = false. The prefix
path is stripped by default, and the request to the backend picks up a
header "X-Forwarded-Prefix" ("/myusers" in the examples above).
You can try the recommended fix, which is to set the zuul.addProxyHeaders=false
I had exactly the same problem. Change your config as follows:
zuul:
routes:
profiles:
path: /profiles/**
url: http://localhost:8083
stripPrefix: false
This routes all requests going to the gateway matching "/profiles/**" to your back end server "http://localhost:8083" and leaves the prefix (in your case "/profiles" since that's what matched the route).
Zuul forwards to the /profiles contextPath.
Try setting this as configuration:
zuul:
routes:
profiles:
path: /profiles/**
url: http://localhost:8083/
After struggling some time with the same problem, finally I've tried zuul.addProxyHeaders = true and it works!
Links are not broken anymore.
In the demo app I used for SpringOne in my talk about Spring Data REST, I have the following configuration to both handle URI rewrites as well as adjust prefix headers set properly.
zuul:
routes:
api:
path: /api/**
serviceId: spring-a-gram-backend
stripPrefix: false
files:
path: /files/**
serviceId: spring-a-gram-mongodb-fileservice
stripPrefix: false
See it in full at https://github.com/gregturn/spring-a-gram/blob/master/spring-a-gram-frontend/src/main/resources/application.yml#L23-L32