I set the application service management.context-path to /mgmt and Registry it to eureka server.
eureka:
instance:
statusPageUrlPath: ${management.context-path}/info
healthCheckUrlPath: ${management.context-path}/health
metadata-map:
management.context-path: ${management.context-path}
prefer-ip-address: true
client:
serviceUrl:
defaultZone: http://registry:7000/eureka/
when i view the JMX in admin UI(another different service, and registry in eureka server), i got some security issue. and actually i add the /mgmt/* to the white list
http.authorizeRequests()
.antMatchers("/" ,"/mgmt/*","/jolokia","/jolokia/**").permitAll()
How to set the jolokia context path in springboot admin?
Oh Fk, just a mistake, change the /mgmt/* to /mgmt/, it works.
http.authorizeRequests()
.antMatchers("/" , "/mgmt/**","/jolokia","/jolokia/**").permitAll()
Related
I have two microservices deployed and a eureka server. The microservices are eureka clients, viz, eureka-client-1 and eureka-client-2 respectively.
Using, service discovery, I want to call an API from eureka-client-1 of eureka-client-2.
Following is the supported code and configurations:
discovery-server (eureka server) configuration:
server:
port: 8761
eureka:
client:
fetch-registry: false
register-with-eureka: false
spring:
application:
name: discovery-server
eureka-client-1 and eureka-client-2 have same configurations:
eureka:
client:
service-url:
defaultZone: http://localhost:8761/eureka
In eureka-client-1 I am using RestTemplate to communicate with the eureka-client-2
Notice that I have currently commented the LoadBalanced annotation.
#Bean
// #LoadBalanced
public RestTemplate restTemplate(){
return new RestTemplate();
}
I access the api of eureka-client-2 as follows:
restTemplate.getForObject(
"http://EUREKA-CLIENT-2/api/v1/check/{customerId}", Response.class, customer.getId());
When I deploy and test the application, I am getting UnknownHostException for EUREKA-CLIENT-2. But, as soon as I enable the annotation #LoadBalanced everything works fine and eureka-client-1 can successfully communicate with eureka-client-2.
My question is: Why #LoadBalanced annotation is absolutely compulsory? If I have deployed only single instances of each microservices, why can't the discovery-server return the information of the only service with given name that is deployed? And even if same service is deployed multiple times, why it can't internally apply the loadbalancing algorithm? Why the client has to specifically add the annotation
I am encountering a very peculiar problem in spring cloud gateway. Every alternate request returns a 404. This happens across all services I've configured in the api-gateway without exception. I don't even know where to start to debug this problem.
Here's my application.yml file for common config.
server:
port: 8080
ssl:
enabled: true
key-store: classpath:keystore.p12
key-store-password: password
key-store-type: pkcs12
key-alias: tomcat
security:
require-ssl=true:
logging:
level:
org:
springframework:
cloud.gateway: DEBUG
http.server.reactive: DEBUG
web.reactive: DEBUG
spring:
application:
name: api-gateway
cloud:
gateway:
httpclient:
ssl:
useInsecureTrustManager: true
Here's my java config file
#EnableWebFluxSecurity
public class SecurityConfig {
#Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository) {
// Authenticate through configured OpenID Provider
http.oauth2Login();
// Also logout at the OpenID Connect provider
http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(
clientRegistrationRepository)));
// Require authentication for all requests
http.authorizeExchange().anyExchange().authenticated();
// Allow showing /home within a frame
http.headers().frameOptions().mode(Mode.SAMEORIGIN);
// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
http.csrf().disable();
return http.build();
}
}
Here's the spring profile specific config file that gets loaded on top of the common application.yml file.
spring:
security:
oauth2:
client:
provider:
keycloak:
issuerUri: http://localhost:9080/auth/realms/mylocal
userNameAttribute: preferred_username
registration:
keycloak:
clientId: api-gateway-client
clientSecret: abcdefgh-ijkl-mnop-qrst-uvwxyz5d6a9
cloud:
gateway:
default-filters:
- TokenRelay
routes:
- id: news
uri: http://localhost:8082/news
predicates:
- Path= /news/**
- id: customers
uri: http://localhost:8083/customers
predicates:
- Path= /boards/**
- id: search
uri: http://localhost:8085/search
predicates:
- Path= /search/**
Hey i got the issue recently too, I figure out that it was the load balancing the issue. Make sure that your spring.application.name of the microservice that you try to contact are all in capital letter (EXAMPLE) especially if you use Eureka. (hope it helps)
I had a similar issue. The reason was in registration of several services under the same application name in my Eureka server. Just like this:
Eureka instances screenshot
Those are completely different services, but they are registered under one application name. So when a request is made through load balancer, the latter tries to use both of the service urls. One service is able to serve request correctly, but another one may know nothing about the requested path, that is why 404 is returned.
Check if there are two or more microservices using the same spring.application.name and registered with eureka.
I know it's an old question... But might help future readers.
hey, here is the simplest solution I found for myself, in the browser
url, instead of 'localhost', give your system's name.
ex:
http://hp:8083/SERVICE-NAME/customers/**
also make sure to name all your spring application in uppercase.
I want enable default routing in my spring cloud gateway (no zuul) by service ids registered in eureka (application names) but I always got 404 error.
In my chat service's bootstrap.yml
I have defined application name
spring:
application:
name: chat-service
and in application properties:
eureka:
instance:
preferIpAddress: true
client:
healthcheck:
enabled: true
serviceUrl:
defaultZone: http://${EUREKA_HOST:localhost}:${EUREKA_PORT:8761}/eureka/
when I go to eureka's dashboard I can see registered my chat service and gateway as well.
Eureka's configuration in gateway application is same as chat service, but I also have this:
spring:
application:
name: gateway
cloud:
gateway:
discovery:
locator:
enabled: true
and next I also tried add explicit routes which din't work as well, but if I have discovery locator enabled set to true this shouldn't be needed right?
routes:
- id: chat-service-route
uri: lb://chat-service
predicates:
- Path=**
I created test endpoint which I tried call directly on chat service and also with gateway. Direct call works fine so issue will be with routing.
#RestController
#RequestMapping
public class TestController {
#GetMapping
public String test() {
return "chat-service ready";
}
}
What I did wrong? I am little desperate. I am using spring boot 2.2.2 and Hoxton.RELEASE cloud dependencies version
Try removing explicit routes and add below property to application yml. This works for me.
spring:
cloud:
gateway:
discovery:
locator:
lower-case-service-id: true
I have a spring boot application with configuation like this:
src/main/resources/application.yml:
eureka:
client:
serviceUrl:
defaultZone: http://10.254.102.12:1111/eureka/
In my unit test cases, I want to set eureka instance name and change the logging level.
src/test/resources/application.yml:
eureka:
instance:
appname: item-client-test
logging:
level: debug
But when I added these additional settings those former settings seems to not work any more. The eureka serviceUrl fallback to default loclahost:8761, so my test failed. When I added my custom eureka serviceUrl to src/test/resources/application.yml, my test goes well.
So I am confused about is this a bug of spring boot or I was not using the right way for my configuration?
What you can try, instead, is having two configuration files like:
src/main/resources/application.yml
eureka:
client:
serviceUrl:
defaultZone: http://10.254.102.12:1111/eureka/
and
src/main/resources/application-test.yml
eureka:
instance:
appname: item-client-test
client:
serviceUrl:
defaultZone: http://test-server/eureka/
logging:
level: debug
and run your tests with SPRING_PROFILES_ACTIVE=test mvn test
Spring Boot will look for application-#{environment} config file (so to say) and use it, inheriting from the default (application.yml) config file
I have created a Single Page Application using the Spring Tutorial for making one with AngularJS and OAuth and such found here:
https://spring.io/guides/tutorials/spring-security-and-angular-js/#_multiple_ui_applications_and_a_gateway_single_page_application_with_spring_and_angular_js_part_vi
This is the application.yml files for the SPA application:
security:
user:
password: none
oauth2:
client:
accessTokenUri: localhost:7777/uaa/oauth/token
userAuthorizationUri: localhost:7777/uaa/oauth/authorize
clientId: acme
clientSecret: acmesecret
resource:
user-info-uri: localhost:7777/uaa/user
zuul:
routes:
resource:
path: /resource/**
url: localhost:9000/resource
user:
path: /user/**
url: localhost:7777/uaa/user
eureka:
client:
serviceUrl:
defaultZone: ${vcap.services.eureka-service.credentials.uri:127.0.0.1:8761}/eureka/
---
spring:
profiles: cloud
eureka:
instance:
hostname: ${APPLICATION_DOMAIN}
nonSecurePort: 80
I want to know how I would change the zuul routes and the user-info-uri so that I don't have to specify the urls and all this can be done by using the service-id. I looked at the tutorial for using eureka here:
https://spring.io/blog/2015/01/20/microservice-registration-and-discovery-with-spring-cloud-and-netflix-s-eureka
but I don't quite understand how I can achieve my goal without adding all the java to my code, because the basic eureka server already seems to register all my services.
Had issue with using eureka service id, userInfoUri used to throw UnknownHost Exception all the time, #LoadBallanced restTemplate did not solve my issue, solution was to set prefer-token-info to false ( if true - no load ballancing for oauth )
security.oauth2.resource.service-id={Service ID as at eureka server registered}
security.oauth2.resource.userInfoUri= http://${security.oauth2.resource.service-id}/user/me
security.oauth2.resource.loadBalanced=true
security.oauth2.resource.prefer-token-info=false
no port number needed if service ID used , but needed if ip or host used
If I do understand your question correct you can just use the config file in this pattern:
zuul:
routes:
<service_id>:
path: /path/**
For example (if your oauth-service is registered as auth):
zuul:
routes:
auth:
path: /user/**
Zuul will leverage Eureka and find the endpoints for the services. In addition to that it will provide client-side load-balancing.