3

I'm using JHipster v4.5.5 and I'm working through the examples at https://jhipster.github.io/using-uaa/. I have two microservices that are trying to communicate. I secured one microservice method with these annotations:

@Secured({AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN})

I tried to contact this service from another microservice using an AuthorizedFeignClients:

@AuthorizedFeignClient(name = "MicroService2")
public interface MicroService2Client {

    @RequestMapping(method = RequestMethod.GET, value = "/api/demo/string")
    public String getString();
...

When I try it, I get:

An unexpected error occurred: status 403 reading MicroService2Client#getString(); content: {"message":"error.accessDenied","description":"Access is denied","fieldErrors":null}

What credentials / user is the FeignClient trying to use? Is it the "internal" client defined in application*.yml under the jhipster.security.client-authorization settings?

If so, what annotations should I use on the method to allow this user to access the REST method?

I would prefer that the user account be used and not try to use a service account. I see a note in the documentation that:

As an alternative, the access token of the initial request may be forwarded to further calls. Currently, there is no “default solution” provided by JHipster.

How do you forward the access token of the original request and forward it on?

I setup a working set of demo projects here:

David I.
  • 4,747
  • 3
  • 26
  • 34
  • Token is stored in Authorization HTTP header, just read it from incoming request and add it to the outgoing request. This is what a gateway does through Zuul proxy. – Gaël Marziou Jul 25 '17 at 17:16
  • I'm using a Feign client where I only specify the interface. I don't write the implementation, and I never see it. I don't have access to the internals of how the methods are written at runtime... – David I. Jul 25 '17 at 19:46
  • Have you tried this? https://stackoverflow.com/questions/37066331/using-headers-with-dynamic-values-in-feign-client-spring-cloud-brixton-rc2 – Gaël Marziou Jul 25 '17 at 19:50
  • I don't know how to try that link. I would rather not annotate each client method with @Param("token") String token, and I don't know if I'm supposed to register a RequestInterceptor, or where I would do that. – David I. Jul 25 '17 at 21:50
  • 1
    Personally, I would rather use a RestTemplate because it's better documented. – Gaël Marziou Jul 25 '17 at 21:55
  • Do the Git repos help? I have the exact error message in MyDemoMicroservice1 README – David I. Jul 26 '17 at 18:49
  • Have a look at the second answer of https://stackoverflow.com/questions/27864295/how-to-use-oauth2resttemplate In OAuthUser.init() it casts Principal into an OAuth2Authentication to extract what you need to call other service using RestTemplate in YourController.createOrder() though I would not necessary use @Autowired OAuthUser – Gaël Marziou Jul 26 '17 at 19:45

0 Answers0