inter micro-service request responds with Forbidden status in spring cloud application

Question

I am investigating microservice architecture. I chose the spring cloud framework.

My application shema looks like this:

Also I have discovery server eureka but I decided to skip on the picture to simplify it.

Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud

Problem explanation:

hello world service:

@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
    return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}

hello service:

@GetMapping("/hello")
public String hello(@RequestParam("name") String name) throws UnknownHostException, InterruptedException {           
     return "Hello " + name + "!";
 }

When I started the hello service and try to access localhost:8082/h/hello?name=Vasya (/h - context path) - request happens successfully and I see Hello Vasya mesage in the response. I need to say that authentication is disabled for that service.

hello world service has index.html page and when I try to acces it - auth flow happens successfully and eventually this application log in successfully. Then I try to execute method /hello from the hello world service and I see response:

{"timestamp":"2018-05-17T08:53:04.623+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/hw/helloWorld"}

Oauth2 configuration:

hello world service

@SpringBootApplication
@EnableEurekaClient
@RibbonClient(name = "say-hello")
@EnableAutoConfiguration
@EnableOAuth2Sso
public class HelloWorldStarter {

    public static void main(String[] args) {
        SpringApplication.run(HelloWorldStarter.class, args);
    }


    @RestController
    @EnableDiscoveryClient
    @EnableCircuitBreaker
    public static class HelloWorldController {
        @Autowired
        private RestTemplate restTemplate;
        @Autowired
        private DiscoveryClient discoveryClient;

        @GetMapping("/helloWorld")
        @HystrixCommand(fallbackMethod = "reliable")
        public String hello() {           
            return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
        }

        public String reliable() {
            return "Could not get response from service";
        }
    }

    @org.springframework.context.annotation.Configuration
    public static class Configuration {
        @Bean
        @LoadBalanced
        RestTemplate restTemplate() {
            return new RestTemplate();
        }
    }
}

application.yml:

spring:
  application:
    name: hello-world-service
server:
  port: 8081
  servlet:
    context-path: /hw
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka
  instance:
    preferIpAddress: true

security:
  oauth2:
    client:
      client-id: acme
      client-secret: acmesecret
      access-token-uri: http://localhost:8080/oauth/token
      user-authorization-uri: http://localhost:8080/oauth/authorize
    resource:
      user-info-uri: http://localhost:8080/me

logging:
  level:
    org.springframework.security: DEBUG
    org.springframework.web: DEBUG

Questions

How can I fix this problem?
After previous point fix I want to know how to execute authorized request to that service. In other words I want to enable oauth 2 authorization on hello service and have possibility to make request from the hello world service

have you tried to use `OAuth2RestTemplate` instead of plain `RestTemplate`? see example here https://stackoverflow.com/questions/27864295/how-to-use-oauth2resttemplate — KSTN, May 21 '18 at 16:36

score 1 · Answer 1 · answered May 17 '18 at 13:10

1

I think you use very strange approach to solve your problem.

I suggest you the following solution:

Create FeignClient service.

@FeignClient(name = "hello-service", url = "http://hello-service")
public interface HelloService {

    @RequestMapping(method = RequestMethod.GET, value = "/hello")
    String hello(@PathVariable("name") String name);

}

Add oauth2FeignRequestInterceptor into SpringBoot Application class

@Bean
    public RequestInterceptor oauth2FeignRequestInterceptor() {
        return new RequestInterceptor() {
            @Override
            public void apply(RequestTemplate requestTemplate) {
                OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails();

                requestTemplate.header("Authorization", "bearer " + details.getTokenValue());
            }
        };
    }

Add several annotation into your SpringBoot Application class

@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableFeignClients
public class HelloWorldStarter

That's all hope it helps.

answered May 17 '18 at 13:10

Alexander Petrov

951
6
11

all code related with the hello world service appliction? – gstackoverflow May 17 '18 at 14:01
Additionally I can't say that I need Feign. I happy with restTemplate at the moment – gstackoverflow May 17 '18 at 14:21
yes it related with hello world service code should be placed near HelloWorldStarter – Alexander Petrov May 17 '18 at 14:27
restTemplate doesn't have any auth logic inside, on the other hand oauth2FeignRequestInterceptor contain it. – Alexander Petrov May 17 '18 at 14:29
What about https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/OAuth2RestTemplate.html this one? – gstackoverflow May 17 '18 at 14:36
As you can see hello service is not secured. Why do I see Forbidden? – gstackoverflow May 17 '18 at 15:27

inter micro-service request responds with Forbidden status in spring cloud application

Problem explanation:

Oauth2 configuration:

Questions

1 Answers1