I am working on Spring Boot migration from 1.5.12 to 2.1.14. We have to migrate Spring Cloud dependncies as well. So for this I have changed Spring cloud version as 'Greenwich.SR4'(supported version for Spring Boot 2.1.x) from 'Dalston.SR4'.
//implementation('org.springframework.boot:spring-boot-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-oauth2')
//compile('org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure')
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
compile('org.springframework.boot:spring-boot-starter-web')
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-server")
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-client")
compile("org.springframework.cloud:spring-cloud-starter-netflix-zuul")
I have Eureka Server and Zuul GateWay Application which is one of the micro service which will be acting as Proxy and eureka client shown below
Eureka Server:
----------------
@SpringBootApplication(exclude = {
HibernateJpaAutoConfiguration.class,
JndiConnectionFactoryAutoConfiguration.class,
DataSourceAutoConfiguration.class,
DataSourceTransactionManagerAutoConfiguration.class,
SecurityAutoConfiguration.class
})
@EnableEurekaServer
@ComponentScan("com.swp.service.eureka")
public class EurekaRegistryApplication {
public static void main(String[] args) {
SpringApplication springApplication = new SpringApplication(EurekaApplication.class);
springApplication.run(args);
}
application-eureka.properties:
-----------------------------
spring.application.name=eureka
server.port=8761
eureka.instance.hostname=localhost
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=false
eureka.client.serviceUrl.defaultZone=http://${eureka.instance.hostname}:${server.port}/eureka/
security.enabled=false
Zuul Gateway:
---------------
@SpringBootApplication(exclude = {
HibernateJpaAutoConfiguration.class,
JndiConnectionFactoryAutoConfiguration.class,
DataSourceAutoConfiguration.class,
DataSourceTransactionManagerAutoConfiguration.class,
SecurityAutoConfiguration.class
})
@EnableZuulProxy
@EnableDiscoveryClient
@ComponentScan("com.swp.swp.service.zuul")
public class SWPGatewayApplication {
public static void main(String[] args) {
SpringApplication springApplication = new SpringApplication(SWPGatewayApplication.class);
springApplication.run(args);
}
}
application-gateway.properties
-------------------------------
spring.application.name=zuul
server.port=8092
server.servlet.context-path=/swp-gateway
allowedOriginHeaders=http://localhost:9090
zuul.add-host-header=true
zuul.sensitiveHeaders=Cookie,Set-Cookie
zuul.host.connect-timeout-millis=300000
zuul.host.socket-timeout-millis=300000
zuul.routes.swp.path=/swpapp/**
zuul.routes.oauth.path=/authservice/**
zuul.routes.swp.serviceId=swpapp
zuul.routes.oauth.serviceId=oauthservice
ribbon.ReadTimeout=300000
ribbon.ConnectTimeout=300000
ribbon.eureka.enabled=true
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=300000
eureka.client.registerWithEureka=false
eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka/
security.enabled=false
We have integrated spring security with Oauth2 and have Authorization server and Resource server like below.
Authorization server:
---------------------
@Configuration
@EnableAuthorizationServer
@ConditionalOnProperty(name="EnableJwtToken", matchIfMissing=true, havingValue="false")
public class AuthServerConfig extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer {
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
private AuthenticationManager authenticationManager;
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
logger.info("AuthorizationServerSecurityConfigurer", "Enter into AuthorizationServerSecurityConfigurer");
oauthServer.checkTokenAccess("isAuthenticated()").checkTokenAccess("permitAll()");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/**");
etc.. config for in memory auth and token generation.
}
Resource Server:
------------------
@Configuration
@EnableResourceServer
@EnableWebSecurity
@ConditionalOnProperty(name="EnableJWTSecurity", havingValue="false",matchIfMissing=true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
logger.info("ResourceServerConfig","Inside HttpSecurity http configure");
/*http
.authorizeRequests().
antMatchers("/swp/**").
authenticated()
.anyRequest().permitAll();*/
http.authorizeRequests()
.antMatchers("/**")
.permitAll()
.antMatchers("/**")
.authenticated();
}
}
I hava few other micro services as well along with these MS. When I start EurekaRegistry app which is Eureka server we have no erros and able to start them successfully. but We have problem in running Zull Gateway Micro service which is giving the below error asking for authorization.
25408 SWP DEBUG zuul org.apache.http.headers << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
25408 SWP DEBUG zuul org.apache.http.headers << Pragma: no-cache
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Expires: 0
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << X-Frame-Options: DENY
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Content-Type: application/json;charset=UTF-8
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Transfer-Encoding: chunked
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Date: Fri, 10 Jul 2020 06:37:22 GMT
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Keep-Alive: timeout=60
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Connection: keep-alive
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 Connection can be kept alive for 60000 MILLISECONDS
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 Authentication required
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 localhost:8761 requested authentication
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.909 Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Negotiate authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Kerberos authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for NTLM authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for CredSSP authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Digest authentication scheme not available
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "80[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << **"{"timestamp":"2020-07-10T06:37:22.908+0000","status":401,
"error":"Unauthorized","message":"Unauthorized","path":"/eureka/apps/"}"**
25408 SWP DEBUG zuul c.n.d.s.t.j.AbstractJerseyEurekaHttpClient 2020-07-10 02:37:22.912 Jersey HTTP GET http://localhost:8761/eureka//apps/?; statusCode=401
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "0[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "[\r][\n]"
25408 SWP DEBUG zuul c.n.d.s.MonitoredConnectionManager 2020-07-10 02:37:22.912 Released connection is reusable.
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Releasing connection [{}->http://localhost:8761][null]
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Pooling connection [{}->http://localhost:8761][null]; keep alive for 60000 MILLISECONDS
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Notifying no-one, there are no waiting threads
25408 SWP DEBUG zuul c.n.d.s.t.d.RedirectingEurekaHttpClient 2020-07-10 02:37:22.912 Pinning to endpoint null
25408 SWP WARN zuul c.n.d.s.t.d.RetryableEurekaHttpClient 2020-07-10 02:37:22.912 Request execution failure with status code 401; retrying on another server if available
25408 SWP ERROR zuul c.netflix.discovery.DiscoveryClient 2020-07-10 02:37:22.912 DiscoveryClient_ZUUL/WGA10015LDITEGG.uswin.ad.swp.com:zuul:8092 - was unable to refresh its cache! status = Cannot execute request on any known server
com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server
Note: Here we are not trygin to register Eureka Clients with our Eureka server. Trying to access other micro services through Zuul gateway and disabling security using property: security.enabled=false. before migration security.basic.enabled=false. We have tried to disable security as possible using different combinations but still we are getting the above error.
Can some body tell me what might be issue.
Thanks in advance.
