Stack Overflow
Stack Overflow

Questions tagged [spring-cloud-security]

Spring Cloud Security offers a set of primitives for building secure applications and services with minimum fuss. It is also extremely easy to use in a service platform like Cloud Foundry.

Building on Spring Boot and Spring Security OAuth2 we can quickly create systems that implement common patterns like single sign-on, token relay and token exchange.

46 questions
13
votes
1 answer

Why I recieve invalid csrf token?

I have a project with spring-cloud-security. It's a auth server for oauth authorization. It's worked fine in the past. I add spring profile for ssl support with cofiguration: security: require-ssl: true server: ssl: key-store: dev.p12 …
slon slon
  • 143
  • 1
  • 1
  • 5
10
votes
1 answer

Spring Cloud Netflix Zuul, CSRF and Form Submission

I have some problems with Spring Cloud and CSRF protection. I secured my application (a gateway and a sign up service) with Spring Cloud Security, OAuth2 etc. I granted access to everyone (permitAll) to /signup, which is where the gateway routes to…
wbiller
  • 421
  • 3
  • 9
8
votes
2 answers

How to use a Spring Cloud Gateway Custom Filter to filter every request?

It's my first time at Spring Cloud Gateway implementation. I need filter every request and apply a filter validation on some paths. Following the Baeldung Custom Filters tutorial I make a simple application to filter requests. The application must…
Augusto
  • 3,825
  • 9
  • 45
  • 93
8
votes
1 answer

Spring cloud security vs Spring security

I just started learning spring cloud security and I have a basic question. How it is different from spring security? Do we need our application to be built on spring boot for using spring cloud security? Thanks in advance.
Java P
  • 2,241
  • 6
  • 31
  • 45
6
votes
0 answers

Keycloak + Spring Boot Cannot convert access token to JSON

I am unable to extract user info from the access token generated by keycloak. I have a protected route where I am expecting Principal or Authentication objects to be populated correctly. @Configuration @EnableResourceServer public class…
Chirdeep Tomar
  • 4,281
  • 8
  • 37
  • 66
6
votes
2 answers

Security between microservices

I have two microservices, for example, A and B. The microservice B has the rest enpoint that must be accessible only from the microservice A. How can I limit access between microservices? What is the best practice if at all possible? I'm using…
Oleg P.
  • 118
  • 1
  • 7
5
votes
1 answer

JwtAccessTokenConverter: Unable to create an RSA verifier from verifierKey

I have an authorization server Spring Boot project using Spring Cloud OAuth2. I'm using these beans for JWT: @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter(); …
Nelio Alves
  • 1,231
  • 13
  • 34
3
votes
1 answer

Spring Cloud Security with Token Relay: Response has empty set cookie header

I try building a minimal openid secured cloud environment. Following more or less https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway . I have a spring cloud gateway, a consul registry, an application registered on…
PeMa
  • 1,559
  • 18
  • 44
3
votes
0 answers

How to use Spring Cloud Security to do Single Sign-on with Azure AD

Some background context: We would like to build a centralized security service which orchestrating different authentication servers, such as our own Azure AD, external Azure AD, LDAP, etc. We are using Spring Cloud framework and Azure. The first…
Charles C.
  • 184
  • 9
2
votes
0 answers

Spring Microservices API gateway security with WSO2

Is there any manual reference or approach for applying security on API gateway in spring cloud? I have built a gateway using spring cloud and added the routes, now I need to add security where requests are validated with Auth Server (WSO2 Identity…
Majd Haidar
  • 21
  • 3
2
votes
2 answers

OAuth2 Share Principal Object with Multiple Gateway Instances

I have integrated Spring Cloud Gateway with OAuth2 server. It works well with single instance gateway. here is my security config. @EnableWebFluxSecurity public class GatewaySecurityConfiguration { @Bean public SecurityWebFilterChain…
denizg
  • 828
  • 9
  • 18
2
votes
0 answers

Unauthorized exception When Zuul Gateway Started through Eureka Server

I am working on Spring Boot migration from 1.5.12 to 2.1.14. We have to migrate Spring Cloud dependncies as well. So for this I have changed Spring cloud version as 'Greenwich.SR4'(supported version for Spring Boot 2.1.x) from…
M.S.Naidu
  • 2,239
  • 5
  • 32
  • 56
2
votes
1 answer

spring security OIDC keycloak unable to get Authorities and Apply Authorization

I've Spring Security Oauth2 app, connected to OIDC server keycloak, I'm able to connect and get access token and perform authentication, however unable to perform Authorization. The introspect of token responds with Authorities in json response as…
Karthik Prasad
  • 9,662
  • 10
  • 64
  • 112
2
votes
1 answer

Unable to use @LoadBalanced with OAuth2RestTemplate configured on ClientCredentials

I want to use OAuth2 ClientCredentials flow for inter service communication between two Resource Servers. Everything works fine except that i am not able to use service name (Ribbon Load Balancer feature) instead of hostname in my OAuth2RestTemplate…
Munish Chandel
  • 3,572
  • 3
  • 24
  • 35
2
votes
1 answer

Session Validation - Spring Security with Microservices

My current architecture for my web app has a gateway server that orchestrates a bunch of microservices, authorisation occurs at the gateway if a given principle is authenticated they can talk to some downstream services. The downstream service gets…
ConsultingEasy
  • 385
  • 2
  • 5
  • 11
1
2 3 4