Getting response code 401 after adding SecurityConfig
ddongman opened this issue · comments
Those below are my code.
parent-module : build.gradle
plugins {
id 'java'
id 'org.springframework.boot' version '3.1.2'
id 'io.spring.dependency-management' version '1.1.2'
id("com.google.osdetector") version "1.7.1"
}
bootJar {
enabled = false
}
subprojects {
apply plugin: 'java'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.test'
version = '0.0.1-SNAPSHOT'
java {
sourceCompatibility = '17'
}
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
}
ext {
set('springCloudVersion', "2022.0.4")
}
dependencies {
implementation 'org.bgee.log4jdbc-log4j2:log4jdbc-log4j2-jdbc4.1:1.16'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
if (osdetector.classifier == "osx-aarch_64") {
runtimeOnly("io.netty:netty-resolver-dns-native-macos:4.1.77.Final:${osdetector.classifier}")
}
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}
tasks.named('test') {
useJUnitPlatform()
}
}
api-gateway : build.gradle
plugins {
id 'java'
}
version = '0.0.1-SNAPSHOT'
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
implementation 'org.springframework.cloud:spring-cloud-starter-netflix-eureka-client'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
implementation 'org.springframework.boot:spring-boot-starter-security'
testImplementation platform('org.junit:junit-bom:5.9.1')
testImplementation 'org.junit.jupiter:junit-jupiter'
}
test {
useJUnitPlatform()
}
api-gateway : application.yml
spring:
application:
name: api-gateway
cloud:
gateway:
routes:
- id: product-service
uri: lb://product-service
predicates:
- Path=/api/product
- id: order-service
uri: lb://order-service
predicates:
- Path=/api/order
- id: discovery-server
uri: http://localhost:8761
predicates:
- Path=/eureka/web
filters:
- SetPath=/
- id: discovery-server-static
uri: http://localhost:8761
predicates:
- Path=/eureka/**
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8181/realms/spring-boot-microservices-realm
logging:
level:
root: info
org.springframework.security: debug
org.springframework.security.oauth2: debug
org.springframework.cloud.gateway: info
org.springframework.cloud.gateway.route.RouteDefinitionLocator: info
eureka:
client:
service-url:
defaultZone: http://localhost:8761/eureka
SecurityConfig.java
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
@Configuration
@EnableWebFluxSecurity
@Slf4j
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
return serverHttpSecurity
.csrf(ServerHttpSecurity.CsrfSpec::disable)
.authorizeExchange(exchange ->
exchange.pathMatchers("/eureka/**")
.permitAll()
.anyExchange()
.authenticated())
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
.build();
}
}My is keycloak 22 version and this screenshot is my docker keycloak settings.
This is postman screenshot.
Here is my problem.
When I sent request to /api/product, the response code is always 401.
log
2024-01-13T17:53:13.870+09:00 INFO 24495 --- [trap-executor-0] c.n.d.s.r.aws.ConfigClusterResolver : Resolving eureka endpoints via configuration
2024-01-13T17:53:26.104+09:00 DEBUG 24495 --- [ parallel-1] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/logout', method=POST}
2024-01-13T17:53:26.105+09:00 DEBUG 24495 --- [ parallel-1] athPatternParserServerWebExchangeMatcher : Request 'GET /api/product' doesn't match 'POST /logout'
2024-01-13T17:53:26.105+09:00 DEBUG 24495 --- [ parallel-1] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-01-13T17:53:26.106+09:00 DEBUG 24495 --- [ parallel-1] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/eureka/**', method=null}
2024-01-13T17:53:26.107+09:00 DEBUG 24495 --- [ parallel-1] athPatternParserServerWebExchangeMatcher : Request 'GET /api/product' doesn't match 'null /eureka/**'
2024-01-13T17:53:26.107+09:00 DEBUG 24495 --- [ parallel-1] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-01-13T17:53:26.107+09:00 DEBUG 24495 --- [ parallel-1] a.DelegatingReactiveAuthorizationManager : Checking authorization on '/api/product' using org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager@6fc5889a
2024-01-13T17:53:26.108+09:00 DEBUG 24495 --- [ parallel-1] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@1b246133'
2024-01-13T17:53:26.108+09:00 DEBUG 24495 --- [ parallel-1] o.s.s.w.s.a.AuthorizationWebFilter : Authorization failed: Access Denied
2024-01-13T17:53:26.111+09:00 DEBUG 24495 --- [ parallel-1] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@1b246133'
keycloak doesn't write any log when I sent request.
Tried very hard to fix this but everything I've done didn't work.
I really want to solve this problem.
please help me.
Sorry. I missed to set Header Prefix on postman.
Set 'Bearer' at Header prefix and it works properly.
Thank you for your video.