I have an application that allows users to sign up for an account. Our Authentication and User service is UAA, so I need to be able to communicate with its secure endpoints without a user actually being present.
How do I set up Spring Cloud Security to allow calls to be made from 1 Microservice to Another, which then communicates with UAA to create the user?
So, there are 2 primary microservices that are in play. The first one hosts the web application and forwards calls with Zuul to the second microservice. This microservice communicates with UAA and handles any other application specific user requests.
I have this WebSecurityConfigurerAdapter on the first microservice (LandingPage)
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Sso
@EnableEurekaClient
@EnableAutoConfiguration
public class LandingPageUiApplication extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(LandingPageUiApplication.class, args);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll();
}
}
and this in the second microservice (UserInformation):
@SpringBootApplication
@EnableCircuitBreaker
@EnableFeignClients
public class UserInformationServiceApplication {
public static void main(String[] args) {
SpringApplication.run(UserInformationServiceApplication.class, args);
}
@Bean
public ModelMapper modelMapper() {
return new ModelMapper();
}
}
Unfortunately, I am having a hard time accessing a REST endpoint on the first Microservice as well as not being able to forward anything to the second one. I generally receive a 401 response code. Their respective application.yaml files are set up to communicate with UAA as a Client and a Resouce server
LandingPage Application.yaml
spring:
application:
name: Landing Page
aop:
proxy-target-class: true
security:
oauth2:
client:
accessTokenUri: http://localhost:8080/uaa/oauth/token
userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize
clientId: landing-page
clientSecret: landing-page-secret
scope: openid,uaa.admin,uaa.user
resource:
userInfoUri: http://localhost:8080/uaa/userinfo
zuul:
routes:
users:
serviceId: USER-INFO-SERVICE
path: /users/**
server:
port: 8081
eureka:
instance:
hostname: 127.0.0.1
nonSecurePort: ${server.port}
leaseRenewalIntervalInSeconds: 10
metadataMap:
instanceId: ${spring.application.name}:${server.port}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
region: default
registryFetchIntervalSeconds: 5
and the UserInfoSerevice Application.yaml
server:
port: 0
security:
oauth2:
client:
clientId: user-info-service
clientSecret: app-secret
resource:
jwt:
keyUri: http://localhost:8080/uaa/token_key
spring:
application:
name: user-info-service
profiles: development,default
datasource:
url: jdbc:h2:mem:AZ;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
driverClassName: org.h2.Driver
username: sa
password:
database-platform: org.hibernate.dialect.H2Dialect
eureka:
instance:
hostname: 127.0.0.1
nonSecurePort: ${server.port}
leaseRenewalIntervalInSeconds: 10
metadataMap:
instanceId: ${spring.application.name}:${server.port}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
region: default
registryFetchIntervalSeconds: 5
Any help is greatly appreciated.
The answer was to put this WebConfigAdapter setting in the parent MS:
@Configuration
@EnableOAuth2Sso
@EnableAutoConfiguration
protected static class TestConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().antMatcher("/**")
.authorizeRequests()
.anyRequest().permitAll();
}
}
and the following in the child MS:
@Configuration
@Order(-10)
@EnableOAuth2Client
@EnableAutoConfiguration
protected static class TestConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().anonymous().authenticationFilter(new AnonymousAuthenticationFilter("HALLO")) //allow anonymous access
.and()
.authorizeRequests()
.antMatchers("/**")
.permitAll();
}
}