Develop a Microservices Architecture with JHipster and OAuth
This post shows you how to use JHipster to create a microservices architecture based on Spring Boot, Spring Security, and OAuth.
KP
Hi Matt,
I followed all the steps in this blog but I’m getting a
- 404 page not found error
Kindly suggest any possible solutions
Thank you.
Matt Raible
Are you getting a 404 on the gateway? If so, did you run npm run webpack:build before starting it? Another option is to run yarn start.
Vikas Kandwal
Hi Mat in my case I am having one angular frontend 2 ruby microservice application and 4 django microservice application with there standalone databases, as I am using api gateway on the front and all my requests are routed by the api gateway… now when I talk about authentication and authorisation, say creating a blog on a 1 ruby microservice with api do I need to sync the okta user data in ever microservice db to relate the blog content and other user created data…
Matt Raible
Hello Vikas! I replied to the personal email you sent.
In the future, please don’t cross post. Having to answer your questions in more than one place can be time consuming and unproductive. We see all your questions, whether you post to Stack Overflow (with an “okta” tag), to our Developer Forums, or as comments on this blog. If you don’t receive a response in 24 hours, it’s likely because we don’t understand your question, or we don’t know the answer. We’ll answer eventually, but it might take a day or three.
If you’re an Okta customer and have issues with our services, you can create a support ticket by emailing developers@okta.com.
Vikas Kandwal
apologise as the discuss was not woking properly it has thrown me a error I thought it would be better to send a mail… thats the reason why you got two post
Namisnyk Valentyn
Hello Matt,
Have some problems with getting authorities from okta. I have created application and change user base on your steps to match jhipster roles. But base on the logs, user is not granted for any authorities:
Enter: com.valentyn.gateway.web.rest.AccountResource.getAccount() with argument[s] = [org.springframework.security.oauth2.provider.OAuth2Authentication@b762abc: Principal: valentunnamisnuk@gmail.com; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, sessionId=<session>, tokenType=BearertokenValue=<token>; Not granted any authorities]
Found out this when can’t access the blog, because authorities are empty.
Appreciate your help.
Thank you.
Matt Raible
Hello Namisnyk: what version of JHipster are you using? Did you make sure to include the groups as a claim in the ID token?
Alexei Ptitchkin
Hi Matt
In apps.jh
You introduce relation between Blog and logged in User
relationship ManyToOne {
Blog{user(login)} to User,
Post{blog(name)} to Blog
}
I assume this was working with jhipster v5.3.2 when your article was published, but
generator-jhipster@5.7.2 generate “blog” project which failed to build due to
Compilation failure:
[ERROR] /C:/IntelliJ_WS_jHipster/jhipster-microservices-example/blog/src/main/java/com/mycompany/blog/domain/Blog.java:[41,13] cannot find symbol
[ERROR] symbol: class User
Any idea how to solve this problem?
Thank you in advance
Marco Aurelio Osorio De León
Hi Matt,
I doing similar project with same architecture, but I need to use CAS like SSO.
The questiona are:
¿How I can do to change Okta by CAS?
¿I can use the same properties to configure CAS?
I use the last version of JHipster generator 6.0.1 at this moment, Angular frontend and consul like microservice discovery.
Thanks in advance for any help!
Matt Raible
Hello Marco,
Unfortunately, it’s been over 10 years since I used CAS. I don’t know the answers to your questions. However, if CAS is OIDC compliant, you should be able to configure Spring Security to use it, just like you can with Keycloak and Okta. You might have better luck asking your question on Stack Overflow.
Matt Raible
Are you using OAuth for authentication? Some of JHipster’s authentication configurations don’t generate a User entity for microservices.
keeps
I’m following the above stepsLogin redirect URIs : http://localhost:8080/logini got 400: Bad Request when i go to http://localhost:8761/login
Identity Provider: Unknown
Error Code: invalid_request
Description: The ‘redirect_uri’ parameter must be an absolute URI that is whitelisted in the client app settings.
what absolute URI should i put?
Matt Raible
If you want to use Okta to secure JHipster Registry, you’ll need to add “http://localhost:8761/login” as a login redirect URI, as well as “http://localhost:8080/login”.
Steve Macleod
Hi Matt,
Using JHipster v6.3.1.
I have followed the steps and configured the 2 applications to use Okta, added a test entity.
I can log in successfully (via Okta) to the gateway app. When I select the test entity in the menu, I get an ‘Internal Error’ with the following stack trace on the gateway app:
com.netflix.zuul.exception.ZuulException:
at org.springframework.cloud.netflix.zuul.filters.post.SendErrorFilter.findZuulException(SendErrorFilter.java:118)
at org.springframework.cloud.n…(SendErrorFilter.java:78)
at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:117)
at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:193)
at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157)
at com.netflix.zuul.FilterProcessor.error(FilterProcessor.java:105)
at com.netflix.zuul.ZuulRunner.error(ZuulRunner.java:112)
at com.netflix.zuul.http.ZuulServlet.error(ZuulServlet.java:145)
at com.netflix.zuul.http.ZuulServlet.service(ZuulServlet.java:83)
The security config is as follows (all apps):
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://{{OKTA_DOMAIN}}/oauth2/default
registration:
oidc:
client-id: {{CLIENT_ID}}
client-secret: {{CLIENT_SECRET}}
Note that if I change the following line in SecurityConfiguration.java (microservice app), it will work:
.antMatchers("/api/").authenticated()
to
.antMatchers("/api/").permitAll()
Matt Raible
Hello Steve,
This tutorial is for JHipster 5. See Java Microservices with Spring Cloud Config and JHipster for JHipster 6.
Ivan
Hi Matt, (probably related ) i have generate 1 gateway and 2 microservices with oauth2 auth. In each microservice Jhipster (6.5.1) have generate user table and authorities table. This is correct? if this is correct, why i need user table for each microservice?
Matt Raible
A snapshot of the user’s information is stored in each microservice if you have entity relationships with User. This was the best solution I could come up with for allowing relationships with the User entity.