I’m trying to get service to service authentication working.
I have a spring boot zuul api gateway with routes configured for downstream microservice.
I have Eureka setup and a test microservice.
I have a test application acting as the external service.
my application.yml
example:
baseUrl: http://localhost:7676 #zuul
oauth2:
client:
grant-type: client_credentials
clientId: my_clientid
clientSecret: my_super_secret
accessTokenUri: https://myokta.com/oauth2/applicationid/v1/token
my test application as follows
@SpringBootApplication
public class ClientApplication implements CommandLineRunner {
private final Logger logger = LoggerFactory.getLogger(ClientApplication.class);
@Value("#{ @environment['example.baseUrl'] }")
private String serverBaseUrl;
public static void main(String[] args) {
SpringApplication.run(ClientApplication.class, args);
}
@Bean
@ConfigurationProperties("example.oauth2.client")
protected ClientCredentialsResourceDetails oAuthDetails() {
return new ClientCredentialsResourceDetails();
}
@Bean
protected OAuth2RestTemplate restTemplate() {
return new OAuth2RestTemplate(oAuthDetails());
}
@Override
public void run(String... args) {
logger.info("MOD: {}", restTemplate().getForObject(serverBaseUrl + "/api/v1/test", String.class));
}
}
which appears to get a token correctly.
My zuul api gateway.
spring:
application:
name: zuul-service
server:
port: 7676
security:
oauth2:
client:
clientId: my_clientid
clientSecret: my_super_secret
access-token-uri: https//myokta.com/oauth2/applicationid/v1/token
user-authorization-uri: https//myokta.com/oauth2/default/v1/authorize
resource:
filter-order: 3
tokenInfoUri: https://myokta.com/oauth2/applicationid/v1/introspect
user-info-uri: https://myokta.com/oauth2/applicationid/v1/userinfo
prefer-token-info: true
eureka:
instance:
hostname: localhost:8761
client:
registerWithEureka: false
fetchRegistry: true
serviceUrl:
defaultZone: http://localhost:8761/eureka/
management:
security:
enabled: false
endpoints:
routes:
enabled: true
hystrix:
command:
default:
execution:
timeout:
enabled: false
ribbon:
ReadTimeout: 500000
ConnectTimeout: 500000
zuul:
prefix: /api/v1
routes:
test:
path: /test/**
serviceId: test-service
and my zuul api gateway
@EnableZuulProxy
@SpringBootApplication
@EnableEurekaClient
@EnableResourceServer
public class ZuulProxyApplication extends ResourceServerConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(ZuulProxyApplication.class, args);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().disable()
.requestMatchers()
.antMatchers("/api/v1/**")
.and().authorizeRequests().anyRequest().authenticated()
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
}
my gradle dependencies
dependencies {
compile(
"org.springframework.cloud:spring-cloud-starter-zuul:1.3.1.RELEASE",
"org.springframework.boot:spring-boot-starter-web:1.5.4.RELEASE",
"org.springframework.cloud:spring-cloud-starter-eureka:1.3.1.RELEASE",
"io.pivotal.spring.cloud:spring-cloud-services-starter-service-registry:1.4.1.RELEASE",
'io.springfox:springfox-swagger2:2.9.2',
"com.sun.xml.bind:jaxb-core:2.3.0.1",
"javax.xml.bind:jaxb-api:2.3.1",
"com.sun.xml.bind:jaxb-impl:2.3.1")
}
My issue. failing to authenticate.
I’m not the best java dev around, does anyone have any insight into this issue?
Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Invalid token does not contain resource id (oauth2-resource)