Closed balajip36 closed 9 months ago
Hello Balaji,
Thanks for reaching out to us. Inspite of assigning the retailer role are you getting 401 unauthorized?
Regards, Shankari G R
Hi Shankari,
Yes. That is correct.
Best Regards, Balaji Vengatesh M
Hello Balaji,
Since you can access the endpoint /product.svc/api/v1/products/ directly through http client, there is issue with the token forwarded by the approuter to backend service. Can you please send us and compare the token forwarded by approuter and the token you generated using http client tool.
Regards, Abhinav
Hi Abhinav,
The call never hits the service when approuter is used. It always generates a 401 error even though the scopes are present and is passed through the jwt token.
Br, Balaji Vengatesh M
Hi Balaji,
Then there is some issue with the routing configuration in the approuter. Let us reproduce the issue and will get back to you as soon as possible.
Regards, Abhinav
Hi Balaji,
Can you please send us your approuter logs and xs-app.json file to get more details and have a look at configurations.
Regards, Abhinav
Hi Abhinav,
Please find the xs-app.json config and espm gateway logs
xs-app.json espm-gateway-2024-01-02 11_42_11.676+0000.txt
Br, Balaji Vengatesh M
Hi Abhinav,
Any updates on this issue?
Br, Balaji Vengatesh M
Hi Balaji ,
With xsapp.json file provided by you
Regards, Vanita
Hi Vanita,
We are currently working on to test a project, where we only require a plain service with XSUAA to run without other dependencies. Product service fits the bill thats why. Kindly look into the pictures attached, As we have changed the security config accordingly.
Br, Balaji Vengatesh M
Hi Balaji ,
I see your approuter logs , it is 200 response and no any 401 response.
For better understanding ,can you please share the 401 response log .
product service does not have scope,it is authenticated ,if you need ,have to modify the script accordingly .
Regards, Vanita
Hi Vanita,
You get a 200 even when you get the login page(Which should happen when the credentials are incorrect or scope is not present in the user token) of the approuter/gateway instead of the result to the service. Kindly check the screenshot from postman below.
When I remove the scope from xsuaa it works well though(Kindly refer to the previous screenshot of xs-app.json, where the scope is added for product service) The problem only occurs in the approuter when the scope is present. If required we can also schedule a call to resolve this issue
Thanks for your understanding.
Best Regards, Balaji Vengatesh M
Hi Balaji ,
Please find my xs-app.json file below xs-app.json
The same request is handeled in other services ,please look into it ,like retailer page.
Regards, vanita
Hi Vanita,
Please find my xs-app.json too. There are not much changes, Im running only two services and Im not concerned about the UI for now. Can you check if this is working for you?
Best Regards, Balaji Vengatesh Murugesan
Hi Balaji ,
I also have two services added in shared file ,Please check .
Regards, Vanita
Hi Vanita, It doesn't work. The same issue is present. Please let me know what is the point in deploying authorizations for services that you donot call or use?
Br, Balaji Vengatesh Murugesan
Hi Balaji,
We understood your requirement is to have a simple application with authorization. That we had addressed. The above solution works perfectly for us.
We are not able to understand your requirements clearly. If the above solution doesnt work for you, we will be able to look more into it only if you can provide us the error logs, your Springboot version, etc.
If you are looking for a custom implementation with xsuaa, please do create a Customer ticket.
Regards, Shankari G R
Hi Shankari
Thanks for your quick response As you are saying Im not looking for a custom implementation. But rather a simple implementation of Standalone approuter on top of a Spring Boot app. The problem is the authorization fails for HttpMethod GET I have already shared with you my jwt tokens, Approuter error logs and response from postman.
The current Spring Boot version used is 2.7.7
I have attached the videos showing exactly the problem and app router logs are shown in the end of the video . kindly provide a feedback on this
If you need more, kindly let me know
If this sounds to be an Approuter issue, Let me know if I could raise a ticket with the approuter team
Br, Balaji Vengatesh Murugesan
Hi Shankari
Thanks for your help. i think the app works without roles for the given service but not with a role.
Br, Balaji Vengatesh M
Dear Team, We are currently trying out the ESPM Cloud Native as a reference app . After deployment of the ESPM Cloud Native app to cloud foundry, I sent a request to the endpoint /product.svc/api/v1/products/ This is done after assigning the scope "$XSAPPNAME.Update" to the product endpoint both at app router and Spring security configuration at the ant matchers. The user doing the request is not assigned the retailer role. So he has no scope for this. (the Jwt snapshot is attached). Irrespective of the scopes assigned. The approuter always gives 401 unauthorized.
When tried out directly with the product service uri, the products are shown with 200 response. There is a problem with the authority mentioned., as I could see the security configuration is not applied by the service. Kindly help us on this.
Best Regards, Balaji Vengatesh M