search

spring-cloud / spring-cloud-gateway

An API Gateway built on Spring Framework and Spring Boot providing routing and more.
http://cloud.spring.io
Apache License 2.0
4.52k stars 3.32k forks source link

Facing unexpected issue(Invalid user) in production #3557

Open manojsinghsaun opened 5 days ago

manojsinghsaun commented 5 days ago

Currently we are using micro services architecture in our project.

We have gatewayservices which is used only for authentication and authorization.

We have 2 more services services1 and services2 which work as resource server.

For gateway services we are using(spring boot setup) spring-cloud-starter-gateway-mvc and spring security.

It works perfectly fine in local and nonprod and prod also.

But some time it between(even after login successfully and using application it occure in between and random) we face invalid user issue and the application get stuck and all other users also faces same issue. It get resolve after sometime by itself.

I have check the log and I am attaching some example.

[](2024-08-21T07:55:56.343Z DEBUG 1 --- [gateway-service] [nio-9092-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to https://prod.myurl.com/login
2024-08-21T07:55:56.397Z DEBUG 1 --- [gateway-service] [nio-9092-exec-5] o.s.security.web.FilterChainProxy        : Securing GET /login
2024-08-21T07:55:56.720Z DEBUG 1 --- [gateway-service] [nio-9092-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/azure
2024-08-21T07:55:56.721Z DEBUG 1 --- [gateway-service] [nio-9092-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to https://login.microsoftonline.com/tenantid/oauth2/v2.0/authorize?response_type=code&client_id=client123&scope=api://az0-myurld-prod-app/User.Read%20openid&state=dwerr%3D&redirect_uri=https://prod.myurl.com/login/oauth2/code/azure&nonce=xxxxyyy
2024-08-21T07:55:58.240Z DEBUG 1 --- [gateway-service] [nio-9092-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /login?error
2024-08-21T07:56:08.010Z DEBUG 1 --- [gateway-service] [nio-9092-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/azure?code=code123&session_state=session123
2024-08-21T07:56:08.010Z DEBUG 1 --- [gateway-service] [nio-9092-exec-7] o.s.s.web.DefaultRedirectStrategy        : Redirecting to /login?error)

When you need a token fro azure it is a two step communication. First you will send userid and password and in return azure will provide with code as you can see in logs. Again you will send the code to azure and it will provide you token.

In our cases it is working as I mention above. But sometime it get code from azure and It goes to spring filter and spring filter gives error invalid user. As you can see in above in log filterChainProxy throws error.

I am not able to understand few things

how to produce it in local second what can be the issue with code that spring give error. Is issue is with spring session or some threads. If one user get this issue all user start getting same issue and it get solve after sometime. Please help me as it is a production issue I don't have access. Please message if you required extra information on it like project setup details.

Thanks for you help and support.

manojsinghsaun commented 14 hours ago

Hi team,

It is severely impacting production. So requesting you to Please take this on PRIORITY.

thanks for the support