Closed maxiwu closed 5 years ago
I find out my .yml seems incorrect. If I want to use jwk. I should set prefer-token-info to true.
After I changed this. It has a class not found exception
java.lang.ClassNotFoundException: org.springframework.security.oauth2.provider.token.TokenStore
but, I can find the class in spring-security-oauth2, both 2.0.12 and 2.3.4 has it.
After trying many combination of spring boot and spring cloud. The closest one is
Spring boot 1.5.16.RELEASE + spring cloud Edgware.SR5. But this combination gives me
java.lang.ClassNotFoundException: org.springframework.security.oauth2.provider.token.RemoteTokenServices
If I try to fix it forcing spring-security-oauth2 version to 2.0.15.RELEASE. It yields
java.lang.ClassNotFoundException: org.springframework.boot.context.properties.bind.Bindable
I finally managed to make it run, without knowing the reason. the effective POM https://gist.github.com/maxiwu/6ed192adcfaad6866e7a3958d4ef8744
But then I decide to use SCG, spring 2.0.5 and Finchley.SR1. So that it is more consistent with the resource server. spring cloud gateway configuration:
spring.cloud.gateway:
routes:
- id: test
uri: lb://image-service
predicates:
- Path=/res/images/**
The final result is that the gateway is using client_id, client_secret with the auth code. Send a request to Azure B2C /token endpoint to try retrieving an access token. And got null
java.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:223) ~[spring-security-oauth2-2.1.0.RELEASE.jar:na]
Access token provider returned a null access token, which is illegal according to the contract.
https://gist.github.com/maxiwu/420901af6e25db95ecc8583fe5975ed3 complete error log
How do I debug this?
How do I log the RestTemplate request that sends out (header, form, parameters)and response from Azure B2C?
update B2C settings in yml
security:
basic:
enabled: false
oauth2:
sso:
loginPath: /login
client:
clientId: 111ddde5-38af-4c31-a540-f204d64ccc5e
clientSecret: [protected]
access-token-uri: https://login.microsoftonline.com/te/umediax.onmicrosoft.com/b2c_1_signinup/oauth2/v2.0/token
user-authorization-uri: https://login.microsoftonline.com/te/umediax.onmicrosoft.com/b2c_1_signinup/oauth2/v2.0/authorize
scope: openid
auto-approve-scopes: true
authorizedGrantTypes: authorization_code
clientAuthenticationScheme: form
resource:
jwk:
key-set-uri: https://login.microsoftonline.com/te/umediax.onmicrosoft.com/b2c_1_signinup/discovery/v2.0/keys
prefer-token-info: true
Is there still an issue?
@ryanjbaxter Yes, I still can't. spring didn't resolve that token in the URL.
After the RestTemplate send a POST request to B2C token endpoint. with client_id and client_secret in "query". and also the auth_code. org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:223) ~[spring-security-oauth2-2.1.0.RELEASE.jar:na] Access token provider returned a null access token, which is illegal according to the contract.
the error stack trace https://gist.github.com/maxiwu/420901af6e25db95ecc8583fe5975ed3
To help we need a sample to reproduce the problem.
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
uploaded all three projects on my google drive https://drive.google.com/open?id=1cMwYe6zjSWobuVQNSHN2yMp3wEEGipV8
Can you provide details of how to reproduce the problem using the sample?
yes.
open up a browser, type in the url http://localhost:8762/res/images you should be redirected to Azure B2C login screen. You can register a new account and login. after login, you will see the error screen and the code value is in the url.
I just looked at your Zuul Gateway application and actually its not even using Zuul nor is it using Spring Security, so this has nothing to do with Spring Cloud Netflix, or Spring Cloud in general.
Sorry for that late response, has been caught up with other projects.
I've revert it back to zuul + spring security + spring 1.5 https://drive.google.com/open?id=1DiI-1d3PVAzfPvn9ouaZdNI8xCpxWLTs
The Zuul and security setup are @EnableZuulProxy with @EnableOAuth2Sso. With the application.yml which has zuul.routes properties.
Please take a look, I really want to know what I was doing wrong and want to make this setup work.
That is only zuul please provide a single zip that contains EVERYTHING I need to reproduce the issue
Glad to hear from you.
upload zip with all projects and files. google drive
I've been working on this for months now. I think I am really close. My Goal: Use a Zuul gateway to serve micro services. Put a OAuth2 filter on the Zuul gateway to protect micro services. The OAuth2 provider is Azure B2C. I think I am using OIDC and JWT. All my Zuul and services are run on the same machine, different ports.
P.S. I am planning to use Spring Session or Redis to share session across all micro services if necessary.
When I send a request to my Zuul, which is localhost:8762/res/images. I got redirected to the B2C login page. After I login with my username password. I am redirected back to localhost:8762/login. with a very long code attribute. I am guessing it is either a auth_code or the JWT token. Also there is an attribute state=IuvHq6. Not sure what that is. The web page gives me status 401, could not obtain access token.
The gateway
Zuul gateway POM gist
spring cloud Edgware.SR4
spring boot starter web 1.5.13
spring cloud starter eureka 1.4.5
spring cloud starter zuul 1.4.5
spring security oauth2 2.0.15
spring security jwt 1.0.9
Zuul gateway Java configuration
Security configuration
application settings gist
Eureka micro service
Eureka service POM gist
spring boot starter data rest 2.0.5
spring cloud starter netflix eureka client 2.0.1
spring boot starter web 2.0.5
spring cloud security 1.2.3
spring security oauth2 autoconfigure 2.1.1
Eureka service configuration
Res Server configuration
the RESTful API
application configuration gist
Eureka server
Eureka server POM gist
spring boot starter web 2.0.5
spring cloud starter netflix eureka server 2.0.1
Eureka server configuration
application yml
Testing Flow:
a full sample of result URL
output from zuul gateway debug console
Nothing shows up on the micro service debug console.
I am guessing, the Zuul gateway didn't handle the token correctly. Therefore no access token is relay to the actually resource server. That is the micro service.
How do I fix this? what am I missing?
I've already try context-path, same error stackoverflow link