tacit grail
I try to implement an example of Spring Boot Microservices with JWT. I have some problems following:
1 ) I cannot run all integration tests of product service even if I defined bearer token
2 ) After login and get access token, I cannot send any request to product service. I got 500 Internal Server Error.
How can I fix it? I hope you can help me?
Here is the repo : https://github.com/Rapter1990/springbootmicroserviceswithsecurity
velvet ventureBOT
⌛ This post has been reserved for your question.
Hey @tacit grail! Please use
/closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.
TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.
woeful smelt
Can you show the stack trace?
velvet ventureBOT
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use/help ping.
Warning: abusing this will result in moderative actions taken against you.
tacit grail
@woeful smelt I see the logs
c.s.a.filter.JwtAuthenticationFilter : Error validating token: block()/blockFirst()/blockLast() are blocking, which is not supported in thread reactor-http-nio-3
When I send a request to another service through Api gateway.
woeful smelt
https://stackoverflow.com/q/47505778/10871900 or similar may be useful
don't call blocking methods in reactor
I think it happens here: https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/apigateway%2Fsrc%2Fmain%2Fjava%2Fcom%2Fspringbootmicroservices%2Fapigateway%2Ffilter%2FJwtAuthenticationFilter.java#L56
velvet ventureBOT
I think it happens here: https://github.com/Rapter1990/springbootmicroserviceswi...
userServiceClient.validateToken(jwt);
@woeful smelt I asked someone and opened a pull request. https://github.com/Rapter1990/springbootmicroserviceswithsecurity/pull/1/files
I got this error issue ?
tacit grail
@woeful smelt I still couldn't fix the issue ?
woeful smelt
so you have this interface: https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/apigateway%2Fsrc%2Fmain%2Fjava%2Fcom%2Fspringbootmicroservices%2Fapigateway%2Fclient%2FUserServiceClient.java
this is blocking
which you cannot use with reactive
you could use Spring's WebClient instead I guess
tacit grail
@woeful smelt One guy opened a pull request but I still got the same error.
woeful smelt
Why would the PR change anything?
tacit grail
Product service has also this. https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/productservice/src/main/java/com/springbootmicroservices/productservice/filter/CustomBearerTokenAuthenticationFilter.java
woeful smelt
that's not in reactive code
Do you know the difference between synchronous/blocking and asynchronous/reactive/nonblocking code?
tacit grail
I revise the JwtAuthenticationFilter in api gateway. I got 401 instead of 500 even if I use a token.
I updated my repo -> https://github.com/Rapter1990/springbootmicroserviceswithsecurity
woeful smelt
Spring Security verbose logging?
tacit grail
Here is the console result of API Gateway ?
woeful smelt
Did you enable verbose logging in Spring Security?
tacit grail
Yeah, I got this message after I enabled it. I just updated my repo again.
velvet ventureBOT
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use/help ping.
Warning: abusing this will result in moderative actions taken against you.
tacit grail
@iron wedge Hi, I think you can help me. I couldn't fix my issue.
tacit grail
@woeful smelt Hi, What's up? I couldn't still fix the issue.
I also add some logs to check if token is valid or not. The token is valid from user service.
Is it possible to look through it?
tacit grail
tacit grail
Hi, I revised it again. I got this error in product service.
[UserServiceClient#getAuthentication(String)]: [{"time":"2024-07-18T14:26:57.2236457","httpStatus":"NOT_FOUND","header":"API ERROR","message":"Could not write JSON: Unable to convert claim 'iss' of type 'class java.lang.String' to URL.","isSuccess":false}]
Here is the screenshot
tacit grail
I updated my repo again. I still got the error. @woeful smelt
woeful smelt
Did you add verbose Spring Security logs yet? I don't see it in the image
woeful smelt
Hi, I revised it again. I got this error in product service.
```
[UserServiceCli...
What's the code responsible for that?
tacit grail
Did you add verbose Spring Security logs yet? I don't see it in the image
I added it into application.yml files of the services.
tacit grail
What's the code responsible for that?
Can you look through my latest post as I still couldn't fix it?
woeful smelt
Can you look through my latest post as I still couldn't fix it?
which post?
the repo is a bit too much to look through on my phone lol
tacit grail
I updated my repo again. I still got the error. <@358291050957111296>
@woeful smelt
Here are the posts
tacit grail
Is there a filter response for it?
Yeah, it comes from Custom filter in Product Service.
woeful smelt
Is the filter called?
tacit grail
Is the filter called?
I debugged it. Filter is called.
tacit grail
Just a moment. I'm currently using my PC.
Here is the login
Here is the process of creating Product via access token
Here is the logs of api gateway
Here are the logs of other services
I run product service as debug mode.
Token is valid through filter defined in Product service.
tacit grail
what happens then?
Here is result which I show
woeful smelt
What does getAuthentication() return?
tacit grail
woeful smelt
seems like getAuthentication isn't doing something right
tacit grail
I can get the right values from claims
I look through it again. Here is the information
woeful smelt
I look through it again. Here is the information
Can you step to the
return UsernamePasswordAuthenticationToken
.authenticated(jwt, null, authorities);
?
what is jwt and authorities there?
woeful smelt
So you are using UsernamePasswordAuthenticationToken.authenticated(jwt, null, authorities)
Is the filter called once or twice per request?
tacit grail
Here is authentication to be sent to product service.
woeful smelt
Which service is that?
tacit grail
Which service is that?
User Service
I use user service to validate token through product service
woeful smelt
I look through it again. Here is the information
Is that also the user service?
tacit grail
Is that also the user service?
Right
woeful smelt
There are the information
so if you are there the jwt and authorities are filled but if you use step over/step out, you get an empty UsernamePasswordAuthenticationToken?
tacit grail
Here is the filter in product service. Authentication information is empty
woeful smelt
There are the information
When you were debugging that, did it come from the filter or from somewhere else?
tacit grail
When you were debugging that, did it come from the filter or from somewhere else...
It is UserController's method in User Service.
woeful smelt
oh so the getAuthentication method is making a call feign
I think you can't transmit UsernamePasswordAuthenticationToken over the network like that
velvet ventureBOT
https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/prod...
final UsernamePasswordAuthenticationToken authentication = userServiceClient.getAuthentication(jwt);
Where is the problem?
woeful smelt
Can you make getAuthentication return a custom object (ideally a record) storing just the information you need?
woeful smelt
Where is the problem?
you returning a UsernamePasswordAuthenticationToken there
this is a network call that cannot properly transmit a UsernamePasswordAuthenticationToken
instead, try to transmit a custom object both parties have that contains all the information for authentication
tacit grail
Can you make `getAuthentication` return a custom object (ideally a record) stori...
I already did https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/productservice/src/main/java/com/springbootmicroservices/productservice/config/JacksonConfig.java for UsernamePasswordAuthenticationToken
woeful smelt
and then your CustomBearerTokenAuthenticationFilter can convert it to a UsernamePasswordAuthenticationToken
woeful smelt
I already did https://github.com/Rapter1990/springbootmicroserviceswithsecurity/...
oh I think you can also use that way but I think your mixin is not sufficient
tacit grail
I also defined serializer for it before.
woeful smelt
I think you'd need a custom serializer/deserializer for the UsernamePasswordAuthenticationToken
woeful smelt
https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/main/prod...
Can you debug the deserializer? What is p? Does it have all the information you need?
You might also need a serializer
You just attempt to deserialize the principal and the credentials. You deserialize the principal as a string meaning you expect that to be a string. You don't deserialize the authorities. Are you sure about that?
https://github.com/Rapter1990/springbootmicroserviceswithsecurity/blob/8bbb6a01c7799c5b1b87406336ab76a20a32bd5d/productservice/src/main/java/com/springbootmicroservices/productservice/serializer/UsernamePasswordAuthenticationTokenDeserializer.java#L15-L25
velvet ventureBOT
You just attempt to deserialize the principal and the credentials. You deseriali...
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser p, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
JsonNode node = p.getCodec().readTree(p);
// Assuming the response contains the necessary fields
String principal = node.get("principal").asText();
String credentials = node.get("credentials").asText();
return new UsernamePasswordAuthenticationToken(principal, credentials);
}
I check it now
woeful smelt
What the problem is: You serialize a token, send it, receive it, deserialize it and then you don't have the same token (but a token with pretty much no relevant information)
tacit grail
Here is the information of p ?
woeful smelt
Here is the information of `p` ?
oh that's good
if you step over once, what is principal?
tacit grail
Here is the result
woeful smelt
ok so the node.get("principal").asText() seems to be the problem
What should the principal be?
tacit grail
public class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser p, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
JsonNode node = p.getCodec().readTree(p);
// Extract the nested principal object
JsonNode principalNode = node.get("principal");
String principal = principalNode.toString(); // Converting the entire principal node to a JSON string
// Extracting the credentials
String credentials = node.get("credentials").isNull() ? null : node.get("credentials").asText();
return new UsernamePasswordAuthenticationToken(principal, credentials);
}
}
I revised it but nothing changed. I still get the same error.
@woeful smelt I want to show the console output of it.
tacit grail
But why set the principal to that json?
What should I do?
woeful smelt
What should the principal be?
tacit grail
Here is the principal information
woeful smelt
if you want that on the other side as well, you need to deserialize it to a Jwt or equivalent object
not a String
tacit grail
I did it but I got this error message.
woeful smelt
ok it seems you cannot deserialize that jwt class
so just create a record with the same components
tacit grail
Ok. I'll try it.
public record JwtRecord(String tokenValue, Map<String, Object> headers, Map<String, Object> claims) {
// You can add any necessary methods or constructors here if needed
}
public class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
private final ObjectMapper objectMapper = new ObjectMapper();
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser p, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
JsonNode node = p.getCodec().readTree(p);
// Extract the nested principal object and deserialize it into a JwtRecord object
JsonNode principalNode = node.get("principal");
JwtRecord principal = objectMapper.treeToValue(principalNode, JwtRecord.class);
// Extracting the credentials
String credentials = node.get("credentials").isNull() ? null : node.get("credentials").asText();
return new UsernamePasswordAuthenticationToken(principal, credentials);
}
}
I implemented it.
Here is the error
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "issuedAt" (class com.springbootmicroservices.productservice.model.auth.JwtRecord), not marked as ignorable (3 known properties: "tokenValue", "headers", "claims"])
at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: com.springbootmicroservices.productservice.model.auth.JwtRecord["issuedAt"])
it means the JWT has an issuedAt field but your record doesn't
you could add that to the record
or if you don't need it, configure jackson to ignore missing fields
tacit grail
Here is my latest commit : https://github.com/Rapter1990/springbootmicroserviceswithsecurity/commit/824fecd9df4870256b3e913d5f711b41319b9c67
I get the same error again .
Here are console result
Is it possible to test my example as I'm stuck there?
velvet ventureBOT
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use/help ping.
Warning: abusing this will result in moderative actions taken against you.
velvet ventureBOT
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use/help ping.
Warning: abusing this will result in moderative actions taken against you.