Spring cloud Zuul and JWT refresh token -


i have local orchestrated environment using spring cloud components (eureka, zuul, , auth servers). these components implemented separate standalone services. have growing number of combined ui/resource services individual services have own ui. ui put server side using thymeleaf templates angularjs single page apps run in browser.

a single zuul service fronts ui/resource services. have annotated ui/resource services @enableresourceserver , added @enableoauth2sso zuul server.

in application.properties zuul have following properties:

security.oauth2.client.accesstokenuri=http://localhost:8771/uaa/oauth/token security.oauth2.client.userauthorizationuri=http://localhost:8771/uaa/oauth/authorize security.oauth2.client.clientid=waharoa security.oauth2.client.clientsecret=waharoa security.oauth2.client.preestablishedredirecturi=http://localhost:81/login security.oauth2.client.registeredredirecturi=http://localhost:81/login security.oauth2.client.usecurrenturi=false security.oauth2.resource.jwt.keyvalue=-----begin public key-----[etc omitted]...

this seems work advertised. issue when token expires.

in auth server have set token expire in 60 seconds , refresh token expire in 12 hours. when token expires zuul server unable new token.

at zuul server appears in log:

badcredentialsexception : cannot obtain valid access token thrown oauth2tokenrelayfilter.getaccesstoken

update: turned on debugging org.springframework.security.oauth in zuul service , got following

    17:12:33.279 debug o.s.s.o.c.t.g.c.authorizationcodeaccesstokenprovider - retrieving token http://localhost:8771/uaa/oauth/token     17:12:33.289 debug o.s.s.o.c.t.g.c.authorizationcodeaccesstokenprovider - encoding , sending form: {grant_type=[refresh_token], refresh_token=[eyjhbgcioijs[...deleted...]vggrhgt8oj2ydfnvvna]}     17:12:37.279 warn  o.s.c.n.z.f.post.senderrorfilter - error during filtering [blah blah stacktrace many lines omitted] caused by: org.springframework.security.authentication.badcredentialsexception: cannot obtain valid access token         @ org.springframework.cloud.security.oauth2.proxy.oauth2tokenrelayfilter.getaccesstoken(oauth2tokenrelayfilter.java:99)         @ org.springframework.cloud.security.oauth2.proxy.oauth2tokenrelayfilter.run(oauth2tokenrelayfilter.java:79)         @ com.netflix.zuul.zuulfilter.runfilter(zuulfilter.java:112)         @ com.netflix.zuul.filterprocessor.processzuulfilter(filterprocessor.java:193)         ... 106 common frames omitted

on auth (uaa) service side can see zuul client (waharoa) authenticate, details of correct user, , print:

17:12:37.288 debug o.s.s.w.c.securitycontextpersistencefilter - securitycontextholder cleared, request processing completed

i presume means auth server has done needed , replied request? looks not set correctly on zuul service, suggestions?

could please advise other information i'd need post here work out why token refresh not working. spring cloud noob , convention black magic not clear me (i have searched , search examples of thought common use case found nothing).

note2: have following bean on zuul side 

@bean     public oauth2resttemplate oauth2resttemplate(oauth2protectedresourcedetails resource, oauth2clientcontext context) {         return new oauth2resttemplate(resource, context);     }

following @alexk advice added following userdetailsservice bean on auth side

@bean     @override     public userdetailsservice userdetailsservicebean() throws exception {         return super.userdetailsservicebean();     }

and added auth server config

@autowired     private userdetailsservice userdetailsservice;  @override     public void configure(authorizationserverendpointsconfigurer endpoints) throws exception {         endpoints.tokenstore(tokenstore()).tokenenhancer(jwttokenenhancer())                 .authenticationmanager(authenticationmanager).userdetailsservice(userdetailsservice)             .reuserefreshtokens(false); }

but same outcome. refresh_token takes place still seems die when response zuul filter.

note 3:

@alexk spot on. found learnt when token refreshed not refreshed token store, requires call underlying userdetailsservice user details again. getting details active directory took lot of trial , error resolve working advertised. (missing) simple userdetailsservice bean autowired configuration shown in note 2:

@bean(name = "ldapuserdetailsservice") public userdetailsservice userdetailsservice() {     filterbasedldapusersearch usersearch = new filterbasedldapusersearch(searchbase, "(samaccountname={0})",             contextsource());     ldapuserdetailsservice result = new ldapuserdetailsservice(usersearch);     result.setuserdetailsmapper(new inetorgpersoncontextmapper());     return result; }

i think necessary clues in this q , a

in short:

  1. the clue in question - it's necessary implement oauth2resttemplate on zuul/uiapp side. it's said in spring boot reference it's not created default
  2. the other part inside answer - it's necessary modification on oauth-server side

after access_token refreshed automatically refresh_token.

p.s. when refresh_token token expired still can same-looking error! deal can make refresh_token automatically renewed same time new access_token. use reuserefreshtokens(false) in configuration of authorizationserverendpointsconfigurer @ auth-server code:

@override public void configure(authorizationserverendpointsconfigurer endpoints)         throws exception {     endpoints         .authenticationmanager(authenticationmanager)         .userdetailsservice(userdetailsservice)         .reuserefreshtokens(false); // <--that's key new refresh_token @ same time new access_token }

more thoroughly explained here


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more