Generator-jhipster: "401 Unauthorized" error in every call between gateway and microservice generated with JHipster5 and Okta integration enabled
Overview of the issue
After updating JHipster, it seems that you can no longer correctly call the connected microservice APIs.
Reproduce the error
With JHipster 5 create a Gateway with Okta integration and Angular 6
After that create a microservice.
Connect both of them to a standard JHipster registry.
Tring to make a get to the microservice from swagger interface in the gateway return:
{
"type": "http://www.jhipster.tech/problem/problem-with-message",
"title": "Unauthorized",
"status": 401,
"detail": "Full authentication is required to access this resource",
"path": "/api/reservations/analytics",
"message": "error.http.401"
}
vcupelloni
All 36 comments
Please paste output of jhipster info
gmarziou
on 26 Jun 2018
This is the output from the gateway and the microservice app.
โ vcupelloni@ROMLAPA0693 ๎ฐ ~/test/gateway> jhipster info
Using JHipster version installed locally in current project's node_modules
Executing jhipster:info
Options:
Welcome to the JHipster Information Sub-Generator
JHipster Version(s)
[email protected] /home/vcupelloni/test/gateway
โโโ [email protected]
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.mycompany.myapp"
},
"jhipsterVersion": "5.0.1",
"applicationType": "gateway",
"baseName": "gateway",
"packageName": "com.mycompany.myapp",
"packageFolder": "com/mycompany/myapp",
"serverPort": "8080",
"authenticationType": "oauth2",
"cacheProvider": "hazelcast",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "gradle",
"enableSwaggerCodegen": false,
"clientFramework": "angularX",
"useSass": true,
"clientPackageManager": "yarn",
"testFrameworks": [
"cucumber"
],
"jhiPrefix": "jhi",
"enableTranslation": false
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
Environment and Tools
openjdk version "1.8.0_172"
OpenJDK Runtime Environment (build 1.8.0_172-b11)
OpenJDK 64-Bit Server VM (build 25.172-b11, mixed mode)
git version 2.18.0
node: v8.11.3
npm: 6.1.0
yeoman: 2.0.2
yarn: 1.7.0
Docker version 18.05.0-ce, build f150324782
docker-compose version 1.21.2, build unknown
Congratulations, JHipster execution is complete!
vcupelloni@ROMLAPA0693 ๎ฐ ~/test/microservice ๎ฐ ๎ master โ ๎ฐ jhipster info
Using JHipster version installed locally in current project's node_modules
Executing jhipster:info
Options:
Welcome to the JHipster Information Sub-Generator
JHipster Version(s)
[email protected] /home/vcupelloni/test/microservice
โโโ [email protected]
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.mycompany.myapp",
"nativeLanguage": "en"
},
"jhipsterVersion": "5.0.1",
"applicationType": "microservice",
"baseName": "microservice",
"packageName": "com.mycompany.myapp",
"packageFolder": "com/mycompany/myapp",
"serverPort": "8081",
"authenticationType": "oauth2",
"cacheProvider": "hazelcast",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "postgresql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "gradle",
"enableSwaggerCodegen": false,
"jwtSecretKey": "replaced-by-jhipster-info",
"enableTranslation": true,
"testFrameworks": [
"cucumber"
],
"jhiPrefix": "jhi",
"nativeLanguage": "en",
"languages": [
"en",
"it"
],
"clientPackageManager": "yarn",
"skipClient": true,
"skipUserManagement": true
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
Environment and Tools
openjdk version "1.8.0_172"
OpenJDK Runtime Environment (build 1.8.0_172-b11)
OpenJDK 64-Bit Server VM (build 25.172-b11, mixed mode)
git version 2.18.0
node: v8.11.3
npm: 6.1.0
yeoman: 2.0.2
yarn: 1.7.0
Docker version 18.05.0-ce, build f150324782
docker-compose version 1.21.2, build unknown
Congratulations, JHipster execution is complete!
vcupelloni
on 26 Jun 2018
Could you put a more descriptive title?
jdubois
on 27 Jun 2018
same issue can someone please respond.
talk2korah
on 2 Jul 2018
@talk2korah you could be more helpful and give more details or examples. I'm giving this a try.
jdubois
on 2 Jul 2018
And as we have no entities here, how am I supposed to test anything??? I'll just test with Swagger, but people please stop complaining and send correct bug reports instead. And please remember we do this on our free time - this is currently my lunch hour, I'd much rather have a coffee with my colleagues then spend time trying to understand what you might have done.
jdubois
on 2 Jul 2018
OK so I tested with an entity I created, and I stayed with Keycloak -> I confirm this isn't working. This should have been tested, I don't understand what went wrong here - @mraible could you have a look? I'll try to debug this
jdubois
on 2 Jul 2018
I also confirm this also doesn't work in prod mode, this is a really big issue.
jdubois
on 2 Jul 2018
@jdubois I'm very sorry I did not provide all the information you need at the beginning. I had not used entities because I had noticed that APIs for user and account information also gave that problem out of the box. :(
vcupelloni
on 2 Jul 2018
here is all about what i have done
1)created a application form https://start.jhipster.tech/#/
2)added it to git https://github.com/talk2korah/TestApp
3)cloned application to a folder
4)run mvn cmd in the app folder- page successfully loaded in 8080
5)downloaded jhipster registery from https://github.com/jhipster/jhipster-registry/releases
6)added it beside the app folder
7)run java -jar jhipster-registry-3.2.4.war cmd
8)registry opened in http://localhost:8761
9)in new cmd promt inside the app folder gave jhipster spring-controller hello cmd
Using JHipster version installed globally
Executing jhipster:spring-controller hello
Options:
The spring-controller hello is being created.
? Do you want to add an action to your controller? Yes
? What is the name of your action? haiiiiiii
? What is the HTTP method of your action? GET
? Do you want to add an action to your controller? No
adding Get action 'haiiiiiii' for /api/hello/haiiiiiii
create src\main\java\io\github\jhipster\application\web\rest\HelloResource.java
create src\test\java\io\github\jhipster\application\web\rest\HelloResourceIntTest.java
Congratulations, JHipster execution is complete!
10)mvn cmd was again give in app folder
11)when i checked the api in the swagger in registry the try result was like
{
"type": "https://www.jhipster.tech/problem/problem-with-message",
"title": "Unauthorized",
"status": 401,
"detail": "Full authentication is required to access this resource",
"path": "/api/hello/haiiiiiii",
"message": "error.http.401"
}
and when i cancelled the running mvn app it shows like :-
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.0.3.RELEASE:run (default-cli) on project test-app: Could not exec java: Application finished with exit code: 1 -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
could someone please help me out on this.
talk2korah
on 2 Jul 2018
Well @vcupelloni I'm also very sorry I didn't trust you earlier, because you were right... This is indeed totally broken, but that was supposed to work - that's a major feature! So this is very surprising this doesn't work at all.
That part has been coded by @mraible with a the help of @farrault - I hope they can be available to help here.
I'll do my best, but I won't be able to work on this until tonight.
jdubois
on 2 Jul 2018
@jdubois : So it is a regression, right ? This exact same test you've just done worked before, or you are not so sure ?
I am note able to generate the app easily right now (and tomorrow too), but if someone put the generated code somewhere, I can check.
farrault
on 2 Jul 2018
Yes @farrault that should be a regression, I tested it as well as many other people. From what I can see, the token is not sent to the underlying microservice, and I don't know why. Many that's because we upgraded to Spring Cloud stable release - I don't think we tested after that, but as it was working on a milestone release, who could have thought that would break to use a stable release?
Anyway, unless somebody else does it, I can generate everything tonight, and I'll push it to GitHub.
jdubois
on 2 Jul 2018
I just created a gateway and microservice using OAuth 2.0 for authentication and everything seems fine for me. I did not generate a controller, but I'll try that now.
mraible
on 2 Jul 2018
@mraible maybe that's caused by one of the options in the .yo-rc.json file - but I didn't see anything strange there
jdubois
on 2 Jul 2018
Creating a controller on my gateway and accessing it via Swagger works too.
The only change I had to make was to add DB_VENDOR to Keycloak's Docker file.
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- DB_VENDOR=h2
[email protected] /Users/mraible/apps/gateway
โโโ [email protected]
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.okta.developer",
"nativeLanguage": "en"
},
"jhipsterVersion": "5.0.1",
"applicationType": "gateway",
"baseName": "gateway",
"packageName": "com.okta.developer",
"packageFolder": "com/okta/developer",
"serverPort": "8080",
"authenticationType": "oauth2",
"cacheProvider": "hazelcast",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "maven",
"enableSwaggerCodegen": false,
"clientFramework": "angularX",
"useSass": false,
"clientPackageManager": "yarn",
"testFrameworks": [],
"jhiPrefix": "jhi",
"enableTranslation": true,
"nativeLanguage": "en",
"languages": [
"en"
]
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
Environment and Tools
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
git version 2.14.1
node: v9.8.0
npm: 6.1.0
yeoman: 2.0.2
yarn: 1.7.0
Docker version 18.03.1-ce, build 9ee9f40
docker-compose version 1.21.1, build 5a3f1a3
And the info from my microservice (blog) app:
JHipster Version(s)
[email protected] /Users/mraible/apps/blog
โโโ [email protected]
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.okta.developer",
"nativeLanguage": "en"
},
"jhipsterVersion": "5.0.1",
"applicationType": "microservice",
"baseName": "blog",
"packageName": "com.okta.developer",
"packageFolder": "com/okta/developer",
"serverPort": "8081",
"authenticationType": "oauth2",
"cacheProvider": "hazelcast",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "maven",
"enableSwaggerCodegen": false,
"jwtSecretKey": "replaced-by-jhipster-info",
"enableTranslation": true,
"testFrameworks": [],
"jhiPrefix": "jhi",
"nativeLanguage": "en",
"languages": [
"en"
],
"clientPackageManager": "yarn",
"skipClient": true,
"skipUserManagement": true
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
entity Blog (blog) {
name String required minlength(3),
handle String required minlength(2)
}
entity Entry (entry) {
title String required,
content TextBlob required,
date Instant required
}
entity Tag (tag) {
name String required minlength(2)
}
relationship ManyToOne {
Blog{user(login)} to User,
Entry{blog(name)} to Blog
}
relationship ManyToMany {
Entry{tag(name)} to Tag{entry}
}
microservice Blog, Entry, Tag with blog
paginate Entry, Tag with infinite-scroll
Environment and Tools
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
git version 2.14.1
node: v9.8.0
npm: 6.1.0
yeoman: 2.0.2
yarn: 1.7.0
Docker version 18.03.1-ce, build 9ee9f40
docker-compose version 1.21.1, build 5a3f1a3
mraible
on 2 Jul 2018
Very interesting, thanks a lot @mraible -> with your configuration it works. Which explains why all our tests were working.
And that's also why we always ask for .yo-rc.json configurations :-))))
Then I have no idea what the difference is between the 2 configurations, and why one works and not the other. We'll need to do a diff and test with each different option.
jdubois
on 2 Jul 2018
And the culprit is ..... Gradle!
I have no idea why, but the issue only happens with Gradle, not Maven. So the quick fix is to migrate to Maven -> @vcupelloni @talk2korah could you test and validate? In the .yo-rc.json you just need to change gradle by maven.
jdubois
on 2 Jul 2018
@jdubois
Changed from Gradle to Maven, regenerated all the stuff and now it works!
vcupelloni
on 2 Jul 2018
Gradle is not tested at all with microservices. I need to add it to hipster labs
pascalgrimaud
on 2 Jul 2018
Yes that's why we missed it but there's not supposed to be any difference here.
I need to generate both projects and do a diff. I hope it's not too bad, they don't have the same algorithm for transitive dependencies calculation and that can be quite complex.
jdubois
on 2 Jul 2018
OK so I did a diff, and that was really awful to do, so let me write the result here. With Gradle, we have:
- One more dependency: hibernate-entitymanager-5.2.17.Final.jar -> this is crazy as we need that also with Maven, and that just doesn't make any sense.
- One less dependency: spring-cloud-security-2.0.0.RELEASE.jar -> and this definitely looks like the culprit!!
jdubois
on 2 Jul 2018
Tested and it works :-)
Fix is coming!
jdubois
on 2 Jul 2018
Thank you so much for your effort and time guys!
vcupelloni
on 2 Jul 2018
@jdubois
it works.. thank you guys ๐
talk2korah
on 3 Jul 2018
Thanks everyone, that was a hard one :-)
jdubois
on 3 Jul 2018
@jdubois : so it was my fault ;-( I only add spring-cloud-security to the pom.xml, not the build.gradle in my initial proposition ... Sorry ...
Do you think the diff you made to find the difference in the classpath can be automated ?
@pascalgrimaud : maybe the tests only need to be enhance to compare the classpath in both generation mode ? Which may be a lot lighter than relaunching all the tests
farrault
on 3 Jul 2018
No problem @farrault - you did an awesome work on OAuth2 support, and this part is really tricky
jdubois
on 3 Jul 2018
In fact, my idea is to add a daily builds for gradle+microservices similar to what it is done for maven+microservices:
https://github.com/hipster-labs/jhipster-travis-build/blob/microservices/.travis.yml#L90-L96
Because, Gradle is not enough tested
pascalgrimaud
on 3 Jul 2018
@pascalgrimaud Please note that this particular problem only shows up when a gateway make a call to a microservice : you do not have yet this kind of combined test, have you ?
To be able to compare the classpath for every combination in the matrix would ensure you a great coherence between maven and gradle.
( I guess it is not straighforward however, maybe the first step is to be enable to generate both pom.xml and build.gradle at once to ease the comparaison ? )
Just my two cents
farrault
on 3 Jul 2018
As discussed with Pierre Besson, the idea would be to:
- create a microservice with entities
- create a gateway with the entities of the microservice
- start everything, then launch protractor tests -> the calls will be tested here
pascalgrimaud
on 3 Jul 2018
Yes we need to do this, being able to generate apps from a JDL file will help us greatly here. What I would like to be able to do, is that people could just drop in a JDL file such as this in hipster lab to have the end 2 end setup tested every day :
entity Foo {
bar String
}
application {
config {
applicationType gateway
}
entity Foo
}
application {
config {
applicationType microservice
}
entity Foo
}
PierreBesson
on 3 Jul 2018
@jdubois
I'm getting this with Gradle and v6.1.2 - I'm running the registry as a Docker container, created a microservice with 1 entity and a gw with the same entity.
Same error, 401 Unauthorized and it's logging the user out every time I try to do anything with the entity in the UI but the other links (to non-entity pages) works.
jhipster info
INFO! Using JHipster version installed locally in current project's node_modules
INFO! Executing jhipster:info
INFO! Options: from-cli: true
Welcome to the JHipster Information Sub-Generator
JHipster Version(s)
[email protected] /Users/mike/code/public/jh/gw
โโโ [email protected]
.yo-rc.json file
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.mycompany.myapp",
"nativeLanguage": "en",
"microservicePath": "../svc"
},
"jhipsterVersion": "6.1.2",
"applicationType": "gateway",
"baseName": "gw",
"packageName": "com.mycompany.myapp",
"packageFolder": "com/mycompany/myapp",
"serverPort": "8080",
"authenticationType": "jwt",
"cacheProvider": "ehcache",
"enableHibernateCache": true,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "postgresql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": "eureka",
"buildTool": "gradle",
"enableSwaggerCodegen": false,
"jwtSecretKey": "bXktc2VjcmV0LXRva2VuLXRvLWNoYW5nZS1pbi1wcm9kdWN0aW9uLWFuZC10by1rZWVwLWluLWEtc2VjdXJlLXBsYWNl",
"useSass": true,
"clientPackageManager": "npm",
"clientFramework": "react",
"clientTheme": "none",
"clientThemeVariant": "",
"testFrameworks": [],
"jhiPrefix": "jhi",
"entitySuffix": "",
"dtoSuffix": "DTO",
"otherModules": [],
"enableTranslation": true,
"nativeLanguage": "en",
"languages": [
"en"
]
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
Environment and Tools
openjdk version "1.8.0_212"
OpenJDK Runtime Environment Corretto-8.212.04.1 (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM Corretto-8.212.04.1 (build 25.212-b04, mixed mode)
git version 2.21.0
node: v10.15.3
npm: 6.9.0
yeoman: 3.1.0
Docker version 18.09.2, build 6247962
docker-compose version 1.23.2, build 1110ad01
INFO! Congratulations, JHipster execution is complete!
mikebski
on 17 Jul 2019
@mikebski could you open a new issue as this one is one year old and for Jhipster 5
gmarziou
on 17 Jul 2019
Done - https://github.com/jhipster/generator-jhipster/issues/10108
On Wed, Jul 17, 2019 at 10:34 AM Gaรซl Marziou notifications@github.com
wrote:
@mikebski https://github.com/mikebski could you open a new issue as
this one is one year old and for Jhipster 5โ
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jhipster/generator-jhipster/issues/7865?email_source=notifications&email_token=ABAVCDGPYSSZD4MNMX4FPFDP74UYHA5CNFSM4FHAQU22YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2EM5HI#issuecomment-512282269,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABAVCDH6XB427NEXPCLMBFLP74UYHANCNFSM4FHAQU2Q
.
mikebski
on 17 Jul 2019
I also meet this issue due to the base64-secret
change the config file in gateway and microservice, make sure security.authentication.jwt.base64-secret is equal.
sww0825521xy
on 4 Sep 2019
Related issues
deepu105
ยท
62Comments
loydjayme25
ยท
71Comments
deepu105
ยท
75Comments
jdubois
ยท
54Comments
yelhouti
ยท
123Comments
Most helpful comment
And as we have no entities here, how am I supposed to test anything??? I'll just test with Swagger, but people please stop complaining and send correct bug reports instead. And please remember we do this on our free time - this is currently my lunch hour, I'd much rather have a coffee with my colleagues then spend time trying to understand what you might have done.