Generator-jhipster: Can't navigate to entities in 5.2.0: GET http://localhost:8080/management/info 403 (Forbidden)

Created on 14 Aug 2018  ·  12Comments  ·  Source: jhipster/generator-jhipster
Overview of the issue

If you create a microservices architecture with a gateway and apps, you can't navigate to the app's entities from the gateway. When you click on a link in the navbar, it refreshes and goes back to /.

The following error shows in the console:

GET http://localhost:8080/management/info 403 (Forbidden)
...
2core.js?09c9:1671 ERROR Error: Uncaught (in promise): HttpErrorResponse: {"headers":{"normalizedNames":{},"lazyUpdate":null},"status":403,"statusText":"Forbidden","url":"http://localhost:8080/management/info","ok":false,"name":"HttpErrorResponse","message":"Http failure response for http://localhost:8080/management/info: 403 Forbidden","error":{"timestamp":"2018-08-14T01:35:34.297+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/management/info"}}
    at resolvePromise (zone.js?d135:814)
    at resolvePromise (zone.js?d135:771)
    at eval (zone.js?d135:873)
    at ZoneDelegate.invokeTask (zone.js?d135:421)
    at Object.onInvokeTask (core.js?09c9:3816)
    at ZoneDelegate.invokeTask (zone.js?d135:420)
    at Zone.runTask (zone.js?d135:188)
    at drainMicroTaskQueue (zone.js?d135:595)
    at ZoneTask.invokeTask [as invoke] (zone.js?d135:500)
    at invokeTask (zone.js?d135:1540)
##### **Motivation for or Use Case** It worked in 5.1.0. ##### **Reproduce the error** Follow [this tutorial](https://developer.okta.com/blog/2018/03/01/develop-microservices-jhipster-oauth) with 5.2.0. ##### **Suggest a Fix** In the gateway's `OAuth2SsoConfiguration.java`, add a rule to allow `/management/info`. 
            .authorizeRequests()
            .antMatchers("/api/profile-info").permitAll()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/info").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .anyRequest().permitAll();
This allows you to navigate to the entity list screen, but doesn't it ends up displaying a 401 and refreshed back to the home screen. I'm not sure why this happens. It doesn't happen in 5.1.0. [Here's a diff showing what changed in my apps](https://github.com/oktadeveloper/okta-jhipster-microservices-oauth-example/compare/jhipster-v5.1.0...jhipster-v5.2.0) between JHipster 5.1.0 and 5.2.0. **NOTE:** I'm not sure when we renamed `SecurityConfiguration.java` to `OAuth2SsoConfiguration.java`, but `@EnableOAuth2Sso` will be deprecated and not recommended in Spring Security 5.1. When that's released (late September), we can migrate to its OIDC support and get rid of this annotation. It might not be a big deal if `jhipster upgrade` can handle renaming the file. ##### **JHipster Version(s)** 
[email protected] /home/mraible/dev/okta/okta-jhipster-microservices-oauth-example/gateway
└── [email protected]
##### **JHipster configuration, a `.yo-rc.json` file generated in the root folder**
.yo-rc.json file 
{
  "generator-jhipster": {
    "promptValues": {
      "packageName": "com.okta.developer.gateway",
      "nativeLanguage": "en"
    },
    "jhipsterVersion": "5.1.0",
    "applicationType": "gateway",
    "baseName": "gateway",
    "packageName": "com.okta.developer.gateway",
    "packageFolder": "com/okta/developer/gateway",
    "serverPort": "8080",
    "authenticationType": "oauth2",
    "cacheProvider": "hazelcast",
    "enableHibernateCache": true,
    "websocket": false,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "searchEngine": false,
    "messageBroker": false,
    "serviceDiscoveryType": "eureka",
    "buildTool": "maven",
    "enableSwaggerCodegen": false,
    "clientFramework": "angularX",
    "useSass": false,
    "clientPackageManager": "yarn",
    "testFrameworks": [
      "protractor"
    ],
    "jhiPrefix": "jhi",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "languages": [
      "en"
    ]
  }
}

JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory


JDL entity definitions

Environment and Tools

java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)

git version 2.17.1

node: v8.10.0

npm: 6.3.0

yarn: 1.6.0

Docker version 18.05.0-ce, build f150324

docker-compose version 1.13.0, build 1719ceb

  • [x] Checking this box is mandatory (this is just to show you read everything)
$100
Source
picture mraible

Most helpful comment

Nice catch @sendilkumarn.

picture PierreBesson on 15 Aug 2018
🎉1 👍1

All 12 comments

Could this be linked to https://github.com/jhipster/generator-jhipster/pull/7960 from @cbornet ?

jdubois picture jdubois on 14 Aug 2018

FWIW, I am not seeing this issue when I make a gateway and microservice using JWT. I'd wager that it is only an issue when choosing OAuth.

image
image

rothandr@spectre:~/source/foo-gateway$ jhipster info
Using JHipster version installed locally in current project's node_modules
Executing jhipster:info
Options: 
Welcome to the JHipster Information Sub-Generator

##### **JHipster Version(s)**

[email protected] /home/rothandr/source/foo-gateway
└── [email protected] 



##### **JHipster configuration, a `.yo-rc.json` file generated in the root folder**


<details>
<summary>.yo-rc.json file</summary>
<pre>
{
  "generator-jhipster": {
    "promptValues": {
      "packageName": "com.mycompany.myapp",
      "nativeLanguage": "en"
    },
    "jhipsterVersion": "5.2.0",
    "applicationType": "gateway",
    "baseName": "foogateway",
    "packageName": "com.mycompany.myapp",
    "packageFolder": "com/mycompany/myapp",
    "serverPort": "8080",
    "authenticationType": "jwt",
    "cacheProvider": "hazelcast",
    "enableHibernateCache": true,
    "websocket": "spring-websocket",
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "searchEngine": false,
    "messageBroker": false,
    "serviceDiscoveryType": "eureka",
    "buildTool": "gradle",
    "enableSwaggerCodegen": true,
    "jwtSecretKey": "replaced-by-jhipster-info",
    "clientFramework": "angularX",
    "useSass": true,
    "clientPackageManager": "yarn",
    "testFrameworks": [
      "cucumber",
      "protractor"
    ],
    "jhiPrefix": "jhi",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "languages": [
      "en"
    ]
  }
}
</pre>
</details>


##### **JDL for the Entity configuration(s) `entityName.json` files generated in the `.jhipster` directory**

<details>
<summary>JDL entity definitions</summary>

<pre>

</pre>
</details>


##### **Environment and Tools**

openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-0ubuntu0.18.04.1-b11)
OpenJDK 64-Bit Server VM (build 25.171-b11, mixed mode)

git version 2.17.1

node: v8.11.3

npm: 5.6.0

yeoman: 2.0.5

yarn: 1.9.4

Docker version 18.06.0-ce, build 0ffa825

docker-compose version 1.22.0, build f46880fe

Congratulations, JHipster execution is complete!

{
  "generator-jhipster": {
    "promptValues": {
      "packageName": "com.mycompany.myapp",
      "nativeLanguage": "en"
    },
    "jhipsterVersion": "5.2.0",
    "applicationType": "gateway",
    "baseName": "foogateway",
    "packageName": "com.mycompany.myapp",
    "packageFolder": "com/mycompany/myapp",
    "serverPort": "8080",
    "authenticationType": "jwt",
    "cacheProvider": "hazelcast",
    "enableHibernateCache": true,
    "websocket": "spring-websocket",
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "searchEngine": false,
    "messageBroker": false,
    "serviceDiscoveryType": "eureka",
    "buildTool": "gradle",
    "enableSwaggerCodegen": true,
    "jwtSecretKey": "85d11b05a33cb43b58d916d23bea30f07e3444db",
    "clientFramework": "angularX",
    "useSass": true,
    "clientPackageManager": "yarn",
    "testFrameworks": [
      "cucumber",
      "protractor"
    ],
    "jhiPrefix": "jhi",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "languages": [
      "en"
    ]
  }
}



md5-ba736b1bb251c824b1f96fcde1be6f2b



{
  "generator-jhipster": {
    "promptValues": {
      "packageName": "com.mycompany.myapp",
      "nativeLanguage": "en"
    },
    "jhipsterVersion": "5.2.0",
    "applicationType": "microservice",
    "baseName": "foomicroservice",
    "packageName": "com.mycompany.myapp",
    "packageFolder": "com/mycompany/myapp",
    "serverPort": "8081",
    "authenticationType": "jwt",
    "cacheProvider": "hazelcast",
    "enableHibernateCache": true,
    "websocket": false,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "searchEngine": false,
    "messageBroker": false,
    "serviceDiscoveryType": "eureka",
    "buildTool": "gradle",
    "enableSwaggerCodegen": true,
    "jwtSecretKey": "4e06daca207e73383061a4156dd6371feadc19be",
    "enableTranslation": true,
    "testFrameworks": [
      "cucumber"
    ],
    "jhiPrefix": "jhi",
    "clientPackageManager": "yarn",
    "nativeLanguage": "en",
    "languages": [
      "en"
    ],
    "skipClient": true,
    "skipUserManagement": true
  }
}
RothAndrew picture RothAndrew on 14 Aug 2018

Could this be linked to #7960 from @cbornet ?

The PR didn't touch this file so I think it's not involved.

@mraible are you sure it was working as-is in 5.1 ? The rule was also not there for 5.1 : https://github.com/jhipster/generator-jhipster/blob/v5.1.0/generators/server/templates/src/main/java/package/config/OAuth2SsoConfiguration.java.ejs

cbornet picture cbornet on 14 Aug 2018

@cbornet I’m pretty sure. I checked it twice and rebuilt both times from scratch. I could be wrong, it was past midnight. ;)

mraible picture mraible on 14 Aug 2018

I reproduced once again tonight, so I know it's a real issue now. I reverted a microservice pom.xml to match 5.1.0 and it didn't help. I reverted the gateway's pom.xml to 5.1.0 and now it works. Still digging...

mraible picture mraible on 15 Aug 2018

Narrowed it down to the difference between jhipster-dependencies.version and spring-boot.version in the gateway app. The suspension is building...

mraible picture mraible on 15 Aug 2018

If I change the gateway to use <jhipster-dependencies.version>2.0.14</jhipster-dependencies.version>, everything works.

mraible picture mraible on 15 Aug 2018

Can't find the needle in the haystack, but reverting to <jhipster-dependencies.version>2.0.14</jhipster-dependencies.version> definitely solves the problem.

mraible picture mraible on 15 Aug 2018

@mraible The issue is because of zuul proxy, the forwarded request is stripped of authorization tokens. Temporarily we can fix this with zuul.sensitiveHeaders= cookie,SetCookie

sendilkumarn picture sendilkumarn on 15 Aug 2018
🎉1

Nice catch @sendilkumarn.

PierreBesson picture PierreBesson on 15 Aug 2018
🎉1 👍1

Congrats @sendilkumarn ! I have approved your bug bounty on https://opencollective.com/generator-jhipster/expenses/4646# but have a look at it, it seems you need to fill a form to get the money (please tell me if I can help)

jdubois picture jdubois on 16 Aug 2018
👍1

Thanks @jdubios 👍
I will have a look at that, I hope it is for me

sendilkumarn picture sendilkumarn on 16 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sdoxsee picture sdoxsee  ·  4Comments
SudharakaP picture SudharakaP  ·  3Comments
frantzynicolas picture frantzynicolas  ·  3Comments
SudharakaP picture SudharakaP  ·  3Comments
pascalgrimaud picture pascalgrimaud  ·  4Comments