Generator-jhipster: Oauth2 and traefik. 404 not found
Overview of the issue
hi all,
i notice a 404 page with traefik and oauth 2.
Reproduce the error
consider this jdl
jdl
application {
config {
baseName gateway
applicationType gateway
languages [fr,en]
buildTool maven
packageName dam.gateway
serverPort 8080
authenticationType oauth2
cacheProvider hazelcast
devDatabaseType postgresql
prodDatabaseType postgresql
//searchEngine elasticsearch
serviceDiscoveryType consul
enableSwaggerCodegen false
testFrameworks [gatling]
clientPackageManager npm
nativeLanguage fr
useSass true
}
entities *
}
application {
config {
baseName apis
applicationType microservice
skipClient true
languages [fr,en]
buildTool maven
packageName dam.pelican
serverPort 8081
authenticationType oauth2
cacheProvider hazelcast
devDatabaseType postgresql
prodDatabaseType postgresql
//searchEngine elasticsearch
serviceDiscoveryType consul
enableSwaggerCodegen true
testFrameworks [gatling]
clientPackageManager npm
nativeLanguage fr
}
entities *
}
deployment {
deploymentType docker-compose
appsFolders [gateway, apis]
gatewayType traefik
monitoring elk
consoleOptions [zipkin]
serviceDiscoveryType consul
dockerRepositoryName "test"
}
// Domain Ressources
enum RessourceState {
CREATING, NOT_TESTED, READY
}
entity Resources {
// creator String required
dateCreation Instant required
dateModification Instant
dateExpiration LocalDate
dateAcquisiiton LocalDate
dateEndOfMaintenance LocalDate
state RessourceState
}
dto * with mapstruct
paginate * with pagination
service all with serviceImpl
microservice * with apis
jhipster import-jdl project.jdl
next, in wepack.common.js, update baseHref to /services/gateway/.
cd gateway
./mvnw -Pprod verify jib:dockerBuild
cd ../apis
./mvnw -Pprod verify jib:dockerBuild
cd ../docker-compose
# you can disable all service in docker-compose file under traefik except keycloak
docker-compose up -d
Go to localhost/services/gateway/
in the browser log, there is an error on http://localhost/oauth2/authorization/oidc
http://localhost/oauth2/authorization/oidc
Request Method: GET
Status Code: 404 Not Found (from disk cache)
Referrer Policy: no-referrer-when-downgrade
click account > Sign in.
you have a 404 page not found from traefik.
JHipster Version(s)
[email protected] /home/cedric/dev/dam/test/gatewayback
└── [email protected]
Environment and Tools
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode, sharing)
git version 2.17.1
node: v10.13.0
npm: 6.4.1
Docker version 18.09.6, build 481bc77
docker-compose version 1.23.2, build 1110ad01
INFO! Congratulations, JHipster execution is complete!
Browsers and Operating System
linux ubuntu 18.04
chromium 73
- [ ] Checking this box is mandatory (this is just to show you read everything)
antarus
All 15 comments
@antarus : to be honest, Traefik is not tested in our CI, so not sure it works well after JHipster 6. So PR are really welcome to fix this part.
pascalgrimaud
on 20 May 2019
FYI, can you see in the stats the number of people who use traefik?
@pascalgrimaud
antarus
on 21 May 2019
@antarus : sorry, I don't have these stats about Traefik
pascalgrimaud
on 22 May 2019
pity:(
antarus
on 22 May 2019
I confirm the issue.
I think it's an error of redirection : it should not try to call http://localhost/oauth2/authorization/oidc but http://localhost/services/gateway/oauth2/authorization/oidc, but I didn't manage to fix the issue yet.
It come maybe form the keycloak/oauth2 configuration, or in the way we handle the contextPath...
clementdessoude
on 23 May 2019
@mraible migth be able to help.
I've tried to update the spring security config, but I didn't manage to make it work
clementdessoude
on 24 May 2019
9800 should help fix redirect to keycloak page. Also, under keycloak web-app client, redirect URIs should be updated to allow localhost:80.
I still need to look into post login flow to correctly redirect back to the application.
vishal423
on 27 May 2019
Hi @vishal423, I applied your PR manually on my code but I still have a 404 returned by traefik.
antarus
on 27 May 2019
@antarus, On my side, with your configurations, I can navigate to the Keycloak login page. One correction to my previous comment that I used http://localhost/* as redirect URI. Post successful login, redirect fails as spring security needs to be correctly configured. I think I know how to fix, but, need some time to try that out.
Following snapshot shows gateway page post successful authentication:
vishal423
on 27 May 2019
I update keycloak to redirect http://localhost/*
I can navigate to the Keycloak login page, enter login / password and I am redirected to http://localhost/login/oauth2/code/oidc?State=XXXX with a 404 not found from traefik. Then, if i add /services/gateway/ in the url before login, i'm redirected to http://localhost with a 404 not found from traefik.
if i return on http://localhost/services/gateway/, i'am authenticated..
antarus
on 27 May 2019
yes, you are correct on this. That's why I said some work needs to be done on spring security configurations to make login redirect works out of the box or at least correctly documented.
vishal423
on 27 May 2019
Adding a bug bounty here
jdubois
on 18 Jun 2019
Yop all.
I found a solution.
But as the traefik option is not known at the time of the generation of the gateway, I see only two solutions:
Add the commented code in the code, or do the documentation part.
Solution 2 seems better to me because traefik does not seem like a most used option
antarus
on 20 Jun 2019
I like to have an "out of the box" experience with JHipster, so everything works out magically for a new user -> we can't always do it, and then documentation is good, but can you point to it during generation time, like a message?
jdubois
on 20 Jun 2019
For the message, I have to see if the docker-compose subgenerator can know if the gateway uses oauth2
antarus
on 20 Jun 2019
Related issues
marcelinobadin
·
3Comments
shivroy121
·
3Comments
kaidohallik
·
3Comments
RizziCR
·
3Comments
frantzynicolas
·
3Comments