1

I have created a Single Page Application using the Spring Tutorial for making one with AngularJS and OAuth and such found here: https://spring.io/guides/tutorials/spring-security-and-angular-js/#_multiple_ui_applications_and_a_gateway_single_page_application_with_spring_and_angular_js_part_vi

This is the application.yml files for the SPA application:

security:
  user:
    password: none
  oauth2:
    client:
      accessTokenUri: localhost:7777/uaa/oauth/token
      userAuthorizationUri: localhost:7777/uaa/oauth/authorize
      clientId: acme
      clientSecret: acmesecret
    resource:
      user-info-uri: localhost:7777/uaa/user


zuul:
  routes:
    resource:
      path: /resource/**
      url: localhost:9000/resource
    user:
      path: /user/**
      url: localhost:7777/uaa/user

eureka:
  client:
    serviceUrl:
      defaultZone: ${vcap.services.eureka-service.credentials.uri:127.0.0.1:8761}/eureka/

---
spring:
  profiles: cloud
eureka:
  instance:
    hostname: ${APPLICATION_DOMAIN}
    nonSecurePort: 80

I want to know how I would change the zuul routes and the user-info-uri so that I don't have to specify the urls and all this can be done by using the service-id. I looked at the tutorial for using eureka here:

https://spring.io/blog/2015/01/20/microservice-registration-and-discovery-with-spring-cloud-and-netflix-s-eureka

but I don't quite understand how I can achieve my goal without adding all the java to my code, because the basic eureka server already seems to register all my services.

Aritz
  • 30,971
  • 16
  • 136
  • 217
Ian Neethling
  • 83
  • 1
  • 8

2 Answers2

3

Had issue with using eureka service id, userInfoUri used to throw UnknownHost Exception all the time, @LoadBallanced restTemplate did not solve my issue, solution was to set prefer-token-info to false ( if true - no load ballancing for oauth )

security.oauth2.resource.service-id={Service ID as at eureka server registered}
security.oauth2.resource.userInfoUri= http://${security.oauth2.resource.service-id}/user/me
security.oauth2.resource.loadBalanced=true
security.oauth2.resource.prefer-token-info=false

no port number needed if service ID used , but needed if ip or host used

Anton Syzko
  • 31
  • 2
  • 6
2

If I do understand your question correct you can just use the config file in this pattern:

zuul:
  routes:
    <service_id>:
      path: /path/**

For example (if your oauth-service is registered as auth):

zuul:
  routes:
    auth:
      path: /user/**

Zuul will leverage Eureka and find the endpoints for the services. In addition to that it will provide client-side load-balancing.

Benny
  • 1,435
  • 1
  • 15
  • 33
  • That will work for the zuul endpoints but the `oauth2.*` properties still need to point to a physical URL. – Dave Syer Jan 26 '16 at 13:57
  • Would you need oauth2 properties in a Zuul-API Gateway? – Benny Jan 26 '16 at 14:23
  • If it need to authenticate via OAuth2, obviously. Otherwise not, generally speaking. – Dave Syer Jan 26 '16 at 16:11
  • Yeah quite generally. I mean if you get a token by any provider (eg your own OAuth2 Server behind Zuul) you will use that to authenticate against the backend services. So you would not need to do any authentication in Zuul. Am I missing something here? – Benny Jan 27 '16 at 07:58
  • I don't think so. The architecture (topology) is flexible. I find it useful to put authentication at the edge (i.e. Zuul) but I'm sure you can design systems that don't. – Dave Syer Jan 27 '16 at 09:25