zuul : Bearer authentication not accepted

Question

I have an application trying to call a RESTApi under a Zuul proxy.

The application have a valid jwt token given by the OAuth2 server. I had the token in a bearer authorization in the header but I have an 401 ("Full authentication is required to access this resource") response from the zuul server.

My zuul configuration :

eureka:
    client:
        registerWithEureka: true
        fetchRegistry: true
        serviceUrl:
            defaultZone: http://localhost:8761/eureka/
    instance:
        leaseRenewalIntervalInSeconds: 10
        statusPageUrlPath: ${management.context_path}/info
        healthCheckUrlPath: ${management.context_path}/health

server:
    port: 80
management:
    port: 81
    context_path: /admin

security:
    sessions: stateless
      # Disable Spring Boot basic authentication
    basic:
        enabled: false

endpoints:
    restart:
        enabled: true
    shutdown:
        enabled: true
    health:
        sensitive: false

# The OAuth2 server definition that would be used to send the authorization requests to
authserver:
    hostname: localhost
    port: 9000
    contextPath: uaa

spring:
    oauth2:
        resource:
            userInfoUri: http://${authserver.hostname}:${authserver.port}/${authserver.contextPath}/user
            jwt.key-uri: http://${authserver.hostname}:${authserver.port}/${authserver.contextPath}/oauth/token_key
            preferTokenInfo: false

    output:
        ansi:
            enabled: ALWAYS

The main zuul file :

@SpringBootApplication
@EnableZuulProxy
@EnableResourceServer
public class ZuulApplication {

    public static void main(String[] args) {
        new SpringApplicationBuilder(ZuulApplication.class).web(true).run(args);
    }
}

The zuul security configuration file :

@Configuration
public class WebSecurityConfiguration extends ResourceServerConfigurerAdapter  {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .exceptionHandling()
                .and()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                    .antMatchers("/admin/trace").permitAll()
                    .anyRequest().authenticated()
                ;
    }

}

The call of the restApi:

        final String access_token = (String) httpSession.getAttribute(OAuthComponent.HTTPSESSION_OAUTH_ACCESS_TOKEN);

        final MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
        headers.add("Authorization", "Bearer " + access_token);
        headers.add("Content-Type", "application/json");

        final HttpEntity<Object> request = new HttpEntity<>(searchParams,headers);

        return restOperations.postForObject("http://localhost/ms-arbre-recherche/utilisateur/search", request, Object.class);

I use spring cloud Brixton SR2 and spring boot 1.4.0RC1.

Do you have any example on git to have a look on it? – carlitos081 Dec 23 '16 at 12:40 — carlitos081, Dec 23 '16 at 12:40

score 1 · Answer 1 · answered Mar 09 '18 at 19:27

This is my security config:

@Configuration
@EnableResourceServer
public class JwtSecurityConfig extends ResourceServerConfigurerAdapter{

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/oauth/**").permitAll()
            .antMatchers("/**").hasAuthority("ROLE_API")
            .and()
            .csrf().disable();
    }
}

The major thing that I am doing different is that I am using the OauthRestTemplate.

@Configuration
public class ActivationApiEndpointConfig {

    @Bean
    protected OAuth2ProtectedResourceDetails resource() {

        ClientCredentialsResourceDetails  resource = new ClientCredentialsResourceDetails();



    resource

 .setAccessTokenUri("http://cdpsit04is01.eng.rr.com:8888/oauth/token");

        resource.setClientId("clientid");
        resource.setClientSecret("clientsecret");
        resource.setGrantType("client_credentials");
        resource.setScope(Arrays.asList("write", "read"));
        resource.setAuthenticationScheme(AuthenticationScheme.header);

        return resource;
    }

    @Bean
    public OAuth2RestOperations applicationApiTemplate() {
        AccessTokenRequest atr = new DefaultAccessTokenRequest();

        return new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
    }

}

And then

String returnValue = applicationApiTemplate.getForObject(uri.expand(pathVariables).toUri(), String.class);

You also need to make sure that you have this in your pom (or depends):

<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-jwt</artifactId>
</dependency>

zuul : Bearer authentication not accepted

1 Answers1