jhipster microservices client springcloud config with authorization header to jhipster registry

Question

I am using jhipster 7 with springboot 2.5.4 for microservice applications development (DEV env)

I have setup jhipster registry server running on my localhost port 8761 with docker's help.

I am trying to access jhipster central springcloud config on

http://localhost:8761/config/application/prod/main

from all my microservices and gateway.

However, I got the following 401 warning when starting any of my microservice and gateway:

        ██╗ ██╗   ██╗ ████████╗ ███████╗   ██████╗ ████████╗ ████████╗ ███████╗ 
        ██║ ██║   ██║ ╚══██╔══╝ ██╔═══██╗ ██╔════╝ ╚══██╔══╝ ██╔═════╝ ██╔═══██╗
        ██║ ████████║    ██║    ███████╔╝ ╚█████╗     ██║    ██████╗   ███████╔╝
  ██╗   ██║ ██╔═══██║    ██║    ██╔════╝   ╚═══██╗    ██║    ██╔═══╝   ██╔══██║ 
  ╚██████╔╝ ██║   ██║ ████████╗ ██║       ██████╔╝    ██║    ████████╗ ██║  ╚██╗
   ╚═════╝  ╚═╝   ╚═╝ ╚═══════╝ ╚═╝       ╚═════╝     ╚═╝    ╚═══════╝ ╚═╝   ╚═╝

:: JHipster   :: Running Spring Boot 2.5.4 ::
:: https://www.jhipster.tech ::

2021-11-04 17:54:01.411  WARN 23468 --- [           main] c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: 401 Unauthorized: [{
  "timestamp" : "2021-11-05T00:54:01.400+00:00",
  "status" : 401,
  "error" : "Unauthorized",
  "message" : "",
  "path" : "/config/application/prod/main"
}]
2021-11-04 17:54:01.415  INFO 23468 --- [           main] com.okta.developer.alert.AlertApp        : No active profile set, falling back to default profiles: dev,api-docs
2021-11-04 17:54:02.551 DEBUG 23468 --- [           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.
2021-11-04 17:54:02.552 DEBUG 23468 --- [           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Resilience4j Reactor module is not on the classpath.

This is one of my spring cloud config from application-dev.yml (not the bootstrap.yml as I am not sure if do have to put my configs into bootstrap.yml)

spring:
  devtools:
    restart:
      enabled: true
      additional-exclude: static/**
    livereload:
      enabled: false # we use Webpack dev server + BrowserSync for livereload
  jackson:
    serialization:
      indent-output: true
  cloud:
    config:
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config
      # name of the config server's property source (file.yml) that we want to use
      name: application
      profile: prod
      label: main # toggle to switch to a different version of the configuration as stored in git
      # it can be set to any label, branch or commit of the configuration source Git repository

I am using keycloak as my oauth server, I believe I need to send an authorization header along with the GET request to /config/application/prod/main.

My central config looks like this:

{
  "name" : "application",
  "profiles" : [ "prod" ],
  "label" : "main",
  "version" : null,
  "state" : null,
  "propertySources" : [ {
    "name" : "file:central-config/localhost-config/application.yml",
    "source" : {
      "configserver.name" : "Docker JHipster Registry",
      "configserver.status" : "Connected to the JHipster Registry running in Docker",
      "jhipster.security.authentication.jwt.base64-secret" : "xxxxxxxxxxxxx",
      "eureka.client.service-url.defaultZone" : "http://admin:${jhipster.registry.password}@localhost:8761/eureka/"
    }
  } ]
}

Can someone help on how can I get rid of this 401 error and retrieve the central config successfully?

Answer 1

spent some time to do investigation. The error is caused by the incorrect basic auth proile setup in my gateway and microservices.

I noticed that the config in application-*.yml showing below contains a registry password

jhipster:
  xxxxxxxxx
  registry:
    password: xxxxxxxxxxxxx

and I thought that was good enough for my microservices to retrieve spring cloud config from jhipster registry, but it is actually not. My microservices actually trying to find registry password from bootstrap-*.yml, and it failed to retrieve the correct password as I did not fill it with the appropriate value. So what I did is in bootstrap-*.yml made an update on the registry password

jhipster:
  registry:
    password: <correct_password>

and now the issue resolved

        ██╗ ██╗   ██╗ ████████╗ ███████╗   ██████╗ ████████╗ ████████╗ ███████╗
        ██║ ██║   ██║ ╚══██╔══╝ ██╔═══██╗ ██╔════╝ ╚══██╔══╝ ██╔═════╝ ██╔═══██╗
        ██║ ████████║    ██║    ███████╔╝ ╚█████╗     ██║    ██████╗   ███████╔╝
  ██╗   ██║ ██╔═══██║    ██║    ██╔════╝   ╚═══██╗    ██║    ██╔═══╝   ██╔══██║
  ╚██████╔╝ ██║   ██║ ████████╗ ██║       ██████╔╝    ██║    ████████╗ ██║  ╚██╗
   ╚═════╝  ╚═╝   ╚═╝ ╚═══════╝ ╚═╝       ╚═════╝     ╚═╝    ╚═══════╝ ╚═╝   ╚═╝

:: JHipster   :: Running Spring Boot 2.5.4 ::
:: https://www.jhipster.tech ::

2021-11-08 11:36:28.507  INFO 3872 --- [           main] com.okta.developer.store.StoreApp        : No active profile set, falling back to default profiles: dev,api-docs
2021-11-08 11:36:29.639 DEBUG 3872 --- [           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.
2021-11-08 11:36:29.641 DEBUG 3872 --- [           main] i.g.r.utils.ReactorOnClasspathCondition  : Reactor related Aspect extensions are not activated because Resilience4j Reactor module is not on the classpath.
2021-11-08 11:36:29.656 DEBUG 3872 --- [           main] i.g.r.utils.RxJava2OnClasspathCondition  : RxJava2 related Aspect extensions are not activated, because RxJava2 is not on the classpath.

@Gaël Marziou, you are correct that I only setup the basic auth instead of oauth, and it is good enough for me to retrieve the config as of this fix: commit 452728a