0

I have a problem about sending any request to the relevant service through api gateway.

I have an issue after adding auth service.

What I really want to do is to send any request to other service after authentication.

I think there can be problem in api gateway but I couldn't solve it?

Before starting to run all services, run zipkin and redis on docker. Here are their commands as shown belowed.

docker run -d -p 9411:9411 openzipkin/zipkin 
docker run -d --name redis -p 6379:6379 redis

Here is the error message shown below.

An expected CSRF token cannot be found (403 Forbidden)

How can I do that?

Here is the link of example : Link

Here is the screenshots : Link

S.N
  • 2,157
  • 3
  • 29
  • 78
  • do other service has same authenticaton too ? after passing api-gateway, same token can be used or you can implement without authentication for those services. – muhammed ozbilici Oct 28 '22 at 20:27
  • I can get token when I send a request to localhost:9090/login but I can send a request without it to other services like payment service, order service and product service. What I really want to do is to send a request to relevant service within authentication. I couldn' t fix the issue in api gateway if the problem is there. – S.N Oct 28 '22 at 20:32
  • do you mean send without token to other services ? then add authentication to other services too. – muhammed ozbilici Oct 28 '22 at 20:42
  • Yeah I can send it without token or with token to other services? I want to do that through token but I couldn't. – S.N Oct 28 '22 at 21:47
  • @muhammedozbilici I get this issue now. Here is the link : https://stackoverflow.com/questions/74304377/spring-cloud-api-gateway-jwt-issue-java-lang-classnotfoundexception-javax-xml-b – S.N Nov 05 '22 at 22:45

2 Answers2

0

see the error imageerrors where do you call other services from? is it your apigateway controller? I didn't see any method to call other services, you need to implement methods to call other services, either using feign or spring api gateway (add the relative dependency). further more, this is from your apigate config, its not complete and you are permitting all requests as well.

    public class SecurityConfig {
    
        @Bean
        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity){
    
            serverHttpSecurity.cors().and().csrf().disable()
                    .authorizeExchange(exchange -> exchange
                            .anyExchange()
                            .permitAll());
            return serverHttpSecurity.build();
        }
    }
Elbashir Saror
  • 302
  • 6
  • I implemented an auth service. How can I do that? Can you tell me how to do that step by step or share some example regarding it if you don't mind? – S.N Oct 29 '22 at 11:14
  • @invzbl3 There is no problem in auth service. I cannot implement the process in api gateway as I don't know how to do that? – S.N Oct 29 '22 at 11:45
  • I think everything is fine in auth service, you register, login, then you get the token. but your problem as I see in your postman is that you are calling external services directly. you either add the security to each service or use Feign client to call the external services only after the user is authenticated. this is very simple. if all your codes work right as you said, then create a pull request in Github add your auth service and I will try to add the Feign Client implementation for you. – Elbashir Saror Oct 29 '22 at 17:44
  • I revised some codes in api gateway. I updated my repository again. I hope you can solve this issue. By the way, I can run zipkin and redis on docker through these command (`docker run -d -p 9411:9411 openzipkin/zipkin docker run -d --name redis -p 6379:6379 redis`) – S.N Oct 29 '22 at 19:09
  • Have you ever looked through it? – S.N Oct 30 '22 at 13:53
  • hi bro I forked your repository and opened it in my local machine, it has too many errors, I edit the answer with the image so you can see. – Elbashir Saror Oct 30 '22 at 18:43
  • Hi, I just updated my repository again as I forgot to add product service. I used Java 11 Version. What kind of error did you get? – S.N Oct 30 '22 at 20:47
  • I also added some screenshots. – S.N Oct 30 '22 at 22:04
  • Have you ever looked through it since its latest update? – S.N Oct 31 '22 at 18:48
  • What I just want to say is to inform that I fixed the issue. However, I cannot handle with the my latest post mentioned about the jwt issue. If you have any idea, can you help me? – S.N Nov 13 '22 at 22:59
0

I couldn't look into your code, cause there are a lot of errors like this one below:

private final UserService userService;

I don't know how it's working for you!!

Declaring final variable without initialization If you declare a final variable later on you cannot modify or, assign values to it. Moreover, like instance variables, final variables will not be initialized with default values.

Therefore, it is mandatory to initialize final variables once you declare them.

Still, if you try to declare final variables without initialization that will generate a compilation error saying "variable variable_name not initialized in the default constructor"

for csrf error try to add this one to your security config.

http.csrf().disable();
Elbashir Saror
  • 302
  • 6
  • All these services are working. I already shared some screenshots to show them. – S.N Oct 31 '22 at 19:31
  • I have no idea why you couldn't run the app. All services are working. Could you tell me what the issue is? – S.N Nov 01 '22 at 22:13
  • I get this issue now. Here is the link : https://stackoverflow.com/questions/74304377/spring-cloud-api-gateway-jwt-issue-java-lang-classnotfoundexception-javax-xml-b – S.N Nov 05 '22 at 22:45
  • Can you look through my another question if you don't mind? Here is the link : https://stackoverflow.com/questions/74586470/spring-boot-microservices-spring-cloud-403-forbidden-among-services-control – S.N Nov 28 '22 at 23:01