We recently migrated our application to Spring Boot 2.7.6 as part of this migration we also upgraded Spring Cloud Service Dependencies version to 3.5.0 (BOM)
implementation platform('io.pivotal.spring.cloud:spring-cloud-services-dependencies:3.5.0')
After this upgrade, we are seeing the below error when trying to communicate with the Config Server,
c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: 401 Unauthorized: [no body]
When analyzing the code of io.pivotal.spring.cloud.config.client.ConfigClientOAuth2BootstrapRegistryInitializer the initialize(BootstrapRegistry registry) method below is constructing the RestTemplate with the OAuth2AuthorizedClientHttpRequestInterceptor but the RestTemplate is not assigned to the org.springframework.cloud.config.client.ConfigServicePropertySourceLocator instance.
@Override
public void initialize(BootstrapRegistry registry) {
if (!CONFIG_CLIENT_IS_PRESENT || !OAUTH2_CLIENT_IS_PRESENT || !JAVA_CFENV_IS_PRESENT)
return;
CfEnv cfEnv = new CfEnv();
List<CfService> configServices = cfEnv.findServicesByTag("configuration");
if (configServices.size() != 1)
return;
CfCredentials credentials = configServices.stream().findFirst().get().getCredentials();
registry.register(RestTemplate.class, context -> {
String clientId = credentials.getString("client_id");
String clientSecret = credentials.getString("client_secret");
String accessTokenUri = credentials.getString("access_token_uri");
RestTemplate restTemplate = new RestTemplate();
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("config-client")
.clientId(clientId).clientSecret(clientSecret).tokenUri(accessTokenUri)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build();
restTemplate.getInterceptors().add(new OAuth2AuthorizedClientHttpRequestInterceptor(clientRegistration));
return restTemplate;
});
}
We feel this missing interceptor is causing the above mentioned 401 Unauthorized error.
However, If we downgrade the Spring Cloud Service Dependencies version to 3.2.0.RELEASE (BOM)
implementation platform('io.pivotal.spring.cloud:spring-cloud-services-dependencies:3.2.0.RELEASE')
The communication to the config server happens without any issues.
Here, when analyzing the code of io.pivotal.spring.cloud.config.client.ConfigClientOAuth2BootstrapConfiguration we see the below code in the init() method.
@PostConstruct
public void init() {
RestTemplate restTemplate = new RestTemplate();
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("config-client")
.clientId(configClientOAuth2Properties.getClientId())
.clientSecret(configClientOAuth2Properties.getClientSecret())
.tokenUri(configClientOAuth2Properties.getAccessTokenUri())
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build();
restTemplate.getInterceptors().add(new OAuth2AuthorizedClientHttpRequestInterceptor(clientRegistration));
locator.setRestTemplate(restTemplate);
}
The locator instance private final ConfigServicePropertySourceLocator locator; is assigned with the RestTemplate that includes the OAuth2AuthorizedClientHttpRequestInterceptor.
We are not sure, how to go about using the Spring Cloud Service Dependencies version 3.5.0 and communicate with the Config Server without facing the 401 - Unauthorized Error, please clarify.
