Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth2 Gateways are not passing permissions correctly to microservices. #26707

Closed
1 task
mshima opened this issue Jul 12, 2024 · 0 comments · Fixed by #26717
Closed
1 task

OAuth2 Gateways are not passing permissions correctly to microservices. #26707

mshima opened this issue Jul 12, 2024 · 0 comments · Fixed by #26717

Comments

@mshima
Copy link
Member

mshima commented Jul 12, 2024

Overview of the issue

RelayToken filter is passing not translated permissions to microservices:

Sending JwtAuthenticationToken [Principal=org.springframework.security.oauth2.jwt.Jwt@3a4d5e1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=172.18.0.5, SessionId=null], Granted Authorities=[SCOPE_openid, SCOPE_email, SCOPE_profile, SCOPE_offline_access]] to access denied handler since access is denied 
Reproduce the error

Generate a gateway and a microservice with OAuth2 authentication.

jhipster jdl stack.jdl --workspaces --monorepository
npm run java:docker # or java:docker:arm64
npm run docker-compose

Try to load microservices api documentation.

Related issues

Regression from #26205

Suggest a Fix
JHipster Version(s)
JHipster configuration
JDL definitions
     /* imperative, maven */
application {
  config {
    applicationType gateway
    authenticationType oauth2
    baseName gateway
    buildTool maven
    clientFramework angular
    creationTimestamp 1617901618886
    jhiPrefix custom
    jwtSecretKey "ZjY4MTM4YjI5YzMwZjhjYjI2OTNkNTRjMWQ5Y2Q0Y2YwOWNmZTE2NzRmYzU3NTMwM2NjOTE3MTllOTM3MWRkMzcyYTljMjVmNmQ0Y2MxOTUzODc0MDhhMTlkMDIxMzI2YzQzZDM2ZDE3MmQ3NjVkODk3OTVmYzljYTQyZDNmMTQ="
    packageName com.okta.developer.gateway
    serviceDiscoveryType consul
    testFrameworks [cypress]
  }
  entities *
}

/* reactive, maven */
application {
config {
applicationType microservice
authenticationType oauth2
baseName blog
buildTool maven
creationTimestamp 1617901618887
jwtSecretKey "ZjY4MTM4YjI5YzMwZjhjYjI2OTNkNTRjMWQ5Y2Q0Y2YwOWNmZTE2NzRmYzU3NTMwM2NjOTE3MTllOTM3MWRkMzcyYTljMjVmNmQ0Y2MxOTUzODc0MDhhMTlkMDIxMzI2YzQzZDM2ZDE3MmQ3NjVkODk3OTVmYzljYTQyZDNmMTQ="
packageName com.okta.developer.blog
serverPort 8081
serviceDiscoveryType consul
}
entities Blog, Post, Tag
}

@ChangelogDate(20210408164809)
entity UserData {
address String
}

@ChangelogDate(20210408164810)
entity Blog {
name String required minlength(3)
handle String required minlength(2)
}

@ChangelogDate(20210408164811)
entity Post {
title String required
}

@ChangelogDate(20210408164812)
entity Tag {
name String required minlength(2)
}

relationship OneToOne {
@Id UserData{user(login)} to User with builtInEntity
}

relationship ManyToOne {
Post{blog(name)} to Blog
}

relationship ManyToMany {
Post{tag(name)} to Tag{post}
}

paginate Post, Tag with infinite-scroll

dto Blog, Post, Tag with mapstruct

microservice Blog, Post, Tag with blog

deployment {
deploymentType docker-compose,
appsFolders [gateway, blog]
dockerRepositoryName "hipsterslabs"
monitoring no
serviceDiscoveryType consul
}

deployment {
deploymentType kubernetes,
appsFolders [gateway, blog]
dockerRepositoryName "hipsterslabs"
monitoring no
serviceDiscoveryType consul
}

Entity configuration(s) entityName.json files generated in the .jhipster directory
Browsers and Operating System
  • Checking this box is mandatory (this is just to show you read everything)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants