When I run spring cloud config server without spring security the service fetches the config without issue but when I activate Spring security it won't fetch the config files. It seems to throw a 401 http error. I have checked that the username and password is correct, I have also tried the user:password@url way of authenticating with the same issue.
If i access the url http://localhost:8888/service/default directly in browser and enter the username and password the configs are displayed.
Any help will be appreciated, I am not sure if there is an issue with my cloud config or my security config.
Spring Boot version: '2.2.4.RELEASE'
spring-cloud-config-server version: '2.2.1.RELEASE'
Build system: Gradle
Java 8
This config always fails, I tried adding it to existing services I had and it did not work so I created a new config server and a new client via the spring initializer on https://start.spring.io/ with the below config and still does not work.
Log when security is active:
2020-02-19 14:29:16.553 INFO 14996 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://localhost:8888
2020-02-19 14:29:16.577 DEBUG 14996 --- [ main] o.s.web.client.RestTemplate : HTTP GET http://localhost:8888/service/default
2020-02-19 14:29:16.634 DEBUG 14996 --- [ main] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2020-02-19 14:29:16.647 DEBUG 14996 --- [ main] o.s.web.client.RestTemplate : Response 401 UNAUTHORIZED
2020-02-19 14:29:16.652 WARN 14996 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: 401 : [{"timestamp":"2020-02-19T12:29:16.642+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/service/default"}]
Log when Security is disabled/permit all
2020-02-19 12:43:13.756 INFO 4972 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://localhost:8888
2020-02-19 12:43:17.563 INFO 4972 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Located environment: name=service, profiles=[default], label=null, version=fb9ccb6e46098bfe425130d6447a0797206e5c2f, state=null
config server application.yml file
github uri is obscured, connection to the private repo is not the issue.
server:
port: 8888
spring:
application:
name: config-server
security:
user:
name: 'root'
password: '1234'
cloud:
config:
server:
git:
uri: <github-uri>
ignore-local-ssh-settings: false
strict-host-key-checking: false
private-key: 'classpath:resources/id_rsa'
service application.yml file
spring:
application:
name: service
cloud:
config:
uri: http://localhost:8888
username: 'root'
password: '1234'
fail-fast: true
The web security is very basic but below is the security config:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// Secure the endpoints with HTTP Basic authentication
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").fullyAuthenticated();
http.httpBasic().and().exceptionHandling();
}
}
You should use bootstrap.yaml (not application.yaml) for the client app.
It works without security only because your client is using default config, which doesn't have username and password. When you enable security it returns 401 because default username and password are empty.