Spring oauth not working with docker domains
I have my authorization server on ip 172.30.0.2, and a resource server on 172.30.0.3.
Inside the resource server's application.yml, I have:
security:
oauth2:
resource:
userInfoUri: http://172.30.0.2:8080/v1/user
with this configuration it works fine.
But if I use:
http://domain-management-query.domain-management-ms:8080/v1/user
I receive a 400 error. I receive the same error by issuing the command with wget form the command line from the resouceserver container.
How can I use docker domains instead of a prefixed ip?
I'm not using docker-compose for the domain-management-query.domain-management-ms, but this docker run command:
docker run -it --rm -p 8080:8080 --network=jacopetto -v $(pwd):/home/gradle/project --net-alias=domain-management-query.domain-management-ms uniroma1/j8-gradle-ms:1.0 /bin/sh
From the other service I can ping it and resolve it by hostname.
My configuration is from this book: https://github.com/carnellj/spmia-chapter7/ (Authentication-service + organization-service).
resource service:
@Configuration
public class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http.cors().disable().authorizeRequests().anyRequest().authenticated();
}
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}
Authorization Service:
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
// The Authentication-
//ManagerBean is used
//by Spring Security to
//handle authentication.
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/*
The UserDetailsService is used by Spring
Security to handle user information that
will be returned the Spring Security.
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* The configure() method is
* where you’ll define users, their
* passwords, and their roles.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("john.carnell")
.password("{noop}password1")
.roles("USER")
.and()
.withUser("william.woodward")
.password("{noop}password2")
.roles("USER", "ADMIN")
;
}
}
AuthorizationServerConfigurerAdapter:
@Configuration
public class JWTOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
/**
* Which *clients* are going to register to the service.
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("jacopetto")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token",
"password",
"client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}
I've also tried to shorten the hostname to dom-manag-query.d-m but seems not working.
docker spring-boot spring-oauth2
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
add a comment |
I have my authorization server on ip 172.30.0.2, and a resource server on 172.30.0.3.
Inside the resource server's application.yml, I have:
security:
oauth2:
resource:
userInfoUri: http://172.30.0.2:8080/v1/user
with this configuration it works fine.
But if I use:
http://domain-management-query.domain-management-ms:8080/v1/user
I receive a 400 error. I receive the same error by issuing the command with wget form the command line from the resouceserver container.
How can I use docker domains instead of a prefixed ip?
I'm not using docker-compose for the domain-management-query.domain-management-ms, but this docker run command:
docker run -it --rm -p 8080:8080 --network=jacopetto -v $(pwd):/home/gradle/project --net-alias=domain-management-query.domain-management-ms uniroma1/j8-gradle-ms:1.0 /bin/sh
From the other service I can ping it and resolve it by hostname.
My configuration is from this book: https://github.com/carnellj/spmia-chapter7/ (Authentication-service + organization-service).
resource service:
@Configuration
public class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http.cors().disable().authorizeRequests().anyRequest().authenticated();
}
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}
Authorization Service:
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
// The Authentication-
//ManagerBean is used
//by Spring Security to
//handle authentication.
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/*
The UserDetailsService is used by Spring
Security to handle user information that
will be returned the Spring Security.
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* The configure() method is
* where you’ll define users, their
* passwords, and their roles.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("john.carnell")
.password("{noop}password1")
.roles("USER")
.and()
.withUser("william.woodward")
.password("{noop}password2")
.roles("USER", "ADMIN")
;
}
}
AuthorizationServerConfigurerAdapter:
@Configuration
public class JWTOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
/**
* Which *clients* are going to register to the service.
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("jacopetto")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token",
"password",
"client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}
I've also tried to shorten the hostname to dom-manag-query.d-m but seems not working.
docker spring-boot spring-oauth2
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
add a comment |
I have my authorization server on ip 172.30.0.2, and a resource server on 172.30.0.3.
Inside the resource server's application.yml, I have:
security:
oauth2:
resource:
userInfoUri: http://172.30.0.2:8080/v1/user
with this configuration it works fine.
But if I use:
http://domain-management-query.domain-management-ms:8080/v1/user
I receive a 400 error. I receive the same error by issuing the command with wget form the command line from the resouceserver container.
How can I use docker domains instead of a prefixed ip?
I'm not using docker-compose for the domain-management-query.domain-management-ms, but this docker run command:
docker run -it --rm -p 8080:8080 --network=jacopetto -v $(pwd):/home/gradle/project --net-alias=domain-management-query.domain-management-ms uniroma1/j8-gradle-ms:1.0 /bin/sh
From the other service I can ping it and resolve it by hostname.
My configuration is from this book: https://github.com/carnellj/spmia-chapter7/ (Authentication-service + organization-service).
resource service:
@Configuration
public class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http.cors().disable().authorizeRequests().anyRequest().authenticated();
}
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}
Authorization Service:
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
// The Authentication-
//ManagerBean is used
//by Spring Security to
//handle authentication.
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/*
The UserDetailsService is used by Spring
Security to handle user information that
will be returned the Spring Security.
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* The configure() method is
* where you’ll define users, their
* passwords, and their roles.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("john.carnell")
.password("{noop}password1")
.roles("USER")
.and()
.withUser("william.woodward")
.password("{noop}password2")
.roles("USER", "ADMIN")
;
}
}
AuthorizationServerConfigurerAdapter:
@Configuration
public class JWTOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
/**
* Which *clients* are going to register to the service.
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("jacopetto")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token",
"password",
"client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}
I've also tried to shorten the hostname to dom-manag-query.d-m but seems not working.
docker spring-boot spring-oauth2
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
I have my authorization server on ip 172.30.0.2, and a resource server on 172.30.0.3.
Inside the resource server's application.yml, I have:
security:
oauth2:
resource:
userInfoUri: http://172.30.0.2:8080/v1/user
with this configuration it works fine.
But if I use:
http://domain-management-query.domain-management-ms:8080/v1/user
I receive a 400 error. I receive the same error by issuing the command with wget form the command line from the resouceserver container.
How can I use docker domains instead of a prefixed ip?
I'm not using docker-compose for the domain-management-query.domain-management-ms, but this docker run command:
docker run -it --rm -p 8080:8080 --network=jacopetto -v $(pwd):/home/gradle/project --net-alias=domain-management-query.domain-management-ms uniroma1/j8-gradle-ms:1.0 /bin/sh
From the other service I can ping it and resolve it by hostname.
My configuration is from this book: https://github.com/carnellj/spmia-chapter7/ (Authentication-service + organization-service).
resource service:
@Configuration
public class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http.cors().disable().authorizeRequests().anyRequest().authenticated();
}
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}
Authorization Service:
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
// The Authentication-
//ManagerBean is used
//by Spring Security to
//handle authentication.
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/*
The UserDetailsService is used by Spring
Security to handle user information that
will be returned the Spring Security.
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* The configure() method is
* where you’ll define users, their
* passwords, and their roles.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("john.carnell")
.password("{noop}password1")
.roles("USER")
.and()
.withUser("william.woodward")
.password("{noop}password2")
.roles("USER", "ADMIN")
;
}
}
AuthorizationServerConfigurerAdapter:
@Configuration
public class JWTOAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
/**
* Which *clients* are going to register to the service.
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("jacopetto")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token",
"password",
"client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}
I've also tried to shorten the hostname to dom-manag-query.d-m but seems not working.
docker spring-boot spring-oauth2
docker spring-boot spring-oauth2
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
edited Nov 11 at 15:06
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
asked Nov 11 at 13:10
Federico Ponzi
1,22832244
1,22832244
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
As it's is displayed in that project, in docker/common you'll find docker-compose and its environment variables are called like for example:
authservice:
...
customservice:
image: data/customservice
ports:
- "7777:7777"
environment:
PROFILE: "default"
SERVER_PORT: "7777"
AUTHSERVER_URI: "http://authservice:8080/auth/user"
Has to be the same authservice name.
answered Nov 11 at 15:03
Jonathan Johx
858111
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53249063%2fspring-oauth-not-working-with-docker-domains%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As it's is displayed in that project, in docker/common you'll find docker-compose and its environment variables are called like for example:
authservice:
...
customservice:
image: data/customservice
ports:
- "7777:7777"
environment:
PROFILE: "default"
SERVER_PORT: "7777"
AUTHSERVER_URI: "http://authservice:8080/auth/user"
Has to be the same authservice name.
answered Nov 11 at 15:03
Jonathan Johx
858111
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
add a comment |
As it's is displayed in that project, in docker/common you'll find docker-compose and its environment variables are called like for example:
authservice:
...
customservice:
image: data/customservice
ports:
- "7777:7777"
environment:
PROFILE: "default"
SERVER_PORT: "7777"
AUTHSERVER_URI: "http://authservice:8080/auth/user"
Has to be the same authservice name.
answered Nov 11 at 15:03
Jonathan Johx
858111
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
add a comment |
As it's is displayed in that project, in docker/common you'll find docker-compose and its environment variables are called like for example:
authservice:
...
customservice:
image: data/customservice
ports:
- "7777:7777"
environment:
PROFILE: "default"
SERVER_PORT: "7777"
AUTHSERVER_URI: "http://authservice:8080/auth/user"
Has to be the same authservice name.
answered Nov 11 at 15:03
Jonathan Johx
858111
As it's is displayed in that project, in docker/common you'll find docker-compose and its environment variables are called like for example:
authservice:
...
customservice:
image: data/customservice
ports:
- "7777:7777"
environment:
PROFILE: "default"
SERVER_PORT: "7777"
AUTHSERVER_URI: "http://authservice:8080/auth/user"
Has to be the same authservice name.
answered Nov 11 at 15:03
Jonathan Johx
858111
edited Nov 11 at 17:52
answered Nov 11 at 15:03
Jonathan Johx
858111
answered Nov 11 at 15:03
Jonathan Johx
858111
answered Nov 11 at 15:03
Jonathan Johx
858111
858111
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
add a comment |
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
thanks for the answer! I'm aware of that, but should have specified (I've edited the question). I think my problem is somehow related to this: stackoverflow.com/questions/51632753/…
– Federico Ponzi
Nov 11 at 15:08
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
Oh right! You are using it in production with host name so you can create a network stuffs. Let me share this link in order to do that as reference andrewtarry.com/docker_compose
– Jonathan Johx
Nov 11 at 18:01
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53249063%2fspring-oauth-not-working-with-docker-domains%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
