• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Spring Boot Microservices - API Gateway Security JWT Bearer Token

 
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a problem about sending any request to the relevant service without the usage of bearer token.

After I registered, user information is created in user table. When I login, bearer token and refresh token as well as other information information is shown in the postman.

I can send a request without the usage of bearer token
.
What I really want to do is to send any request to other service after authentication.

I get this issue "An expected CSRF token cannot be found (403 Forbidden)" when I send a request through the port number of api gateway.

I think there can be problem in api gateway but I couldn't solve it?

How can I do that?
Here is  my repository : Link
 
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A CSRF token is a token that is generated by a website when you make a request, which you have to supply back to the website when you make the next request. That way, the website knows that your second request is part of a conversation you are having with it, and not just a stray request that a potential attacker fooled you into sending.

I'm not sure that it's common for an API to use CSRF tokens. Does the API use cookies to keep your client authenticated? If yes, that might explain the use of CSRF tokens.
 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I already knew what csrf token is.

My issue is that I cannot connect auth service to api gateway after adding auth service. Without auth service, All requests from any service are working properly.

I think there is a problem in api gateway. I also added security filter and jwt filter in api gateway but it didn't work.

How can I fix it?
 
Stephan van Hulst
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also posted at: https://www.reddit.com/r/SpringBoot/comments/yhtptp/spring_boot_microservices_issue_send_any_request/

Please BeForthrightWhenCrossPostingToOtherSites.

What exactly do you mean by "auth service"? Do you mean a microservice that authenticates and authorizes your users, that you have hooked up to the API gateway? Or do you mean a piece of middleware that you set up inside of the API gateway?

It appears to me as if you enabled a middleware feature that requires all your requests to include a CSRF token. I'm not certain though. It would be really helpful if you gave us a bird's eye overview of the various services you have hooked up to your API gateway, and how your gateway routes requests around.
 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a problem about sending any request to a defined service through api gateway with the usage of bearer token coming from login.

After login, I tried to send a request to a defined service but I got this issue in JWTAuthenticationFilter of api gateway shown below.

Here is the link : https://stackoverflow.com/questions/74304377/spring-cloud-api-gateway-jwt-issue-java-lang-classnotfoundexception-javax-xml-b
 
Stephan van Hulst
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your JAXB API version doesn't match the version needed by JJWT.

I can see you're not using the latest version of JJWT. Why not?
 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Even if I defined jaxb-api version 2.3.1 in pom.xml of api gateway, it didn't help me fix my issue.

 
Stephan van Hulst
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I didn't say that it would. I said that the version doesn't match. That might have different reasons, such as what application container your application is running in.

You didn't answer any of my questions in my last two posts though.
 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which version do I use for jwt in api gateway?

Here is the link : Link
 
Stephan van Hulst
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:I can see you're not using the latest version of JJWT. Why not?


The latest version is 0.11.5.

Also remove the JAX-B API from your POM, it might conflict with your application container.
 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I also used it shown below but nothing changed.


 
Kevin Rapter
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After I added this dependency in the pom.xml of api gateway shown below, I get this issue. How can I fix it? I updated my repository again.


Here is the issue
 
reply
    Bookmark Topic Watch Topic
  • New Topic