Not able to access the APIs statelessly by passing JWT

[sreeraj-ramesh]

guys, I have generated a microservice application using jhipster 6.1 with keycloak. Am able to access the application via the user interface jhipster generates for the gateway. However my requirement is to use the generated application as a backend only, accessed via APIs in a stateless fashion. Am Not able to access the APIs statelessly by passing JWT. Error received is "timestamp": "2019-05-31T12:28:43.003+0000",
"status": 500,
"error": "Internal Server Error",
"message": "pre:AuthorizationHeaderFilter",
"trace": "com.netflix.zuul.exception.ZuulException: Filter threw Exception at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:227) at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157) at com.netflix.zuul.FilterProcessor.preRoute(FilterProcessor.java:133) at com.netflix.zuul.ZuulRunner.preRoute(ZuulRunner.java:105) at com.netflix.zuul.http.ZuulServlet.preRoute(ZuulServlet.java:125) at com.netflix.zuul.http.ZuulServlet.service(ZuulServlet.java:74) at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:165) at org.springframework.cloud.netflix.zuul.web.ZuulController.handleRequest(ZuulController.java:45) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:52) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:98) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:206) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117) at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.SessionRestoringHandler.handleRequest(SessionRestoringHandler.java:119) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassCastException: org.springframework.security.authentication.AnonymousAuthenticationToken cannot be cast to org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken at com.at.gateway.security.oauth2.AuthorizationHeaderUtil.getAuthorizationHeader(AuthorizationHeaderUtil.java:26) at com.at.gateway.security.oauth2.AuthorizationHeaderFilter.run(AuthorizationHeaderFilter.java:38) at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:117) at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:193) ... 123 more "

[jdubois]

• Please, don't call us "guys", we try to be gender-neutral here
• I'm guessing you use JHipster 6.0.1 because 6.1 doesn't exist yet -> please follow our guidelines and give us your jhipster info so we know what version and configuration you use
• It's hard to tell with so little information, but we don't support stateless authent with Keycloak, as it's less secured. This can change in the future, but if that's your looking for we don't do it out-of-the-box

[vishal423]

I think we do support, however, with the provided information, it's difficult to tell what's wrong. Can you list down steps to reproduce with API signature and headers you tried to consume?

[sreeraj-ramesh]

Thanks for the quick reply. Yes, using version 6.01.
Steps:

1. Retrieve JWT from keycloak using Post request to Keycloak server
2. Using the above JWT as Authorization Header, make call to the API through Gateway

Request:
GET - http://localhost:8080/services/blog/api/blogs
Header
Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIyWHlLYk9ua2xlV3RBRE1yNVktcXhXVnFpc29iUVByZ.....

Response Received
Response header
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Date: Fri, 31 May 2019 12:45:31 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8

Error: (as posted before)
{
"timestamp": "2019-05-31T12:45:31.150+0000",
"status": 500,
"error": "Internal Server Error",
"message": "pre:AuthorizationHeaderFilter",
"trace": "com.netflix.zuul.exception.ZuulException: Filter threw Exception at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:227) at com.netflix.zuul.FilterProcessor.runFilters(FilterProcessor.java:157) at com.netflix.zuul.FilterProcessor.preRoute(FilterProcessor.java:133) at com.netflix.zuul.ZuulRunner.preRoute(ZuulRunner.java:105) at com.netflix.zuul.http.ZuulServlet.preRoute(ZuulServlet.java:125) at com.netflix.zuul.http.ZuulServlet.service(ZuulServlet.java:74) at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:165) at

[pascalgrimaud]

@sreerajr137 : still waiting information. Just use jhipster info inside each of your gateway and microservices

[sreeraj-ramesh]

Please find the Jhipster Info for gateway and microservice as follows.

Gateway:

INFO! Using JHipster version installed locally in current project's node_modules
INFO! Executing jhipster:info
INFO! Options: from-cli: true
Welcome to the JHipster Information Sub-Generator

JHipster Version(s)

gateway@0.0.0 /home/ahis/Documents/Code/portal1/gateway
`-- (empty)

JHipster configuration, a .yo-rc.json file generated in the root folder

.yo-rc.json file

{
  "generator-jhipster": {
    "databaseType": "sql",
    "devDatabaseType": "mysql",
    "enableHibernateCache": true,
    "enableSwaggerCodegen": false,
    "enableTranslation": true,
    "jhiPrefix": "jhi",
    "languages": ["en", "fr"],
    "messageBroker": false,
    "nativeLanguage": "en",
    "packageName": "com.okta.developer.gateway",
    "packageFolder": "com/okta/developer/gateway",
    "prodDatabaseType": "mysql",
    "searchEngine": false,
    "serviceDiscoveryType": "eureka",
    "skipClient": false,
    "skipServer": false,
    "testFrameworks": ["protractor"],
    "websocket": false,
    "baseName": "gateway",
    "applicationType": "gateway",
    "authenticationType": "oauth2",
    "jhipsterVersion": "6.0.1",
    "buildTool": "maven",
    "skipUserManagement": true,
    "clientPackageManager": "npm",
    "cacheProvider": "ehcache",
    "serverPort": "8080",
    "clientFramework": "angularX",
    "useSass": true,
    "clientTheme": "none",
    "entitySuffix": "",
    "dtoSuffix": "DTO",
    "otherModules": []
  },
  "entities": ["Blog", "Post", "Tag", "Product"]
}

JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory

JDL entity definitions

entity Blog {
  name String required minlength(3),
  handle String required minlength(2)
}
entity Post {
  title String required,
  content TextBlob required,
  date Instant required
}
entity Tag {
  name String required minlength(2)
}
entity Product {
  title String required,
  price BigDecimal required min(0),
  image ImageBlob
}
relationship ManyToOne {
  Blog{user(login)} to User,
  Post{blog(name)} to Blog
}
relationship ManyToMany {
  Post{tag(name)} to Tag{post}
}

microservice Blog, Post, Tag with blog
microservice Product with store
paginate Post, Tag with infinite-scroll
paginate Product with pagination

Environment and Tools

java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

git version 2.17.1

node: v10.15.0

npm: 6.9.0

yeoman: 2.0.6

yarn: 1.15.2

Docker version 18.09.2, build 6247962

docker-compose version 1.17.1, build unknown

INFO! Congratulations, JHipster execution is complete!

Microservice:

INFO! Using JHipster version installed locally in current project's node_modules
INFO! Executing jhipster:info
INFO! Options: from-cli: true
Welcome to the JHipster Information Sub-Generator

JHipster Version(s)

blog@0.0.0 /home/ahis/Documents/Code/portal1/blog
`-- generator-jhipster@6.0.1 

JHipster configuration, a .yo-rc.json file generated in the root folder

.yo-rc.json file

{
  "generator-jhipster": {
    "databaseType": "sql",
    "devDatabaseType": "mysql",
    "enableHibernateCache": true,
    "enableSwaggerCodegen": false,
    "enableTranslation": true,
    "jhiPrefix": "jhi",
    "languages": [
      "en",
      "fr"
    ],
    "messageBroker": false,
    "nativeLanguage": "en",
    "packageName": "com.okta.developer.blog",
    "packageFolder": "com/okta/developer/blog",
    "prodDatabaseType": "mysql",
    "searchEngine": false,
    "serviceDiscoveryType": "eureka",
    "skipClient": true,
    "testFrameworks": [],
    "websocket": false,
    "baseName": "blog",
    "applicationType": "microservice",
    "authenticationType": "oauth2",
    "serverPort": "8081",
    "jhipsterVersion": "6.0.1",
    "buildTool": "maven",
    "skipUserManagement": true,
    "clientPackageManager": "npm",
    "cacheProvider": "hazelcast",
    "entitySuffix": "",
    "dtoSuffix": "DTO",
    "otherModules": []
  },
  "entities": [
    "Blog",
    "Post",
    "Tag"
  ]
}

JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory

JDL entity definitions

entity Blog {
  name String required minlength(3),
  handle String required minlength(2)
}
entity Post {
  title String required,
  content TextBlob required,
  date Instant required
}
entity Tag {
  name String required minlength(2)
}
relationship ManyToOne {
  Blog{user(login)} to User,
  Post{blog(name)} to Blog
}
relationship ManyToMany {
  Post{tag(name)} to Tag{post}
}

microservice Blog, Post, Tag with blog
paginate Post, Tag with infinite-scroll

Environment and Tools

java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)

git version 2.17.1

node: v10.15.0

npm: 6.9.0

yeoman: 2.0.6

yarn: 1.15.2

Docker version 18.09.2, build 6247962

docker-compose version 1.17.1, build unknown

[pascalgrimaud]

I did a quick tests with your configuration, and everything works as expected.
After reading closely your ticket, I remember this one: #9120
There was a long discussion about it. I'm closing this as it's a duplicated, you can comment the old one to discuss / propose solution.

[vishal423]

fyi, this should be fixed by #9905 and #9872