Seeking thorough documentation on the spring.cloud.config properties group for client applications

890 views Asked by At

I am attempting to connect to a spring cloud config config server (service) that is hosted in pivotal cloud foundry.

The config service is secured with OAuth2, and I cannot get the client to authenticate with the config server. I continually get a 401 Unauthorized message.

I haven't been able to figure out the right combination of properties in my bootstrap.yml.

Here is my current bootstrap.yml, you can see there are plenty of different configurations I have tried, I've even gone so far as to remove Pivotal Cloud Foundry from the equation and am trying to hit it from my localhost while I work on these security errors.

bootstrap.yml:

#Search for System Property of cloud config server, otherwise use localhost 

config server.
spring:
  cloud:
    config:
      enabled: true
      #uri: ${vcap.services.config-server.credentials.uri:http://localhost:8888}
      uri: https://config-fa3bfbbf-546c-a2c0-b07a-136da18a4fa1.host.domain.com
      authorization: ${security.oauth2.client}
      #username: ${vcap.services.config-server.credentials.client_id}
      #password: ${vcap.services.config-server.credentials.client_secret}
      name: app    
      #token: ${security.oauth2.client.token-name}
security:
  basic:
    enabled: false
  oauth2:
    client:
      #id: ${vcap.services.config-server.credentials.client_id}
      #client-secret: ${vcap.services.config-server.credentials.client_secret}
      #access-token-uri: ${vcap.services.config-server.credentials.access_token_uri}
      id: p-config-server-9281df10-bc67-49a2-863b-48844a1ce724
      client-secret: UIcc1m6lvvHK
      access-token-uri: https://p-spring-cloud-services.uaa.domain.host.com/oauth/token 
      token-name: config-server-token   

Any insight, tips, or pointers are appreciated.

I will continue to post follow-up to this question if I am able to make any progress to solving this 401 error.

Rather un-descriptive error message for what it's worth:

GET request for "https://config-fa3bfbbf-546c-a2c0-b07a-136da18a4fa1.host.domain.com/app/dev" resulted in 401 (Unauthorized); invoking error handler 
Could not locate PropertySource: 401 Unauthorized 
1

There are 1 answers

0
Bwvolleyball On BEST ANSWER

Turns out I was over-complicating the issue. I was missing a dependency in my pom, and it required a simplified bootstrap.yml.

final bootstrap.yml:

spring:
  profiles: cloud
  application:
    name: app

This ensures it's only used when running on the cloud (PCF supplies the 'cloud' profile), and the application name provided ONLY in bootstrap.yml is used when asking the config server for properties files (See this document: https://cloud.spring.io/spring-cloud-config/spring-cloud-config.html)

And in my pom.xml I added these dependencies:

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-config</artifactId>
    <version>1.2.2.RELEASE</version>
</dependency>
<dependency>
    <groupId>io.pivotal.spring.cloud</groupId>
    <artifactId>spring-cloud-services-starter-config-client</artifactId>
    <version>1.3.1.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
</dependency>

I'm still not sure if the oauth2 dependency was required, but at the moment I haven't tried this without it.

What this does by not providing any additional configurations to the spring.cloud.config properties group is allows the spring-cloud-services-starter-config to grab any properties it needs in vcap.services and bind the application to the config server and fill in all properties needed to access said config server.