Spring Boot Admin Eureka Authentication - spring-cloud

I am using Eureka discovery, Spring Boot Admin (1.5.4) and several services. Each service has enabled basic auth to actuator endpoints:
security.user.name=admin
security.user.password=admin
management.security.enabled=true
SBA fetches info about services from eureka and because of secured endpoints I have configured eureka's metadata map like this:
eureka.instance.metadata-map.user.name=${security.user.name}
eureka.instance.metadata-map.user.password=${security.user.password}
but still getting 401 Unauthorized:
o.s.b.a.e.m.MvcEndpointSecurityInterceptor - Full authentication is required to access actuator endpoints. Consider adding Spring Security or set 'management.security.enabled' to false.
What am I missing? If I turn management.security.enabled off it works.

Related

Kubernetes + Spring admin UI + Eureka not working

Using Spring Admin + Eureka to monitor all micro-service and deploy it in Kubernetes;
Spring Admin UI and discover all micro-service instances, but can't check detail of each instance, check detail network, we can see the
service health check has show 502 error:
http://[admin server real ip]/instances/3f5afb61f59b/actuator/health >> 502 bad getway
Check Eureka register, I found all eureka client was resisted with Kubernetes virtual ip;
I already resolve it, but change the dependency from spring-boot-admin to spring-cloud-admin

spring zuul + eureka route delegation

Im working with Spring Cloud Zuul + Eureka Server. i know that Zuul will create routes dynamically when there is a service registered on Eureka and it will be route using their Service ID. Is it possible to delegate routes to group services ?
for example i have 2 services that i want to group:
server.port=8081
spring.application.name=company-account-api
server.port=8082
spring.application.name=company-transaction-api
eureka config
spring.application.name=api-discovery
spring.cloud.config.uri=${CONFIG_SERVER_URL:http://localhost:8888}
on Zuul is it possible define a route where i can access the 2 services registered on eureka ?
server.port=9090
spring.application.name=api-gateway
eureka.instance.preferIpAddress=true
eureka.client.registerWithEureka=true
eureka.client.fetchRegistry=true
eureka.serviceurl.defaultzone=http://localhost:8761/eureka
zuul.routes.company-api=/company-**
so when i access http://localhost:9090/company-api/company-account-api & http://localhost:9090/company-api/company-transaction-api the service registered on eureka will be available
You can achieve this with the following config
zuul.ignored-services=*
zuul.routes.company-account-api.serviceId=company-account-api
zuul.routes.company-account-api.path=/company-api/company-account-api/**
zuul.routes.company-transaction-api.serviceId=company-transaction-api
zuul.routes.company-transaction-api.path=/company-api/company-transaction-api/**
Explanation:
zuul.ignored-services=* This will supress the default config
zuul.routes.company-account-api.serviceId=company-account-api
zuul.routes.company-account-api.path=/company-api/company-account-api/**
What is exposed to public is /company-api/company-account-api/** which will be internally mapped to company-account-api service.
If you are not using service discovery then you can do it using url instead of service name
zuul.routes.company-account-api.url=http://accountapihost:accountapiport
zuul.routes.company-account-api.path=/company-api/company-account-api/**

Securing a Spring Boot REST service using Oauth2 and Keycloak

I've successfully been able to secure a Spring Boot REST service using the keycloak Spring Boot adaptors and a Keycloak identity provider. However we now wish to attempt the same thing thing without using Keycloak adaptors but using Oauth2 directly. This is so that we can potentially connect to any identity provider in the future. I've tried various approaches but so far have had no success.
Has anybody been able to secure a Spring Boot REST service using the KeyCloak identity provider with Oauth2 rather than the Keycloak Spring Boot adapters?

How to register spring boot admin client to spring boot admin client through eureka?

I already started a stand alone eureka service and a #EnableDiscoveryClient annotated spring boot admin server. And the admin server was already registered in the eureka successfully. Now question is how to register a spring boot application to the admin server through eureka?
PS: without eureka, we need to add config: spring.boot.admin.url=http://localhost:8080 in the admin client to register the client to the admin server.
If your client apps are regular eureka apps they should show up in the admin server.
There is also a short section on this in the docs: http://codecentric.github.io/spring-boot-admin/1.4.3/#discover-clients-via-spring-cloud-discovery

Do request to Eureka client using server

I hava eureka server at eureka-server.com host and application with appId facade registered at server. Facade application has /users endpoint. Can I call /users endpoint through Eureka server something like this eureka-server.com/facade/users ?
No, Eureka can't proxy your calls through it, it's pure service discovery. But you can add a separate Zuul service with reverse proxy filtering which uses Eureka client to discover routes. Spring Cloud Netflix Zuul component has this out of the box.