cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JWT not recognized by xsuaa-spring-boot-starter

Go to solution
gregorw
SAP Mentor
SAP Mentor

on ‎2020 Mar 07 1:30 PM

0 Kudos
1,096

Hello SAP CAP Java Experts,

in my sample project epmbp-consumer-app-java I've added the dependency cloud-security-xsuaa-integration for spring:

			<groupId>com.sap.cloud.security.xsuaa</groupId>
			<artifactId>xsuaa-spring-boot-starter</artifactId>

as a dependency in the srv/pom.xml. I thought by doing so I should achieve that my service will accept the JWT from the approuter. But when deploying to my SAP CP Cloud Foundry Trial account and accessing the endpoints via the approuter I'm redirected to a path /login.

Looking forward for your help.

Best reards
Gregor

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

marcelmerkle
Product and Topic Expert
Product and Topic Expert
‎2020 Mar 09 4:01 PM

Just to have the solution for this problem here: Two dependencies were missing:

<dependency>
	<groupId>com.sap.cds</groupId>
	<artifactId>cds-feature-xsuaa</artifactId>
</dependency>

<dependency>
	<groupId>com.sap.cds</groupId>
	<artifactId>cds-feature-cloudfoundry</artifactId>
</dependency>
Show replies
Show replies

Answers (4)

Answers (4)

marcelmerkle
Product and Topic Expert
Product and Topic Expert
‎2020 Mar 09 1:05 PM
0 Kudos

Hi Gregor,

can you see in the backend logs if the request reaches the backend?

I'm trying to figure out if this is an approuter or CAP Java Problem.

Best regards,
Marcel

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 09 1:15 PM
0 Kudos

As you see from the screenshot I do a request via the approuter that is causing a redirect to /login:

marcelmerkle
Product and Topic Expert
Product and Topic Expert
‎2020 Mar 09 1:30 PM
0 Kudos

I meant the logs you retrieve through "cf logs <app-name> --recent"

gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 09 2:03 PM
0 Kudos

Hope that helps:

   2020-03-09T15:00:09.41+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:09.414  INFO 6 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
   2020-03-09T15:00:09.42+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:09.426  INFO 6 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
   2020-03-09T15:00:09.42+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:09.426  INFO 6 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.30]
   2020-03-09T15:00:09.54+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:09.547  INFO 6 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
   2020-03-09T15:00:09.54+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:09.547  INFO 6 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 3804 ms
   2020-03-09T15:00:10.12+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.122  INFO 6 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
   2020-03-09T15:00:10.31+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.318  INFO 6 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
   2020-03-09T15:00:10.42+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.424  INFO 6 --- [           main] com.sap.cds.feature.FeatureLoader        : Loaded feature 'Default CDS Model Provider Factory'
   2020-03-09T15:00:10.51+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.513  INFO 6 --- [           main] c.s.c.services.impl.ServiceCatalogImpl   : Registered service CatalogService
   2020-03-09T15:00:10.52+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.525  INFO 6 --- [           main] c.s.c.services.impl.ServiceCatalogImpl   : Registered service PersistenceService$Default
   2020-03-09T15:00:10.52+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.528  INFO 6 --- [           main] c.s.c.services.impl.ServiceCatalogImpl   : Registered service AuthorizationService$Default
   2020-03-09T15:00:10.53+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.531  INFO 6 --- [           main] c.s.c.services.impl.ServiceCatalogImpl   : Registered service MessagingService$Default
   2020-03-09T15:00:10.53+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.534  INFO 6 --- [           main] c.s.c.s.impl.runtime.CdsRuntimeImpl      : Created service catalog containing 4 services
   2020-03-09T15:00:10.62+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.625  INFO 6 --- [           main] c.s.c.f.s.c.adapter.AdapterBeanFactory   : Servlet CdsODataV4Servlet mapped to /odata/v4
   2020-03-09T15:00:10.63+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:10.631  INFO 6 --- [           main] c.s.c.f.s.c.adapter.AdapterBeanFactory   : Servlet ODataIndexServlet mapped to /
   2020-03-09T15:00:11.62+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:11.621  INFO 6 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
   2020-03-09T15:00:12.01+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:12.013  INFO 6 --- [           main] c.s.c.s.x.a.XsuaaAutoConfiguration       : auto-configures RestOperations for xsuaa requests)
   2020-03-09T15:00:12.31+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:12.311  INFO 6 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 
   2020-03-09T15:00:12.31+0100 [APP/PROC/WEB/0] OUT Using generated security password: 0c79613e-1864-42f1-a6e0-738104777a37
   2020-03-09T15:00:12.54+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:12.541  INFO 6 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@67dc6b48, org.springframework.security.web.context.SecurityContextPersistenceFilter@59371066, org.springframework.security.web.header.HeaderWriterFilter@63e70bf9, org.springframework.security.web.csrf.CsrfFilter@580ffea, org.springframework.security.web.authentication.logout.LogoutFilter@42f9873e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@20a47036, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@51a719e7, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@57f2e67, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@6f240187, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3c544c9, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@175ac243, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4571cebe, org.springframework.security.web.session.SessionManagementFilter@419f0ea, org.springframework.security.web.access.ExceptionTranslationFilter@10f20d38, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1958c0d9]
   2020-03-09T15:00:12.71+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:12.718  INFO 6 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
   2020-03-09T15:00:12.72+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:00:12.721  INFO 6 --- [           main] org.test.Application                     : Started Application in 8.302 seconds (JVM running for 9.368)
   2020-03-09T15:00:13.93+0100 [CELL/0] OUT Container became healthy
   2020-03-09T15:02:02.15+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:02:02.151  INFO 6 --- [nio-8080-exec-6] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
   2020-03-09T15:02:02.15+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:02:02.152  INFO 6 --- [nio-8080-exec-6] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
   2020-03-09T15:02:02.20+0100 [APP/PROC/WEB/0] OUT 2020-03-09 14:02:02.208  INFO 6 --- [nio-8080-exec-6] o.s.web.servlet.DispatcherServlet        : Completed initialization in 56 ms
   2020-03-09T15:02:02.31+0100 [RTR/1] OUT s0001142741trial-s0001142741trial-dev-test-srv.cfapps.eu10.hana.ondemand.com - [2020-03-09T14:02:02.108204796Z] "GET /app/odata/v4/CatalogService/Books HTTP/1.1" 302 0 0 "https://s0001142741trial-s0001142741trial-dev-test-app.cfapps.eu10.hana.ondemand.com/app/index.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" "-" "10.32.1.6:61003" x_forwarded_for:"-" x_forwarded_proto:"https" vcap_request_id:"75f39e84-0e60-4406-74db-d5aa3ce330a3" response_time:0.210239 gorouter_time:0.000223 app_id:"e2221d71-345a-44a2-b8b4-65cbc9057f0d" app_index:"0" x_correlationid:"be144b34-9c05-4edd-59d3-bcc991e0cfcd" tenantid:"-" x_scp_request_id:"df66d132-021c-407d-be93-4f3651c5ccbf-5E664C5A-2D2B86A" x_b3_traceid:"75a76c3e341cabf3" x_b3_spanid:"75a76c3e341cabf3" x_b3_parentspanid:"-" b3:"75a76c3e341cabf3-75a76c3e341cabf3"
   2020-03-09T15:02:02.31+0100 [RTR/1] OUT
marcelmerkle
Product and Topic Expert
Product and Topic Expert
‎2020 Mar 09 10:40 AM
0 Kudos

Hi Gregor,

maybe the URLs from the index.html page are pointing directly to the backends and not to the approuter. Could you paste one of them here?

Could you also try to enter an approuter URL to one of the backends directly in the browser?

Best regards,

Marcel

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 09 12:30 PM
0 Kudos

Hi Marcel,

as you see in the source code of the index.html the path to the backend is relative. So it stays within the approuter. And the xs-app.json is configured to direct /odata to the backend. Maybe you can try to deploy the app to a trial account and confirm the behaviour.

Best regards
Gregor

marcelmerkle
Product and Topic Expert
Product and Topic Expert
‎2020 Mar 09 8:52 AM
0 Kudos

Hi Gregor,

just as a general hint: You can use cds-starter-cloudfoundry instead of cds-starter-spring-boot-odata. This will already include xsuaa-spring-boot-starter.

As for your question: What is your expectation? To be redirected to a login page when accessing the approuter URL is expected behavior. If you log in, the approuter will retrieve the token and pass it to your backend in subsequent requests.

Best regards,

Marcel

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 09 10:17 AM
0 Kudos

Hi Marcel,

thank you for your response. I will give the cds-starter-cloudfoundry a try.

Regarding the authentication it seems that my description was not detailed enough:

  1. When I open the URL of the approuter I'm redirected to do the authentication
  2. After that I can see the index.html with the links also to the endpoints provided by the backend
  3. When I click now one of the backend links I get re-directed again to a path /login

Hope that helps you to help me :-).

Best regards
Gregor

    WouterLemaire
    SAP Mentor
    SAP Mentor
    ‎2020 Mar 07 8:34 PM
    0 Kudos

    Hi Gregor,

    I have secured my Java srv for the FaceRecognition app like this:https://blogs.sap.com/2019/08/29/combine-cap-m-with-machine-learning-sdk-deployment-part/

    Everything is well explained here: https://blogs.sap.com/2018/10/10/securing-cloud-platform-business-application/

    Hope this helps!

    Kr, Wouter

    Show replies
    Show replies
    gregorw
    SAP Mentor
    SAP Mentor
    ‎2020 Mar 07 10:17 PM
    0 Kudos

    Hi Wouter,

    the samples/spring-security-xsuaa-usage works without any other dependencies. I hope that maybe nena.raab can help?

    Best regards
    Gregor

    Ask a Question