Doncarlito87
Reputation: 459
Getting an 403 Error while send a GetRequest to my Azure Kubernetes API-Gateway
I have provided an API gateway microservice at Azure Kubernetes. When I log in to get a token, it works, but if I want to access the resources with the Bearer Token, it does not allow me to do so.
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/authenticate").permitAll().
antMatchers("/users").hasRole("ADMIN")
.anyRequest().authenticated()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
my login data are from an admin but he still does not allow me access from /users. The error code that comes to Postman is 403.
I suspect it is due to the Azure SQL firewall.
Can someone tell me why I can start a post request to my API gateway and a JWT but do not get a GetRequest for my users' data?
apiVersion: apps/v1
kind: Deployment
metadata:
name: apigateway-front
spec:
replicas: 1
selector:
matchLabels:
app: apigateway-front
template:
metadata:
labels:
app: apigateway-front
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: apigateway-front
image: containerregistry.azurecr.io/apigateway:11
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8800
name: apigateway
---
apiVersion: v1
kind: Service
metadata:
name: apigateway-front
spec:
type: LoadBalancer
ports:
- port: 8800
selector:
app: apigateway-front
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: contacts
spec:
replicas: 1
selector:
matchLabels:
app: contacts
template:
metadata:
labels:
app: contacts
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: contacts
image: containerregistry.azurecr.io/contacts:12
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8100
name: contacts
---
apiVersion: v1
kind: Service
metadata:
name: contacts
spec:
ports:
- port: 8100
selector:
app: contacts
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: templates
spec:
replicas: 1
selector:
matchLabels:
app: templates
template:
metadata:
labels:
app: templates
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: templates
image: containerregistry.azurecr.io/templates:13
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8200
name: templates
---
apiVersion: v1
kind: Service
metadata:
name: templates
spec:
ports:
- port: 8200
selector:
app: templates
Logs from API-Gateway
2020-06-08 07:59:36.097 INFO 1700 --- [ main] s.ApiGateway.ApiGatewayApplication : No active profile set, falling back to default profiles: default
2020-06-08 07:59:37.115 INFO 1700 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2020-06-08 07:59:37.200 INFO 1700 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 1 JPA repository interfaces.
2020-06-08 07:59:37.673 WARN 1700 --- [ main] o.s.boot.actuate.endpoint.EndpointId : Endpoint ID 'hystrix.stream' contains invalid characters, please migrate to a valid format.
2020-06-08 07:59:37.924 INFO 1700 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=1f96386b-fb6d-3ddd-bccb-9a4c4b64c2fd
2020-06-08 07:59:39.047 INFO 1700 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8800 (http)
2020-06-08 07:59:39.062 INFO 1700 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-06-08 07:59:39.062 INFO 1700 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-06-08 07:59:39.338 INFO 1700 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-06-08 07:59:39.338 INFO 1700 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3192 ms
2020-06-08 07:59:39.484 WARN 1700 --- [ main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:39.484 INFO 1700 --- [ main] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:39.513 INFO 1700 --- [ main] c.netflix.config.DynamicPropertyFactory : DynamicPropertyFactory is initialized with configuration sources: com.netflix.config.ConcurrentCompositeConfiguration@77bc2e16
2020-06-08 07:59:39.599 WARN 1700 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2020-06-08 07:59:39.939 INFO 1700 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2020-06-08 07:59:40.688 INFO 1700 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2020-06-08 07:59:40.776 INFO 1700 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2020-06-08 07:59:40.881 INFO 1700 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.4.15.Final
2020-06-08 07:59:41.143 INFO 1700 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2020-06-08 07:59:41.385 INFO 1700 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.SQLServer2012Dialect
2020-06-08 07:59:42.377 INFO 1700 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2020-06-08 07:59:42.388 INFO 1700 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2020-06-08 07:59:43.793 INFO 1700 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@498b611e, org.springframework.security.web.context.SecurityContextPersistenceFilter@47fca3cc, org.springframework.security.web.header.HeaderWriterFilter@6c2dd88b, org.springframework.security.web.authentication.logout.LogoutFilter@3909a854, sendMessage.ApiGateway.JwtRequestFilter@1b98355f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6a0c7af6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3d7b3b18, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6dde1bf5, org.springframework.security.web.session.SessionManagementFilter@484b5a21, org.springframework.security.web.access.ExceptionTranslationFilter@5bccaedb, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1e000a17]
2020-06-08 07:59:43.838 WARN 1700 --- [ main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:43.838 INFO 1700 --- [ main] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:44.010 INFO 1700 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-06-08 07:59:44.219 WARN 1700 --- [ main] ion$DefaultTemplateResolverConfiguration : Cannot find template location: classpath:/templates/ (please add some templates or check your Thymeleaf configuration)
2020-06-08 07:59:44.672 INFO 1700 --- [ main] o.s.c.n.zuul.ZuulFilterInitializer : Starting filter initializer
2020-06-08 07:59:44.689 INFO 1700 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator'
2020-06-08 07:59:44.769 INFO 1700 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8800 (http) with context path ''
2020-06-08 07:59:44.916 INFO 1700 --- [ main] s.ApiGateway.ApiGatewayApplication : Started ApiGatewayApplication in 10.045 seconds (JVM running for 15.368)
2020-06-08 08:19:19.354 INFO 1700 --- [nio-8800-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-06-08 08:19:19.355 INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-06-08 08:19:19.395 INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet : Completed initialization in 40 ms
2020-06-08 08:19:19.450 WARN 1700 --- [nio-8800-exec-2] o.s.c.n.zuul.web.ZuulHandlerMapping : No routes found from RouteLocator
Upvotes: 0
Views: 644
Answers (1)
Doncarlito87
Reputation: 459
Problem solved. I forgot to write in the Authorization header in Postman
Upvotes: 1
Related Questions
- Kubernetes 403 Forbidden querying API with good RBAC credentials
- Basic access Auth Enable in Azure Application gateway for URL
- Kubernetes client python API error 401 - Unauthorized
- Azure Keyvault Bad Request When Called From Kubernetes Pod
- 403 Forbidden error when trying to access Kubernetes API from a pod
- Service deployed in Kubernetes is working only via Proxy??? Not able to consume exposed endpoint
- Kubernetes error code 403
- Cannot access apiserver on kubernetes v1.2.0
- Issue accessing kubernetes apis from a pod in azure environment
- requests.get(url) return error code 404 from kubernetes api while the response could be get via curl/GET