Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
unable to get spring security basic example working
See original GitHub issuei have setup a sample maven springboot app to test out spring security implementation. no success so far.
here is the git repo with the app code - https://github.com/swarupdonepudi/grpc-sb-hello-world
I start the service using mvn springboot:run and the app starts successfully.
but when i send a request to the service using bloomrpc client, i get the below response back.
{
"error": "16 UNAUTHENTICATED: An Authentication object was not found in the SecurityContext"
}
can someone please help me to figure out what i am doing wrong?
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.leftbin.acad</groupId>
<artifactId>grpc</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<name>grpc-sb-hello-world</name>
<description>grpc springboot hello world</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<grpc-spring-boot-starter.version>3.0.0</grpc-spring-boot-starter.version>
<os-maven-plugin.version>1.6.1</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>io.github.lognet</groupId>
<artifactId>grpc-spring-boot-starter</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
<version>5.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
<version>5.4.0</version>
</dependency>
</dependencies>
<build>
<extensions>
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>${os-maven-plugin.version}</version>
</extension>
</extensions>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.3.4.RELEASE</version>
</plugin>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>${protobuf-maven-plugin.version}</version>
<configuration>
<protocArtifact>com.google.protobuf:protoc:3.5.1-1:exe:${os.detected.classifier}</protocArtifact>
<pluginId>grpc-java</pluginId>
<pluginArtifact>io.grpc:protoc-gen-grpc-java:1.16.1:exe:${os.detected.classifier}</pluginArtifact>
</configuration>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>compile-custom</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>app</finalName>
</build>
</project>
application.yaml
grpc:
port: 8080
enable-reflection: true
spring:
main:
allow-bean-definition-overriding: true
jmx:
enabled: false
logging :
level:
root : debug
security:
basic:
enabled: false
management:
security:
enabled: false
GrpcSecurityConfiguration.java
package com.leftbin.acad.grpc;
import org.lognet.springboot.grpc.security.EnableGrpcSecurity;
import org.lognet.springboot.grpc.security.GrpcSecurityConfigurerAdapter;
@EnableGrpcSecurity
public class GrpcSecurityConfiguration extends GrpcSecurityConfigurerAdapter {
}
GreeterSvc.java
package com.leftbin.acad.grpc;
import com.google.protobuf.Empty;
import io.grpc.examples.GreeterGrpc;
import io.grpc.examples.GreeterOuterClass;
import io.grpc.stub.StreamObserver;
import org.lognet.springboot.grpc.GRpcService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import java.util.Map;
@GRpcService
public class GreeterSvc extends GreeterGrpc.GreeterImplBase {
Logger l = LoggerFactory.getLogger(GreeterSvc.class);
@Override
public void sayHello(GreeterOuterClass.HelloRequest request, StreamObserver<GreeterOuterClass.HelloReply> responseObserver) {
super.sayHello(request, responseObserver);
}
@Override
@Secured("SCOPE_profile")
public void sayAuthHello(Empty request, StreamObserver<GreeterOuterClass.HelloReply> responseObserver) {
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null) {
l.info("auth is null");
} else if(auth instanceof JwtAuthenticationToken){
Map<String, Object> tokenAttributes = JwtAuthenticationToken.class.cast(auth).getTokenAttributes();
tokenAttributes.forEach((k,v)->l.info("key: {}, val: {}", k, v));
}
responseObserver.onNext(GreeterOuterClass.HelloReply.newBuilder().build());
responseObserver.onCompleted();
}
}
here is the debug log output
2020-10-05 19:24:14.386 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND SETTINGS: ack=false settings={MAX_CONCURRENT_STREAMS=2147483647, INITIAL_WINDOW_SIZE=1048576, MAX_HEADER_LIST_SIZE=8192}
2020-10-05 19:24:14.386 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=983041
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND SETTINGS: ack=false settings={ENABLE_PUSH=0, MAX_CONCURRENT_STREAMS=0, INITIAL_WINDOW_SIZE=4194304, MAX_FRAME_SIZE=4194304, MAX_HEADER_LIST_SIZE=8192, ︃=1}
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND SETTINGS: ack=true
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=4128769
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND PING: ack=false bytes=0
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND PING: ack=true bytes=0
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND HEADERS: streamId=1 headers=GrpcHttp2RequestHeaders[:path: /Greeter/SayAuthHello, :authority: localhost:8080, :method: POST, :scheme: http, te: trailers, authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlFUTTVNVUkyUTBZMU16QTFRak5GT1VReU16WTRNVVUwTWtGR04wRXpRVFF4UWtSRk5VWXlNUSadfasfsafasdfsadfNmb3Jjb2lucy5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NWY3NWEwM2QxYmNjMGMwMDZlYzYwZjc5Iiadfafa0cHM6Ly9tb2JpbGUtYmFja2VuZC5kZXYuY2ZvcmNvaW5zLmNvbSIsImlhdCI6MTYwMTU0NDI3NywiZXhwIjoxNjAxNjMwNjadfadfAiOiJFVlAxYmNIaThvd0cxWDdtbkVmMTZwcXJBbVZvZVNKRCIsImd0eSI6InBhc3N3b3JkIn0.EaJuQr-bgpAHkq_y1tadfasf_P03hvXfqjgsP-qFrwUovg7rg6W34S_5YPWTqiQJnnd5LUHaTfMh2uXODJ4t0TZWjoagyserBZf3pa8iDSBvVTmZhcFafn1TpUUEzq-8sON-e8bkZPG8TIQtIX5fyDZLfH9Jt8IJppC3UHdp8CK1oDramFU8YWg6wFZdhsLXQ6kLDc_iFla4p_hxQlxmOLR8bOaotUl14Z6hMiYvzyXc9pT8Dctwj2G0-fxMKBoS0jyiTxcOGn5A63ToXfaK4yxHFPlV4k8dBs1_NXgsgSJDWj1_Tk4kOqEAEcqNijPk7BiRw2oqgqQtrikg, content-type: application/grpc, user-agent: grpc-node/1.24.2 grpc-c/8.0.0 (osx; chttp2; ganges), grpc-accept-encoding: identity,deflate,gzip, accept-encoding: identity,gzip] padding=0 endStream=false
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=1 windowSizeIncrement=5
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND DATA: streamId=1 padding=0 endStream=true length=5 bytes=0000000000
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND PING: ack=false bytes=1234
2020-10-05 19:24:14.388 DEBUG 20806 --- [ault-executor-2] o.l.s.grpc.security.SecurityInterceptor : Secure object: MethodDescriptor{fullMethodName=Greeter/SayAuthHello, type=UNARY, idempotent=false, safe=false, sampledToLocalTracing=true, requestMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@40a2ca9f, responseMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@37ecd080, schemaDescriptor=io.grpc.examples.GreeterGrpc$GreeterMethodDescriptorSupplier@112359c}; Attributes: [SCOPE_profile]
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=5
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND HEADERS: streamId=1 headers=GrpcHttp2OutboundHeaders[:status: 200, content-type: application/grpc, grpc-status: 16, grpc-message: An Authentication object was not found in the SecurityContext] padding=0 endStream=true
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND PING: ack=true bytes=1234
2020-10-05 19:24:14.390 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : Window: 1048576
2020-10-05 19:24:14.390 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND SETTINGS: ack=true
as can be seen from the above log, the header is being passed to the service just fine as i can see authorization in inbound metadata
L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND HEADERS: streamId=1 headers=GrpcHttp2RequestHeaders[:path: /Greeter/SayAuthHello, :authority: localhost:8080, :method: POST, :scheme: http, te: trailers, authorization: Bearer bearer-token-redacted content-type: application/grpc, user-agent: grpc-node/1.24.2 grpc-c/8.0.0 (osx; chttp2; ganges), grpc-accept-encoding: identity,deflate,gzip, accept-encoding: identity,gzip] padding=0 endStream=false
but the response message says no Auth object in the context
2020-10-05 19:24:14.388 DEBUG 20806 --- [ault-executor-2] o.l.s.grpc.security.SecurityInterceptor : Secure object: MethodDescriptor{fullMethodName=Greeter/SayAuthHello, type=UNARY, idempotent=false, safe=false, sampledToLocalTracing=true, requestMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@40a2ca9f, responseMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@37ecd080, schemaDescriptor=io.grpc.examples.GreeterGrpc$GreeterMethodDescriptorSupplier@112359c}; Attributes: [SCOPE_profile]
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=5
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND HEADERS: streamId=1 headers=GrpcHttp2OutboundHeaders[:status: 200, content-type: application/grpc, grpc-status: 16, grpc-message: An Authentication object was not found in the SecurityContext] padding=0 endStream=true
here is mvn dep tree
[INFO] com.leftbin.acad:grpc:jar:1.0.0
[INFO] +- io.github.lognet:grpc-spring-boot-starter:jar:4.0.0:compile
[INFO] | +- io.grpc:grpc-netty:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-core:jar:1.32.1:compile (version selected from constraint [1.32.1,1.32.1])
[INFO] | | | +- io.grpc:grpc-api:jar:1.32.1:compile (version selected from constraint [1.32.1,1.32.1])
[INFO] | | | | \- io.grpc:grpc-context:jar:1.32.1:compile
[INFO] | | | +- com.google.code.gson:gson:jar:2.8.6:runtime
[INFO] | | | \- com.google.android:annotations:jar:4.1.1.4:runtime
[INFO] | | +- io.netty:netty-codec-http2:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-common:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-buffer:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-transport:jar:4.1.52.Final:compile
[INFO] | | | | \- io.netty:netty-resolver:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-codec:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-handler:jar:4.1.52.Final:compile
[INFO] | | | \- io.netty:netty-codec-http:jar:4.1.52.Final:compile
[INFO] | | +- io.netty:netty-handler-proxy:jar:4.1.52.Final:runtime
[INFO] | | | \- io.netty:netty-codec-socks:jar:4.1.52.Final:runtime
[INFO] | | +- com.google.guava:guava:jar:29.0-android:compile
[INFO] | | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | | +- org.checkerframework:checker-compat-qual:jar:2.5.5:compile
[INFO] | | | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | +- io.perfmark:perfmark-api:jar:0.19.0:runtime
[INFO] | | +- org.codehaus.mojo:animal-sniffer-annotations:jar:1.18:runtime
[INFO] | | \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | +- io.grpc:grpc-services:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-protobuf:jar:1.32.1:compile
[INFO] | | | +- com.google.protobuf:protobuf-java:jar:3.12.0:compile
[INFO] | | | +- com.google.api.grpc:proto-google-common-protos:jar:1.17.0:compile
[INFO] | | | \- io.grpc:grpc-protobuf-lite:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-stub:jar:1.32.1:compile
[INFO] | | \- com.google.protobuf:protobuf-java-util:jar:3.12.0:runtime
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.3.4.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | | | | +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | | | | \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.26:compile
[INFO] | \- io.netty:netty-tcnative-boringssl-static:jar:2.0.34.Final:compile
[INFO] +- org.springframework.security:spring-security-config:jar:5.4.0:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:5.3.4.RELEASE:compile
[INFO] | | \- org.springframework:spring-expression:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework:spring-core:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework:spring-jcl:jar:5.2.9.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-oauth2-resource-server:jar:5.3.4.RELEASE:compile
[INFO] | +- org.springframework.security:spring-security-oauth2-core:jar:5.3.4.RELEASE:compile
[INFO] | | \- org.springframework:spring-web:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework.security:spring-security-web:jar:5.3.4.RELEASE:compile
[INFO] \- org.springframework.security:spring-security-oauth2-jose:jar:5.4.0:compile
[INFO] \- com.nimbusds:nimbus-jose-jwt:jar:8.19:compile
[INFO] +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] \- net.minidev:json-smart:jar:2.3:compile
[INFO] \- net.minidev:accessors-smart:jar:1.2:compile
[INFO] \- org.ow2.asm:asm:jar:5.0.4:compile
Issue Analytics
- State:
- Created 3 years ago
- Comments:55
Top Results From Across the Web
I can't configure Spring Security on a simple example
1 Answer 1 ... You need to register your SecurityConfig class in your Initializer class. @Override protected Class<?>[] getServletConfigClasses() ...
Read more >Spring Security Authentication Failure Handler Examples
Spring security code examples to run custom logics upon failed login attempt (authentication failure handler)
Read more >Spring Security without the WebSecurityConfigurerAdapter
Below is an example configuration using the WebSecurityConfigurerAdapter that secures all endpoints with HTTP Basic:
Read more >Spring Security: Authentication and Authorization In-Depth
BasicAuthenticationFilter: Tries to find a Basic Auth HTTP Header on the request and if found, tries to authenticate the user with the header's ......
Read more >Spring Boot Security Auto-Configuration - Baeldung
For example, almost each Spring Boot application is started with Actuator in the classpath. This causes problems because another auto-configuration class needs ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jvmlet i can confirm that after updating grpc version to 1.33.0 everything is working like charm. thanks a ton once again. you are a rockstar 🍻
It is working in my sample project . What i had missed in my actual project was removing the @PreAuthorize(“isAuthenticated()”) annotation from the previous implementation which was creating another interceptor call.