当 Spring Security 在 Spring Cloud Config Server 上处于活动状态时，Spring Cloud Config Client 不获取配置

Question

When I run spring cloud config server without spring security the service fetches the config without issue but when I activate Spring security it won't fetch the config files. It seems to throw a 401 http error. I have checked that the username and password is correct, I have also tried the user:password@url way of authenticating with the same issue.

If i access the url http://localhost:8888/service/default directly in browser and enter the username and password the configs are displayed.

Any help will be appreciated, I am not sure if there is an issue with my cloud config or my security config.

Spring Boot version: '2.2.4.RELEASE'
spring-cloud-config-server version: '2.2.1.RELEASE'
Build system: Gradle
Java 8

This config always fails, I tried adding it to existing services I had and it did not work so I created a new config server and a new client via the spring initializer on https://start.spring.io/ with the below config and still does not work.

Log when security is active:

2020-02-19 14:29:16.553  INFO 14996 --- [           main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://localhost:8888
2020-02-19 14:29:16.577 DEBUG 14996 --- [           main] o.s.web.client.RestTemplate              : HTTP GET http://localhost:8888/service/default
2020-02-19 14:29:16.634 DEBUG 14996 --- [           main] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2020-02-19 14:29:16.647 DEBUG 14996 --- [           main] o.s.web.client.RestTemplate              : Response 401 UNAUTHORIZED
2020-02-19 14:29:16.652  WARN 14996 --- [           main] c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: 401 : [{"timestamp":"2020-02-19T12:29:16.642+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/service/default"}]

Log when Security is disabled/permit all

2020-02-19 12:43:13.756  INFO 4972 --- [           main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://localhost:8888
2020-02-19 12:43:17.563  INFO 4972 --- [           main] c.c.c.ConfigServicePropertySourceLocator : Located environment: name=service, profiles=[default], label=null, version=fb9ccb6e46098bfe425130d6447a0797206e5c2f, state=null

config server application.yml file
github uri is obscured, connection to the private repo is not the issue.

server:
  port: 8888

spring:
  application:
    name: config-server
  security:
    user:
      name: 'root'
      password: '1234'
  cloud:
    config:
      server:
        git:
          uri: <github-uri>
          ignore-local-ssh-settings: false
          strict-host-key-checking: false
          private-key: 'classpath:resources/id_rsa'

service application.yml file

spring:
  application:
    name: service
  cloud:
    config:
      uri: http://localhost:8888
      username: 'root'
      password: '1234'
      fail-fast: true

The web security is very basic but below is the security config:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    // Secure the endpoints with HTTP Basic authentication
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").fullyAuthenticated();
        http.httpBasic().and().exceptionHandling();
    }
}

Answer 1

For everyone who is following any outdated cloud tutorials:- from springboot 2.4 bootstrap starter dependency has to be added, to follow along the tutorial to use bootstrap.properties (bootstrap.yml) for external configuration.

<dependency>
 <groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>

Answer 2

You should use bootstrap.yaml (not application.yaml ) for the client app.

It works without security only because your client is using default config, which doesn't have username and password. When you enable security it returns 401 because default username and password are empty.