grpc-spring-boot-starter: unable to get spring security basic example working
i have setup a sample maven springboot app to test out spring security implementation. no success so far.
here is the git repo with the app code - https://github.com/swarupdonepudi/grpc-sb-hello-world
I start the service using mvn springboot:run and the app starts successfully.
but when i send a request to the service using bloomrpc client, i get the below response back.
{
"error": "16 UNAUTHENTICATED: An Authentication object was not found in the SecurityContext"
}
can someone please help me to figure out what i am doing wrong?
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.leftbin.acad</groupId>
<artifactId>grpc</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<name>grpc-sb-hello-world</name>
<description>grpc springboot hello world</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<grpc-spring-boot-starter.version>3.0.0</grpc-spring-boot-starter.version>
<os-maven-plugin.version>1.6.1</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>io.github.lognet</groupId>
<artifactId>grpc-spring-boot-starter</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
<version>5.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
<version>5.4.0</version>
</dependency>
</dependencies>
<build>
<extensions>
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>${os-maven-plugin.version}</version>
</extension>
</extensions>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.3.4.RELEASE</version>
</plugin>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>${protobuf-maven-plugin.version}</version>
<configuration>
<protocArtifact>com.google.protobuf:protoc:3.5.1-1:exe:${os.detected.classifier}</protocArtifact>
<pluginId>grpc-java</pluginId>
<pluginArtifact>io.grpc:protoc-gen-grpc-java:1.16.1:exe:${os.detected.classifier}</pluginArtifact>
</configuration>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>compile-custom</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>app</finalName>
</build>
</project>
application.yaml
grpc:
port: 8080
enable-reflection: true
spring:
main:
allow-bean-definition-overriding: true
jmx:
enabled: false
logging :
level:
root : debug
security:
basic:
enabled: false
management:
security:
enabled: false
GrpcSecurityConfiguration.java
package com.leftbin.acad.grpc;
import org.lognet.springboot.grpc.security.EnableGrpcSecurity;
import org.lognet.springboot.grpc.security.GrpcSecurityConfigurerAdapter;
@EnableGrpcSecurity
public class GrpcSecurityConfiguration extends GrpcSecurityConfigurerAdapter {
}
GreeterSvc.java
package com.leftbin.acad.grpc;
import com.google.protobuf.Empty;
import io.grpc.examples.GreeterGrpc;
import io.grpc.examples.GreeterOuterClass;
import io.grpc.stub.StreamObserver;
import org.lognet.springboot.grpc.GRpcService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import java.util.Map;
@GRpcService
public class GreeterSvc extends GreeterGrpc.GreeterImplBase {
Logger l = LoggerFactory.getLogger(GreeterSvc.class);
@Override
public void sayHello(GreeterOuterClass.HelloRequest request, StreamObserver<GreeterOuterClass.HelloReply> responseObserver) {
super.sayHello(request, responseObserver);
}
@Override
@Secured("SCOPE_profile")
public void sayAuthHello(Empty request, StreamObserver<GreeterOuterClass.HelloReply> responseObserver) {
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null) {
l.info("auth is null");
} else if(auth instanceof JwtAuthenticationToken){
Map<String, Object> tokenAttributes = JwtAuthenticationToken.class.cast(auth).getTokenAttributes();
tokenAttributes.forEach((k,v)->l.info("key: {}, val: {}", k, v));
}
responseObserver.onNext(GreeterOuterClass.HelloReply.newBuilder().build());
responseObserver.onCompleted();
}
}
here is the debug log output
2020-10-05 19:24:14.386 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND SETTINGS: ack=false settings={MAX_CONCURRENT_STREAMS=2147483647, INITIAL_WINDOW_SIZE=1048576, MAX_HEADER_LIST_SIZE=8192}
2020-10-05 19:24:14.386 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=983041
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND SETTINGS: ack=false settings={ENABLE_PUSH=0, MAX_CONCURRENT_STREAMS=0, INITIAL_WINDOW_SIZE=4194304, MAX_FRAME_SIZE=4194304, MAX_HEADER_LIST_SIZE=8192, ︃=1}
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND SETTINGS: ack=true
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=4128769
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND PING: ack=false bytes=0
2020-10-05 19:24:14.387 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND PING: ack=true bytes=0
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND HEADERS: streamId=1 headers=GrpcHttp2RequestHeaders[:path: /Greeter/SayAuthHello, :authority: localhost:8080, :method: POST, :scheme: http, te: trailers, authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlFUTTVNVUkyUTBZMU16QTFRak5GT1VReU16WTRNVVUwTWtGR04wRXpRVFF4UWtSRk5VWXlNUSadfasfsafasdfsadfNmb3Jjb2lucy5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NWY3NWEwM2QxYmNjMGMwMDZlYzYwZjc5Iiadfafa0cHM6Ly9tb2JpbGUtYmFja2VuZC5kZXYuY2ZvcmNvaW5zLmNvbSIsImlhdCI6MTYwMTU0NDI3NywiZXhwIjoxNjAxNjMwNjadfadfAiOiJFVlAxYmNIaThvd0cxWDdtbkVmMTZwcXJBbVZvZVNKRCIsImd0eSI6InBhc3N3b3JkIn0.EaJuQr-bgpAHkq_y1tadfasf_P03hvXfqjgsP-qFrwUovg7rg6W34S_5YPWTqiQJnnd5LUHaTfMh2uXODJ4t0TZWjoagyserBZf3pa8iDSBvVTmZhcFafn1TpUUEzq-8sON-e8bkZPG8TIQtIX5fyDZLfH9Jt8IJppC3UHdp8CK1oDramFU8YWg6wFZdhsLXQ6kLDc_iFla4p_hxQlxmOLR8bOaotUl14Z6hMiYvzyXc9pT8Dctwj2G0-fxMKBoS0jyiTxcOGn5A63ToXfaK4yxHFPlV4k8dBs1_NXgsgSJDWj1_Tk4kOqEAEcqNijPk7BiRw2oqgqQtrikg, content-type: application/grpc, user-agent: grpc-node/1.24.2 grpc-c/8.0.0 (osx; chttp2; ganges), grpc-accept-encoding: identity,deflate,gzip, accept-encoding: identity,gzip] padding=0 endStream=false
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=1 windowSizeIncrement=5
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND DATA: streamId=1 padding=0 endStream=true length=5 bytes=0000000000
2020-10-05 19:24:14.388 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND PING: ack=false bytes=1234
2020-10-05 19:24:14.388 DEBUG 20806 --- [ault-executor-2] o.l.s.grpc.security.SecurityInterceptor : Secure object: MethodDescriptor{fullMethodName=Greeter/SayAuthHello, type=UNARY, idempotent=false, safe=false, sampledToLocalTracing=true, requestMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@40a2ca9f, responseMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@37ecd080, schemaDescriptor=io.grpc.examples.GreeterGrpc$GreeterMethodDescriptorSupplier@112359c}; Attributes: [SCOPE_profile]
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=5
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND HEADERS: streamId=1 headers=GrpcHttp2OutboundHeaders[:status: 200, content-type: application/grpc, grpc-status: 16, grpc-message: An Authentication object was not found in the SecurityContext] padding=0 endStream=true
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND PING: ack=true bytes=1234
2020-10-05 19:24:14.390 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : Window: 1048576
2020-10-05 19:24:14.390 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND SETTINGS: ack=true
as can be seen from the above log, the header is being passed to the service just fine as i can see authorization in inbound metadata
L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND HEADERS: streamId=1 headers=GrpcHttp2RequestHeaders[:path: /Greeter/SayAuthHello, :authority: localhost:8080, :method: POST, :scheme: http, te: trailers, authorization: Bearer bearer-token-redacted content-type: application/grpc, user-agent: grpc-node/1.24.2 grpc-c/8.0.0 (osx; chttp2; ganges), grpc-accept-encoding: identity,deflate,gzip, accept-encoding: identity,gzip] padding=0 endStream=false
but the response message says no Auth object in the context
2020-10-05 19:24:14.388 DEBUG 20806 --- [ault-executor-2] o.l.s.grpc.security.SecurityInterceptor : Secure object: MethodDescriptor{fullMethodName=Greeter/SayAuthHello, type=UNARY, idempotent=false, safe=false, sampledToLocalTracing=true, requestMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@40a2ca9f, responseMarshaller=io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@37ecd080, schemaDescriptor=io.grpc.examples.GreeterGrpc$GreeterMethodDescriptorSupplier@112359c}; Attributes: [SCOPE_profile]
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] INBOUND WINDOW_UPDATE: streamId=0 windowSizeIncrement=5
2020-10-05 19:24:14.389 DEBUG 20806 --- [-worker-ELG-3-4] io.grpc.netty.NettyServerHandler : [id: 0xacd7edd0, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59001] OUTBOUND HEADERS: streamId=1 headers=GrpcHttp2OutboundHeaders[:status: 200, content-type: application/grpc, grpc-status: 16, grpc-message: An Authentication object was not found in the SecurityContext] padding=0 endStream=true
here is mvn dep tree
[INFO] com.leftbin.acad:grpc:jar:1.0.0
[INFO] +- io.github.lognet:grpc-spring-boot-starter:jar:4.0.0:compile
[INFO] | +- io.grpc:grpc-netty:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-core:jar:1.32.1:compile (version selected from constraint [1.32.1,1.32.1])
[INFO] | | | +- io.grpc:grpc-api:jar:1.32.1:compile (version selected from constraint [1.32.1,1.32.1])
[INFO] | | | | \- io.grpc:grpc-context:jar:1.32.1:compile
[INFO] | | | +- com.google.code.gson:gson:jar:2.8.6:runtime
[INFO] | | | \- com.google.android:annotations:jar:4.1.1.4:runtime
[INFO] | | +- io.netty:netty-codec-http2:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-common:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-buffer:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-transport:jar:4.1.52.Final:compile
[INFO] | | | | \- io.netty:netty-resolver:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-codec:jar:4.1.52.Final:compile
[INFO] | | | +- io.netty:netty-handler:jar:4.1.52.Final:compile
[INFO] | | | \- io.netty:netty-codec-http:jar:4.1.52.Final:compile
[INFO] | | +- io.netty:netty-handler-proxy:jar:4.1.52.Final:runtime
[INFO] | | | \- io.netty:netty-codec-socks:jar:4.1.52.Final:runtime
[INFO] | | +- com.google.guava:guava:jar:29.0-android:compile
[INFO] | | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | | +- org.checkerframework:checker-compat-qual:jar:2.5.5:compile
[INFO] | | | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | +- io.perfmark:perfmark-api:jar:0.19.0:runtime
[INFO] | | +- org.codehaus.mojo:animal-sniffer-annotations:jar:1.18:runtime
[INFO] | | \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | +- io.grpc:grpc-services:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-protobuf:jar:1.32.1:compile
[INFO] | | | +- com.google.protobuf:protobuf-java:jar:3.12.0:compile
[INFO] | | | +- com.google.api.grpc:proto-google-common-protos:jar:1.17.0:compile
[INFO] | | | \- io.grpc:grpc-protobuf-lite:jar:1.32.1:compile
[INFO] | | +- io.grpc:grpc-stub:jar:1.32.1:compile
[INFO] | | \- com.google.protobuf:protobuf-java-util:jar:3.12.0:runtime
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.3.4.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.3.4.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | | | | +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | | | | \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.26:compile
[INFO] | \- io.netty:netty-tcnative-boringssl-static:jar:2.0.34.Final:compile
[INFO] +- org.springframework.security:spring-security-config:jar:5.4.0:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:5.3.4.RELEASE:compile
[INFO] | | \- org.springframework:spring-expression:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:5.2.9.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework:spring-core:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework:spring-jcl:jar:5.2.9.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-oauth2-resource-server:jar:5.3.4.RELEASE:compile
[INFO] | +- org.springframework.security:spring-security-oauth2-core:jar:5.3.4.RELEASE:compile
[INFO] | | \- org.springframework:spring-web:jar:5.2.9.RELEASE:compile
[INFO] | \- org.springframework.security:spring-security-web:jar:5.3.4.RELEASE:compile
[INFO] \- org.springframework.security:spring-security-oauth2-jose:jar:5.4.0:compile
[INFO] \- com.nimbusds:nimbus-jose-jwt:jar:8.19:compile
[INFO] +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] \- net.minidev:json-smart:jar:2.3:compile
[INFO] \- net.minidev:accessors-smart:jar:1.2:compile
[INFO] \- org.ow2.asm:asm:jar:5.0.4:compile
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 55
Commits related to this issue
- release 4.2.0, fixes #159 — committed to LogNet/grpc-spring-boot-starter by deleted user 4 years ago
@jvmlet i can confirm that after updating grpc version to 1.33.0 everything is working like charm. thanks a ton once again. you are a rockstar 🍻
It is working in my sample project . What i had missed in my actual project was removing the @PreAuthorize(“isAuthenticated()”) annotation from the previous implementation which was creating another interceptor call.
@jvmlet awesome. i will test in a few hours and let you know. thanks.
awesome. i was able to get an end to end test working. thanks for creating and maintaining such an amazing project. i will close this now. i will try and put in an mr to this repo to add more detailed documentation on how to use spring security with this project based on all my findings. thanks a lot once agian @jvmlet . really appreciate all your help and quick responses.