cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CAP JAVA - XSUAA and @RestController not working properly in Local Machine

Go to solution
idefix
Participant

on ‎05-01-2021 1:48 PM

0 Kudos

Hi,

I had been trying to figure out why my @RestController didn't work in my local machine. Why I could not access it. I found out that if I have xsuaa enabled and file default-env.json (where xsuaa is configured), I can not access my @restcontroller path.

It seems that it bind the service. Here is the log:

2021-05-01 19:21:50.411 INFO 8267 --- [ main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory : Using service binding 'demo-uaa-resource' to configure 'xsuaa' properties section

The app is not asking me for user and password at all. So mocking user, as here described won't help: https://cap.cloud.sap/docs/java/security#mock-users

Only if I remove xsuaa configuration from VCAP_SERVICES (default-env.json), the app will ask for user and password.

Removing the xsuaa configuration will prevent my app to bind the xsuaa service.

Here is the log:

2021-05-01 19:44:10.222  INFO 9637 --- [           main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory  : No service binding with tag 'xsuaa' found

Is this normal behaviour? How I can I access restcontroller path without removing xsuaa or default-env.json and also without user and password at all?

Thank you.

Show replies
Show replies
jschneider
Advisor
Advisor
‎05-03-2021 9:17 AM
0 Kudos

Hi Edwin,

are you using the SAP Cloud SDK for Java in your CAP project?
If so, could you please share more detailed information about what version of the Cloud SDK you are currently using?

Thanks and best regards,
Johannes

Answer

Accepted Solutions (1)

Accepted Solutions (1)

marcbecker
Contributor
‎05-06-2021 12:23 PM
0 Kudos

Hi Edwin,

this sounds like the expected behaviour that is also explained in our documentation like this: https://cap.cloud.sap/docs/java/security#authentication

Quoting from the docs:

Only if both, the library dependencies and a UAA service binding are in place, the CAP Java runtime activates a Spring security configuration, which enforces XSUAA authentication for all endpoints automatically:

  • Protocol adapter endpoints (managed by CAP such as OData V4/V2 or custom protocol adapters)
  • Remaining custom endpoints (not managed by CAP such as custom REST controllers or Spring Actuators)

This means your custom REST endpoints are currently also protected using XSUAA authentication. You should be able to access them with a proper XSUAA JWT token.

The same behaviour is also applied for our mock-user configuration, which is activated when no XSUAA binding is available.

In case you want to change this behaviour you have two options, both of which are also described in our docs:

1. Follow the description in the docs to customize your Spring Boot security configuration, by adding an additional configuration on top of the one provided by CAP: https://cap.cloud.sap/docs/java/security#spring-boot -> Customizing Spring Boot Security Configuration

2. Set the property "cds.security.authenticateUnknownEndpoints" to "false" in application.yaml to prevent CAPs auto-configuration to include non-CAP managed endpoints. You are completely responsible for authentication your custom endpoints in that case.

Best regards,
Marc

Show replies
Show replies

Answers (3)

Answers (3)

idefix
Participant
‎05-27-2021 1:11 PM
0 Kudos

Hi Marc,

Thank you for your guidance. I've just realised that I should write a destination in order to forward the token.

Thank you!

Edwin

Show replies
Show replies
former_member380267
Discoverer
‎07-14-2022 9:19 AM
0 Kudos

Hi Edwin,

we are also facing this after upgrading to new version of spring boot from 2.5 to 2.7.

Could you please tell us? How you resolved this issue.

Thank you,

Hareesh

idefix
Participant
‎05-05-2021 12:53 PM
0 Kudos

Hi Alexander,

sorry it was copy paste error.
here are the correct pom files: pom.xml, srv-pom.xml

I tried with the latest cloud sdk. No Luck.

I updated the xsuaa. No Luck.

            <dependency>
                <groupId>com.sap.cloud.security.xsuaa</groupId>
                <artifactId>xsuaa-spring-boot-starter</artifactId>
                <version>2.8.12</version>
            </dependency>

I think the issue is related to xsuaa.

Thank you Alexander. I will wait for CAP team response.

Show replies
Show replies
idefix
Participant
‎05-04-2021 6:34 AM
0 Kudos

Hi Johannes,

my version: 3.38.0

    <properties>
        <!-- OUR VERSION -->
        <revision>1.0.0-SNAPSHOT</revision>

        <!-- DEPENDENCIES VERSION -->
        <jdk.version>1.8</jdk.version>
        <cds.services.version>1.13.1</cds.services.version>
        <spring.boot.version>2.4.1</spring.boot.version>
        <cloud.sdk.version>3.38.0</cloud.sdk.version>

        <node.version>v12.16.2</node.version>
    </properties>

            <!-- MANAGE Spring XSUAA Library, because of Spring 2.4 incompatible version in Cloud SDK BOM -->
            <dependency>
                <groupId>com.sap.cloud.security.xsuaa</groupId>
                <artifactId>xsuaa-spring-boot-starter</artifactId>
                <version>2.8.1</version>
            </dependency>

I also tried with 3.43.0. Same issue.

pom.xml

Show replies
Show replies
former_member129581
Advisor
Advisor
‎05-05-2021 12:07 PM
0 Kudos

Hi Edwin,

The pom.xml is strangely formatted, are you sure it's a POM and not a word document?

I'm from the SAP Cloud SDK team, like Johannes. I can't see the relation to our library. we do not control authorization flow to inbound requests. Please let me know, in case you find a log message indicating an issue with the Cloud SDK. But since you seem to have focused your project setup according to SAP CAP, to me this looks like a configuration issue that can be solved by CAP team. You correctly chose the corresponding tag in this question. Let's wait for their response.

Ask a Question