JHipster: Receive 401 Unauthorized when making API call to microservice

Question

I am currently using Jhipster to generate the following components:

• UAA - Auth Server
• API Gateway
• Microservice - Product1
• Service Discovery - Consul

Other components:

• Custom Frontend (Angular 4) - in a separate project

Also important to note is that the custom frontend is using Jhipster angular 4 code that can be found in a vanilla Jhipster Api Gateway. This includes the customHttpProvider.

The classes included can be seen in image below:

At the moment I am able to login successfully with this setup and call the API's on the UAA, however, when I try to call any of the APIS on Product I get a 401 Unauthorised, for e.g. Post to Product1/api/zcd.

The services are all visible and green in Consul and the Gateway also has both the UAA and Product1 as registered and available routes.

So far I have found that it does not appear that the AuthInterceptor is being called when I make the api call to Product. I tried manually appending the jwt token to the methods and this fixes the problem, but I cant understand why the customHttpProvider is not being used to intercept the request and appending the token.

My ProductService below works when I insert the token manually as shown but this is obviously not the right way to do it.

@Injectable()
export class ProductService {

    private options = new Headers();

    constructor(private http: Http) {
        this.options.append('Authorization', 'Bearer ' + 'token is inserted here');
    }

    priceProduct(productPriceRequest: productPriceRequest): Observable<IdResponse> {
        return this.http.post('Product1/api/zcd', productPriceRequest, { headers: this.options })
            .map(response => response.json());
    }
}

Answer 1

Solved:

There were two things that were causing problems for me. Important to note is that they were not directly linked to JHipster but rather issues that occurred integrating Jhipster with:

Problems:

1. Axon 3
2. Custom Angular 4 frontend that has Lazy Loaded Modules.

Solutions:

1. • I had included axon 3 into the Product Microservice and as part of axons configuration, it initializes a token store (has nothing to do with security).
   • The tokenStore bean in MicroserviceSecurityConfiguration that is meant to be of type JwtTokenStore was being overridden as an InMemoryTokenStore.
   • The solution was to rename the tokenStore bean in MicroserviceSecurityConfiguration to jwtTokenStore.
2. • I had a number of lazy loaded modules. As per the documentation in this circumstance, there is SharedServiceModule that uses forRoot() and is imported in AppModule.
   • However when I had a service .e.g ProductService that was being imported in ProductModule, it was overriding the Http Factory that was being imported in the SharedServiceModule (same behaviour when importing Http Factory in AppModule).
   • The solution was to create a HttpProviderService that is provided at the same level as the customHttpProvider function (in SharedServiceModule). This then administers Http for all other Services at lower levels in the application.