Spring Gateway + JWT: 401 on Gateway, 403 on Direct Service (Need Help Debugging)
I'm working on a microservices project using Spring Boot.
Gateway (port 5556)
Auth Service (port 5557) — issues JWT
User Service (port 5558) — requires JWT for protected routes
I'm using a traditional JWT validation setup (i.e., using a filter and OncePerRequestFilter with doFilterInternal, not Spring Security's oauth2ResourceServer().jwt()).
Hitting Gateway (localhost:5556/api/users/createuser) with a valid JWT gives 401 Unauthorized
Hitting User Service directly (localhost:5558/api/users/createuser) with the same JWT gives 403 Forbidden
Both services are registered with Eureka, and Gateway routes are correctly configured.
Also, there's an internal sync API in the User Service (used by Auth Service). Could that affect Spring Security config?
Anyone encountered this before or have ideas on what might be misconfigured?
6 Replies
⌛ This post has been reserved for your question.
Hey @Maxxx005! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
Maybe check whether the gateway forwards the request as-is?
Maybe it doesn't forward headers and you are specifying the JWT using headers?
I assume you also don't want the 403 - consider enabling Spring Security DEBUG (or TRACE) logging and see what you get. Also debug your filter.
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.Problem solved!
The problem was with the secret key which I had passed in the gateway service for jwt validation. I had encoded the secret key in Auth service but passed the secret key as it is in the gateway and that is why gateway service was not validating my token.
If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.
Post Closed
This post has been closed by <@1115350289499820042>.