Broadleaf Microservices

Configuring Client Credentials

Overview

If you started building your project off using the sample MicroservicesStarter or an equivalent Broadleaf Microservices starter project, you may have noticed that the application loaded some default client credentials that allows connectivity between the services.

Main FlexPackage

For example, your main FlexPackage applicationContext-default.xml may include some properties like below:

spring:
  security:
    oauth2:
      client:
        registration:
          catalog:
            authorization-grant-type: client_credentials
            client-id: catalog
            client-secret: <default secret>
          customer:
            authorization-grant-type: client_credentials
            client-id: customer
            client-secret: <default secret>
          search:
            authorization-grant-type: client_credentials
            client-id: search
            client-secret: <default secret>
          ...

Authentication Service

The default AuthenticationServices image also loads corresponding client credentials SQL records into the Auth schema blc_client table that match the service to service configurations defined above. This is where the corresponding client_id and client_secret records are stored.

Important: the client_secret is BCrypted by default.

Example Scenario

Let’s assume that you’re getting ready to deploy your application to production on Kubernetes. In your various FlexPackages that need to have connectivity to one another via the client credentials OAuth grant, you’ll most likely want to update the default client-secret

In this example, let’s say you wanted to update the secret for the catalog client-id to BroadleafMicroservices!.

Step 1: Update BCrypt New Secret in Auth.BLC_CLIENT

You’ll want to update the corresponding catalog client_id record in the blc_client table of the auth schema.

new BCryptPasswordEncoder().encode("BroadleafMicroservices!")

Step 2: Override FlexPackage Env Variable

In my main FlexPackage K8 Manifest, I can pass in the following environment variable override:

SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_CATALOG_CLIENTSECRET

Tip: Utilizing the CredentialsGeneratorUtil

Your Microservices Demo starter project ships with a test class called com.broadleafdemo.demo.CredentialsGeneratorUtil to aid in generating keys for encryption purposes in the app across different Flex Package Compositions.

This performs the same function as KeyGeneratorUtil in Auth, but also generates a report of all ENV properties and DB updates that likely need review.

Note
reach out to our microservices support channel if your version of the starter does not include this test class and you would like access to this example