Comments (4)
jaggerwang
commented on September 22, 2024
I tried to relay Authorization header by my self using the following ClientHttpRequestInterceptor:
package net.jaggerwang.scip.common.api.interceptor;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import java.io.IOException;
public class OAuth2TokenRelayInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
var requestAttrs = RequestContextHolder.getRequestAttributes();
if (requestAttrs instanceof ServletRequestAttributes) {
var servletRequestAttrs = (ServletRequestAttributes) requestAttrs;
var authHeader = servletRequestAttrs.getRequest().getHeader("Authorization");
if (authHeader != null) {
request.getHeaders().add("Authorization", authHeader);
}
}
return execution.execute(request, body);
}
}package net.jaggerwang.scip.user.api.config;
...
@Configuration(proxyBeanMethods = false)
public class ServiceConfig {
...
private RestTemplate restTemplate(RestTemplateBuilder builder, String rootUri) {
var restTemplate = builder.rootUri(rootUri).build();
var interceptors = restTemplate.getInterceptors();
if (CollectionUtils.isEmpty(interceptors)) {
interceptors = new ArrayList<>();
}
interceptors.add(new OAuth2TokenRelayInterceptor());
restTemplate.setInterceptors(interceptors);
return restTemplate;
}
...
}But the attrs returned by RequestContextHolder.getRequestAttributes is always null, because the request executed by RestTemplate is in a child thread. I also tried to customize the RequestContextListener to be inheritable as the following, but it still the same result.
package net.jaggerwang.scip.common.api.listener;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.ServletRequestEvent;
import javax.servlet.http.HttpServletRequest;
public class InheritableRequestContextListener extends RequestContextListener {
private static final String REQUEST_ATTRIBUTES_ATTRIBUTE =
RequestContextListener.class.getName() + ".REQUEST_ATTRIBUTES";
@Override
public void requestInitialized(ServletRequestEvent requestEvent) {
if (!(requestEvent.getServletRequest() instanceof HttpServletRequest)) {
throw new IllegalArgumentException(
"Request is not an HttpServletRequest: " + requestEvent.getServletRequest());
}
HttpServletRequest request = (HttpServletRequest) requestEvent.getServletRequest();
ServletRequestAttributes attributes = new ServletRequestAttributes(request);
request.setAttribute(REQUEST_ATTRIBUTES_ATTRIBUTE, attributes);
LocaleContextHolder.setLocale(request.getLocale());
// Set attributes inheritable
RequestContextHolder.setRequestAttributes(attributes, true);
}
}from spring-cloud-security.
jaggerwang
commented on September 22, 2024
Right now I'm using request scope bean to avoid using RequestContextHolder, but it will create service object for every request.
@Bean
@RequestScope
public FileSyncService fileSyncService(@Qualifier("fileServiceRestTemplate") RestTemplate restTemplate,
CircuitBreakerFactory cbFactory,
ObjectMapper objectMapper,
HttpServletRequest request) {
return new FileSyncServiceImpl(restTemplate, cbFactory, objectMapper, request);
}from spring-cloud-security.
artemoons
commented on September 22, 2024
Hello, I use the same scenario of communication between Client and two RS but as for today I use the latest RS's from Spring Security 5 and Bearer tokens. The docs here about token relay I bit outdated I think so it's wasn't working in my case.
there is no
OAuth2RestTemplateandUserInfoRestTemplateFactory
When I tried to request RS2, I got 401 error message in RS1. To fix it, I added header with bearer token (from Principal) when sending request to RS2 and it worked. Now I'm in progress of searching how to add this header by default for all requests from my RS1 to RS2.
Just shared some of my experience as per today :-)
from spring-cloud-security.
ryanjbaxter
commented on September 22, 2024
I dont see what this has to do with Spring Cloud Security. It seems to be a Spring Security issue/question. If I am wrong please explain where Spring Cloud Security comes into play.
from spring-cloud-security.
Related Issues (20)
- feign has conflict with @EnableWebFluxSecurity HOT 2
- config property "security.resource.jwt.key-uri" caused UnknownHostException HOT 2
- Do you have oauth2 migration demo? HOT 3
- Spelling error in documentation
- Spring Cloud Gateway java based RouteLocator not working with Spring Cloud Security HOT 4
- Move feign and gateway code to respective projects
- Deprecate spring-cloud-starter-oauth2 and spring-cloud-starter-security HOT 2
- TokenRelayAutoConfiguration can't find ServerOAuth2AuthorizedClientRepository HOT 1
- Use ClientId and ClientSecret for token refresh HOT 3
- TokenRelayGatewayFilterFactory is a deprecated class only in spring-cloud-security.2.2.2.RELEASE HOT 1
- If oauth2 token issued at time and system time difference is more than 60secs, necessary logs are not captured. HOT 3
- @AuthorizationServer And @Configuration HOT 4
- What project to migrate to? HOT 3
- a bean of type 'org.springframework.cloud.commons.security.AccessTokenContextRelay' that could not be found. HOT 8
- a bean of type 'org.springframework.cloud.commons.security.AccessTokenContextRelay' that could not be found. HOT 2
- Do you have oauth2 migration demo?
- Had a Error when update springboot and Springcloud from Hoxton to 2020.0.4 HOT 2
- Hibernate issue when upgrading Spring Boot from 2.5.6 to 2.6.1
- 自定义Access配置 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-cloud-security.