Spring boot Oauth2 : Token relay from a client using Feign, Ribbon, Zull and Eureka to a ressource
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
add a comment |
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04
add a comment |
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
asked Nov 21 '18 at 14:53
KaizokunKaizokun
69111
69111
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04
add a comment |
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04
add a comment |
1 Answer
1
active
oldest
votes
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
add a comment |
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
add a comment |
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
answered Nov 24 '18 at 2:32
Anatoliy KorovinAnatoliy Korovin
1065
1065
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
add a comment |
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 '18 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 '18 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 '18 at 11:21
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 '18 at 20:04