Spring boot Oauth2 : Token relay from a client using Feign, Ribbon, Zull and Eureka to a ressource
up vote
0
down vote
favorite
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
add a comment |
up vote
0
down vote
favorite
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))
The client, the zuul gateway and the resource server are all registered in Eureka.
My client use a Proxy to access to a remote ressource service named microservice-files.
@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")
public interface ProxyMicroserviceFiles {
@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();
}
So I'd like to relay the token to Zull and then to the resource server.
I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.
@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {
@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
public static void main(String args) {
SpringApplication.run(ClientUiApplication.class, args);
}
}
here is the test controler
@Controller
public class ClientController {
@Autowired
private RestOperations restOperations;
@RequestMapping("/root")
public ResponseEntity userRootTest() {
String rootUrl = "http://localhost:9004/microservice-files/root";
return restOperations.getForEntity(rootUrl,FileBean.class);
}
}
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign
asked Nov 21 at 14:53
Kaizokun
49110
49110
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04
add a comment |
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
add a comment |
up vote
1
down vote
accepted
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}
answered Nov 24 at 2:32
Anatoliy Korovin
665
665
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
add a comment |
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04