Spring boot Oauth2 : Token relay from a client using Feign, Ribbon, Zull and Eureka to a ressource











up vote
0
down vote

favorite












I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")

public interface ProxyMicroserviceFiles {

@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();

}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {

@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {

return new OAuth2RestTemplate(resource, context);
}

public static void main(String args) {

SpringApplication.run(ClientUiApplication.class, args);
}
}


here is the test controler



@Controller
public class ClientController {

@Autowired
private RestOperations restOperations;

@RequestMapping("/root")
public ResponseEntity userRootTest() {

String rootUrl = "http://localhost:9004/microservice-files/root";

return restOperations.getForEntity(rootUrl,FileBean.class);

}

}









share|improve this question






















  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
    – Kaizokun
    Nov 21 at 20:04















up vote
0
down vote

favorite












I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")

public interface ProxyMicroserviceFiles {

@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();

}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {

@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {

return new OAuth2RestTemplate(resource, context);
}

public static void main(String args) {

SpringApplication.run(ClientUiApplication.class, args);
}
}


here is the test controler



@Controller
public class ClientController {

@Autowired
private RestOperations restOperations;

@RequestMapping("/root")
public ResponseEntity userRootTest() {

String rootUrl = "http://localhost:9004/microservice-files/root";

return restOperations.getForEntity(rootUrl,FileBean.class);

}

}









share|improve this question






















  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
    – Kaizokun
    Nov 21 at 20:04













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")

public interface ProxyMicroserviceFiles {

@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();

}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {

@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {

return new OAuth2RestTemplate(resource, context);
}

public static void main(String args) {

SpringApplication.run(ClientUiApplication.class, args);
}
}


here is the test controler



@Controller
public class ClientController {

@Autowired
private RestOperations restOperations;

@RequestMapping("/root")
public ResponseEntity userRootTest() {

String rootUrl = "http://localhost:9004/microservice-files/root";

return restOperations.getForEntity(rootUrl,FileBean.class);

}

}









share|improve this question













I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")

public interface ProxyMicroserviceFiles {

@GetMapping(value = "microservice-files/root")
FileBean getUserRoot();

}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {

@Bean
public OAuth2RestOperations restOperations(
OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext context) {

return new OAuth2RestTemplate(resource, context);
}

public static void main(String args) {

SpringApplication.run(ClientUiApplication.class, args);
}
}


here is the test controler



@Controller
public class ClientController {

@Autowired
private RestOperations restOperations;

@RequestMapping("/root")
public ResponseEntity userRootTest() {

String rootUrl = "http://localhost:9004/microservice-files/root";

return restOperations.getForEntity(rootUrl,FileBean.class);

}

}






spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 at 14:53









Kaizokun

49110




49110












  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
    – Kaizokun
    Nov 21 at 20:04


















  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
    – Kaizokun
    Nov 21 at 20:04
















Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04




Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.
– Kaizokun
Nov 21 at 20:04












1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}





share|improve this answer





















  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
    – Kaizokun
    Nov 24 at 6:43












  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
    – Anatoliy Korovin
    Nov 24 at 10:51












  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
    – Kaizokun
    Nov 24 at 11:21











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}





share|improve this answer





















  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
    – Kaizokun
    Nov 24 at 6:43












  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
    – Anatoliy Korovin
    Nov 24 at 10:51












  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
    – Kaizokun
    Nov 24 at 11:21















up vote
1
down vote



accepted










If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}





share|improve this answer





















  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
    – Kaizokun
    Nov 24 at 6:43












  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
    – Anatoliy Korovin
    Nov 24 at 10:51












  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
    – Kaizokun
    Nov 24 at 11:21













up vote
1
down vote



accepted







up vote
1
down vote



accepted






If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}





share|improve this answer












If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails resource) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
resource.setClientId("my-client");
resource.setClientSecret("my-secret");
return resource;
}






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 24 at 2:32









Anatoliy Korovin

665




665












  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
    – Kaizokun
    Nov 24 at 6:43












  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
    – Anatoliy Korovin
    Nov 24 at 10:51












  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
    – Kaizokun
    Nov 24 at 11:21


















  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
    – Kaizokun
    Nov 24 at 6:43












  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
    – Anatoliy Korovin
    Nov 24 at 10:51












  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
    – Kaizokun
    Nov 24 at 11:21
















Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43






Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.
– Kaizokun
Nov 24 at 6:43














OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51






OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.
– Anatoliy Korovin
Nov 24 at 10:51














Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21




Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution
– Kaizokun
Nov 24 at 11:21


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Berounka

Sphinx de Gizeh

Different font size/position of beamer's navigation symbols template's content depending on regular/plain...