Spring boot Oauth2 : Token relay from a client using Feign, Ribbon, Zull and Eureka to a ressource












0















I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController

@FeignClient(name = "zuul-server")

@RibbonClient(name = "microservice-files")



public interface ProxyMicroserviceFiles {



    @GetMapping(value = "microservice-files/root")

    FileBean getUserRoot();



}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties

@SpringBootApplication

@EnableFeignClients("com.clientui")

public class ClientUiApplication {



    @Bean

    public OAuth2RestOperations restOperations(

            OAuth2ProtectedResourceDetails resource, 

            OAuth2ClientContext context) {



        return new OAuth2RestTemplate(resource, context);

    }



    public static void main(String args) {



        SpringApplication.run(ClientUiApplication.class, args);

    }

}


here is the test controler



@Controller

public class ClientController {



    @Autowired

    private RestOperations restOperations;



    @RequestMapping("/root")

    public ResponseEntity userRootTest() {



       String rootUrl = "http://localhost:9004/microservice-files/root";



       return  restOperations.getForEntity(rootUrl,FileBean.class);



    }



}





spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign







share|improve this question























  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

    – Kaizokun
    Nov 21 '18 at 20:04
















0















I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController

@FeignClient(name = "zuul-server")

@RibbonClient(name = "microservice-files")



public interface ProxyMicroserviceFiles {



    @GetMapping(value = "microservice-files/root")

    FileBean getUserRoot();



}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties

@SpringBootApplication

@EnableFeignClients("com.clientui")

public class ClientUiApplication {



    @Bean

    public OAuth2RestOperations restOperations(

            OAuth2ProtectedResourceDetails resource, 

            OAuth2ClientContext context) {



        return new OAuth2RestTemplate(resource, context);

    }



    public static void main(String args) {



        SpringApplication.run(ClientUiApplication.class, args);

    }

}


here is the test controler



@Controller

public class ClientController {



    @Autowired

    private RestOperations restOperations;



    @RequestMapping("/root")

    public ResponseEntity userRootTest() {



       String rootUrl = "http://localhost:9004/microservice-files/root";



       return  restOperations.getForEntity(rootUrl,FileBean.class);



    }



}





spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign







share|improve this question























  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

    – Kaizokun
    Nov 21 '18 at 20:04














0












0








0


0






I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController

@FeignClient(name = "zuul-server")

@RibbonClient(name = "microservice-files")



public interface ProxyMicroserviceFiles {



    @GetMapping(value = "microservice-files/root")

    FileBean getUserRoot();



}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties

@SpringBootApplication

@EnableFeignClients("com.clientui")

public class ClientUiApplication {



    @Bean

    public OAuth2RestOperations restOperations(

            OAuth2ProtectedResourceDetails resource, 

            OAuth2ClientContext context) {



        return new OAuth2RestTemplate(resource, context);

    }



    public static void main(String args) {



        SpringApplication.run(ClientUiApplication.class, args);

    }

}


here is the test controler



@Controller

public class ClientController {



    @Autowired

    private RestOperations restOperations;



    @RequestMapping("/root")

    public ResponseEntity userRootTest() {



       String rootUrl = "http://localhost:9004/microservice-files/root";



       return  restOperations.getForEntity(rootUrl,FileBean.class);



    }



}





spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign







share|improve this question














I have an oauth2 client that get a token from an authorization server successfully. (not always has been the case but now it is... :))



The client, the zuul gateway and the resource server are all registered in Eureka.



My client use a Proxy to access to a remote ressource service named microservice-files.



@RestController

@FeignClient(name = "zuul-server")

@RibbonClient(name = "microservice-files")



public interface ProxyMicroserviceFiles {



    @GetMapping(value = "microservice-files/root")

    FileBean getUserRoot();



}


So I'd like to relay the token to Zull and then to the resource server.



I can relay the token this way to contact Zuul and apparently the load balancing is managed too (I've just test I didn't know and it's great) also zuul can relay the token, but it's not very convenient I'd prefer the previous approach.



@EnableConfigurationProperties

@SpringBootApplication

@EnableFeignClients("com.clientui")

public class ClientUiApplication {



    @Bean

    public OAuth2RestOperations restOperations(

            OAuth2ProtectedResourceDetails resource, 

            OAuth2ClientContext context) {



        return new OAuth2RestTemplate(resource, context);

    }



    public static void main(String args) {



        SpringApplication.run(ClientUiApplication.class, args);

    }

}


here is the test controler



@Controller

public class ClientController {



    @Autowired

    private RestOperations restOperations;



    @RequestMapping("/root")

    public ResponseEntity userRootTest() {



       String rootUrl = "http://localhost:9004/microservice-files/root";



       return  restOperations.getForEntity(rootUrl,FileBean.class);



    }



}





spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign




spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 14:53









KaizokunKaizokun

74111




74111













  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

    – Kaizokun
    Nov 21 '18 at 20:04



















  • Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

    – Kaizokun
    Nov 21 '18 at 20:04

















Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

– Kaizokun
Nov 21 '18 at 20:04





Find the solution here stackoverflow.com/questions/29439653/… the answer is a litle bit old (3 years ago) but it still work perfectly. I don't know if a better solution more recent exist.

– Kaizokun
Nov 21 '18 at 20:04












1 Answer
1






active

oldest

votes


















1














If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean

public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,

                                                        OAuth2ProtectedResourceDetails resource) {

    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);

}



@Bean

protected OAuth2ProtectedResourceDetails resource() {

    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");

    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");

    resource.setClientId("my-client");

    resource.setClientSecret("my-secret");

    return resource;

}





share|improve this answer
























  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

    – Kaizokun
    Nov 24 '18 at 6:43













  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

    – Anatoliy Korovin
    Nov 24 '18 at 10:51













  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

    – Kaizokun
    Nov 24 '18 at 11:21











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean

public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,

                                                        OAuth2ProtectedResourceDetails resource) {

    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);

}



@Bean

protected OAuth2ProtectedResourceDetails resource() {

    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");

    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");

    resource.setClientId("my-client");

    resource.setClientSecret("my-secret");

    return resource;

}





share|improve this answer
























  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

    – Kaizokun
    Nov 24 '18 at 6:43













  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

    – Anatoliy Korovin
    Nov 24 '18 at 10:51













  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

    – Kaizokun
    Nov 24 '18 at 11:21
















1














If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean

public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,

                                                        OAuth2ProtectedResourceDetails resource) {

    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);

}



@Bean

protected OAuth2ProtectedResourceDetails resource() {

    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");

    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");

    resource.setClientId("my-client");

    resource.setClientSecret("my-secret");

    return resource;

}





share|improve this answer
























  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

    – Kaizokun
    Nov 24 '18 at 6:43













  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

    – Anatoliy Korovin
    Nov 24 '18 at 10:51













  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

    – Kaizokun
    Nov 24 '18 at 11:21














1












1








1







If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean

public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,

                                                        OAuth2ProtectedResourceDetails resource) {

    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);

}



@Bean

protected OAuth2ProtectedResourceDetails resource() {

    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");

    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");

    resource.setClientId("my-client");

    resource.setClientSecret("my-secret");

    return resource;

}





share|improve this answer













If I correctly understand your problem then you can use a RequestInterceptor to add a token in each request by the feign. In order to do it you can use the next configuration:



@Bean

public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,

                                                        OAuth2ProtectedResourceDetails resource) {

    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);

}



@Bean

protected OAuth2ProtectedResourceDetails resource() {

    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");

    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");

    resource.setClientId("my-client");

    resource.setClientSecret("my-secret");

    return resource;

}






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 24 '18 at 2:32









Anatoliy KorovinAnatoliy Korovin

1065




1065













  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

    – Kaizokun
    Nov 24 '18 at 6:43













  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

    – Anatoliy Korovin
    Nov 24 '18 at 10:51













  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

    – Kaizokun
    Nov 24 '18 at 11:21



















  • Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

    – Kaizokun
    Nov 24 '18 at 6:43













  • OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

    – Anatoliy Korovin
    Nov 24 '18 at 10:51













  • Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

    – Kaizokun
    Nov 24 '18 at 11:21

















Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

– Kaizokun
Nov 24 '18 at 6:43







Thanks for you answer it works perfectly. I don't know which one is the best solution . The other one just add the Token in the header, it is relayed and finaly the resource server can check it. Here we contact the authorization server at each feign request in the client I guess.

– Kaizokun
Nov 24 '18 at 6:43















OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

– Anatoliy Korovin
Nov 24 '18 at 10:51







OAuth2FeignRequestInterceptor does not try to obtain a new token on each feign requests, this is implementation obtain a token only if it misses in the OAuth2ClientContext, then put this token in context and refresh token only when it expired. You do not need to worry about performance in this case.

– Anatoliy Korovin
Nov 24 '18 at 10:51















Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

– Kaizokun
Nov 24 '18 at 11:21





Ok so if the other solution doesn't refresh the token if necessary; this is the best solution :) thanks for your contribution

– Kaizokun
Nov 24 '18 at 11:21




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414705%2fspring-boot-oauth2-token-relay-from-a-client-using-feign-ribbon-zull-and-eur%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Image
3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
Read more

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

Image
up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
Read more

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Image
0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
Read more