These are chat archives for spring-cloud/spring-cloud

29th
Jan 2016
Dave Syer
@dsyer
Jan 29 2016 06:45
It's very simple: the first match wins (I'm pretty sure it says that in the docs as well)
Dave Syer
@dsyer
Jan 29 2016 07:06
Do you have an example that seems not to follow that rule?
Robin Hermans
@robin-maxxton
Jan 29 2016 12:08

I have another (dependency) question regarding Spring Cloud Netflix Hystrix.
For some time I've been trying to get the OAuth2 SSO working in combination with the Hystrix Dashboard and Turbine.
The SSO part is working (users are sent to the OAuth2 provider and a JWT token is obtained), but Hystrix and Tubrine do not seem to care for it.
I was told that OAuth2 functionality would be added with the use of Hystrix 1.4.18, but I believe that only adds a input field where I can insert a token, so no SSO.
spring-cloud/spring-cloud-netflix#309

So is this gonna be a feature in the future or is it something that you would like to discourage?
Now if I would to implement this myself, where would I best start?
Looking at the source code on GitHub let me to the SpringClusterMonitor (in Turbine). Is this the right place to start or is there a better way (configuration maybe?)?
https://github.com/spring-cloud/spring-cloud-netflix/blob/master/spring-cloud-netflix-turbine/src/main/java/org/springframework/cloud/netflix/turbine/SpringClusterMonitor.java

Dave Syer
@dsyer
Jan 29 2016 12:25
I'm not sure what you mean
You want to secure the turbine service with access tokens?
Robin Hermans
@robin-maxxton
Jan 29 2016 12:29
My hystrix endpoints on my microservices are securited by OAuth2 JWT (you need a Authorization header for each request to get access). Turbine does not sent this Authorization header when opening a connection to the endpoints. I want turbine to do this based on the OAuth2Authentication which was set by the SSO.
Dave Syer
@dsyer
Jan 29 2016 12:31
Turbine doesn't have a user though
I guess the client of turbine is a dashboard UI?
So that's where the token has to come from?
Robin Hermans
@robin-maxxton
Jan 29 2016 12:33
Oke, in that case I think that I need to pass the JWT to the UI myself. Automatically fill the Authorization input field of the Hystrix Dashboard, right?
Dave Syer
@dsyer
Jan 29 2016 12:35
The dashboard we provide OOTB is a JavaScript client
So there's no great way to get a token
It has a proxy for the Hystrix stream though
So you can secure that
I would think that's the place to add the token.
Robin Hermans
@robin-maxxton
Jan 29 2016 12:39
That sounds sensible. I'll give that a try. Is there a specific class which is responsible for setting up the proxy?
Dave Syer
@dsyer
Jan 29 2016 12:40
It's in the dashboard
There isn't much code in the dashboard