These are chat archives for spring-cloud/spring-cloud

14th
Jul 2016
David Steiman
@xetys
Jul 14 2016 09:00
Does anyone also having problems with converting oauth2 access tokens when deploying to GCE or kubernetes in general?
David Steiman
@xetys
Jul 14 2016 09:08
As soon my spring cloud app starts there, the token gets eaten
Dave Syer
@dsyer
Jul 14 2016 09:14
It works locally?
David Steiman
@xetys
Jul 14 2016 09:15
yes it does
with docker-compose also
Dave Syer
@dsyer
Jul 14 2016 09:18
Don't know then
David Steiman
@xetys
Jul 14 2016 09:37
tried with rsa jwt tokens also
David Steiman
@xetys
Jul 14 2016 10:24
ok it has something to do with zuul proxy
ok got it
David Steiman
@xetys
Jul 14 2016 10:29
looks like enabling compression is damaging the tokens
Johan van den Berg
@johanvdb
Jul 14 2016 12:39
Afternoon. I have a need to inject the same feign client interface to access multiple different URL's that will only be known at runtime. I have tried to use the builder pattern on HistrixFeign but run into issues with encoder / decoder that I don't have when I autowire the feign client, so I'm pretty sure I am missing the magic that spring cloud provides if I don't autowire. Anyone have any pointers on how I should go about trying to instantiate and use a feign client but send it a URL when I instantiate it using spring boot / spring cloud?
Marcin Grzejszczak
@marcingrzejszczak
Jul 14 2016 13:06
@bandrzejczak ^^ didn't you do sth similar?
Johan van den Berg
@johanvdb
Jul 14 2016 13:40
If I do the following, it at least creates the proxy and allows me to call it, but the ribbon lookup fails. I assume since I am not using the autowired version, I need to somehow tell it to use ribbon that comes with spring cloud (which already works in my app, I can autowire feign and call ribbon named services):
        UserClient userProviderClient = HystrixFeign.builder()
                .contract(new SpringMvcContract())
                .target(UserClient.class, dynamicUrlWhichPointsToRibbonServiceNameRegisteredInEureka);
java.net.UnknownHostException: service-user-provider-fake
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
    at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
    at sun.net.www.http.HttpClient.New(HttpClient.java:308)
    at sun.net.www.http.HttpClient.New(HttpClient.java:326)
    at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1169)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
    at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:933)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    at feign.Client$Default.convertResponse(Client.java:152)
    at feign.Client$Default.execute(Client.java:74)
Johan van den Berg
@johanvdb
Jul 14 2016 18:02
For the record, I got it working by importing FeignClientsConfiguration in my current context, and then injecting the beans that it created into my builder similar to how FeignClientFactoryBean does things on startup. I then make use of the ribbon LoadBalancer to set the url for the builder and create the feign client when I need it. This is naturally quite inefficient, I would need to cache the created clients, or even better, mimmic the same behaviour that @FeignClient does and create a new spring context for each different URL, and then use the context to first check if it exists before I create them, but ideally I find a way to let the autoconfiguration pick it up and do all this for me but during runtime. I might be WAY off base, but I was thinking I create a runtime cglib or similar class with the required annotation and service names etc, put it in some dynamic package, and kick the autoconfiguration of @EnableFeignClients into action on that package (if I don't find one in the context). It feels horrible, sounds horrible, and smells horrible, but I can't think of a better way of dynamically creating these clients at the moment. Any advice will be appreciated...
Robert Van Voorhees
@voor
Jul 14 2016 19:55
There have been a lot of questions in here about the sensitiveHeaders and Authorization, is there a way to add some kind of customization to manipulate the Authorization header inside of a ZuulFilter instead of just removing it?
Specifically, I want to see if it is a JWT, and if it is, forward it, otherwise do XXX. (XXX will be convert it into a JWT through the auth server)
Marcos Barbero
@marcosbarbero
Jul 14 2016 19:56
You can add a ZuulFilter on pre phase
Robert Van Voorhees
@voor
Jul 14 2016 19:56
That way my services are all statelessly using JWT, but the gateway (Zuul) can deal with various configurable forms of authentication.
Is that a PreDecorationFilter?
Marcos Barbero
@marcosbarbero
Jul 14 2016 19:59
You can create your own filter, something like PreAuthorizationFilter that extends ZuulFilter and it’s type like:
@Override
public String filterType() {
    return "pre";
}
I don’t know exactly the filter order to be executed but this solution may fit your needs
Robert Van Voorhees
@voor
Jul 14 2016 20:14
When running Eureka with @EnableEurekaServer where does it stand up the actual Eureka API endpoints? Getting a 404 when I try to do something like curl http://localhost:8761/eureka/v2/apps/foo -X POST -v
Marcos Barbero
@marcosbarbero
Jul 14 2016 20:15
try curl -v -X POST http://localhost:8761/eureka/apps/{foo}
From time to time I see people asking for oauth2 configuration for spring cloud config client. I want to share my solution that’s based on Pivotal implementation, it’s available on maven central and the source can be found at https://github.com/marcosbarbero/spring-cloud-config-client-oauth2
Robert Van Voorhees
@voor
Jul 14 2016 20:28
That worked, thanks @marcosbarbero
Marcos Barbero
@marcosbarbero
Jul 14 2016 20:28
Great :)
Robert Van Voorhees
@voor
Jul 14 2016 20:41
Back to the Zuul conversation, it looks like @dsyer already created a filter to pretty much perform almost that same task with OAuth2TokenRelayFilter
Marcos Barbero
@marcosbarbero
Jul 14 2016 20:43
I think it just downstream the access_token in case it’s found in the current request headers
I think you have a different use case, correct me if I’m wrong.
You want to route the request to different places based on token type
Am I wrong?
Robert Van Voorhees
@voor
Jul 14 2016 20:56
No, you are correct, just that class also has some examples of how to test the access token.
Like if I wanted to go so deep as to check that the access token was not only a JWT but also properly signed.
Say it was a JWT signed by Google or someone else, I could forward it to get signed again, yadda yadda.
Marcos Barbero
@marcosbarbero
Jul 14 2016 20:58
You’re right, this class will give you some ways to access the information you’re looking for
But I think you’ll need to implement your own Filter to handle your use case
I’m also thinking in a way to implement a multiple authentication on top of Zuul, but I’ve done nothing yet
Robert Van Voorhees
@voor
Jul 14 2016 21:01
Whatever we're working on is open source if you ever want to follow along, the Gateway stuff hasn't been touched in a month, but we're revisiting it soon: https://github.com/SMARTRACTECHNOLOGY/smartcosmos-gateway
Marcos Barbero
@marcosbarbero
Jul 14 2016 21:02
I’ll take a look on it
Robert Van Voorhees
@voor
Jul 14 2016 21:05
Nothing there yet except the same code though. ;)