I have a spring cloud application which have multiple spring boot micro services. I'm using resttemplate to call other services in someone, and for security reason I use an interceptor to pass through the Authorization header. The full source code can be found at Spring Cloud in Practice.
package net.jaggerwang.scip.common.api.interceptor;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
public class HeadersRelayInterceptor implements ClientHttpRequestInterceptor {
private Set<String> headers;
public HeadersRelayInterceptor(Set<String> headers) {
this.headers = headers;
}
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
var requestAttrs = RequestContextHolder.getRequestAttributes();
if (requestAttrs instanceof ServletRequestAttributes) {
var upstreamRequest = ((ServletRequestAttributes) requestAttrs).getRequest();
for (var header: headers) {
request.getHeaders().addAll(header,
Collections.list(upstreamRequest.getHeaders(header)));
}
}
return execution.execute(request, body);
}
}
But the requestAttrs above is always null, and I see the request executed by resttemplate is not in the main thread. Does this is the reason and how can I solve this problem.
Spring Boot: 2.2.2 Spring Cloud: Hoxton.SR1
<?xml version="1.0" ?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>net.jaggerwang</groupId>
<artifactId>spring-cloud-in-practice</artifactId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<groupId>net.jaggerwang</groupId>
<artifactId>spring-cloud-in-practice-user</artifactId>
<version>1.0.0-SNAPSHOT</version>
<name>spring-cloud-in-practice-user</name>
<description>Spring cloud in practice user</description>
<dependencies>
<dependency>
<groupId>net.jaggerwang</groupId>
<artifactId>spring-cloud-in-practice-common</artifactId>
<version>${scip-common.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-consul-discovery</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-consul-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-circuitbreaker-reactor-resilience4j</artifactId>
</dependency>
<dependency>
<groupId>com.querydsl</groupId>
<artifactId>querydsl-apt</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.querydsl</groupId>
<artifactId>querydsl-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.mysema.maven</groupId>
<artifactId>apt-maven-plugin</artifactId>
<version>${apt-maven-plugin.version}</version>
<executions>
<execution>
<phase>generate-sources</phase>
<goals>
<goal>process</goal>
</goals>
<configuration>
<outputDirectory>target/generated-sources/java</outputDirectory>
<processor>com.querydsl.apt.jpa.JPAAnnotationProcessor</processor>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Comment From: bclozel
As underlined in its Javadoc, RequestContextHolder is indeed thread-bound. In your case, HTTP clients are often using connection/thread pools which are independent of the server request thread. In that sense, RequestContextHolder is working as designed.
Now about your use case, I think you'll get better results by asking on StackOverflow directly. If this is only about security credentials, Spring Security might have already something available for this (depending on the security spec/protocol). If you're looking for a general way of proxying requests to other microservices, Spring Cloud Gateway could be a nice alternative. As for forwarding all request header without filtering them, you should make sure this does not cause security issues.
Comment From: jaggerwang
Thanks! I've already using spring cloud gateway to forward request to backend services, here the problem is that I want to send request to other services in one of them, not the gateway, so I need to forward authorization header by my self. I've already using request scope bean to solved this problem, but I hope there is a better one.