Patrick Cornelißen opened SPR-15440 and commented

As spring session enables us to create distributed services that access the session in a single place, it should be easy to pass this session around, so you can make calls to other backend services on behalf of the user. The same would work for "regular" JSESSIONIDs or oauthTokens.

The basic idea is to configure some parts of the request that triggered a RestTemplate Call to automatically be passed along with RestTemplate calls. This makes writing chained calls in distributed service environments much easier. I'm thinking of something similar like the sleuth integration which also passes something from the first to the last call.

As there are a few "properties" of the request that may be important depending on your application ("session" cookie when using Spring-Session, "JsessionID" for regular webapps, oauth header fields,...) this needs to be configurable at least on a application level.

I have investigated a while and it seems like the best way currently is to use the RestTemplate methods that allow to pass a HttpEntity and set the cookie header yourself like this:

HttpHeaders headers = new HttpHeaders(); headers.add("Cookie", "SESSION=" + session); ResponseEntity\ exchange = restTemplate.exchange(url, HttpMethod.GET,new HttpEntity\(headers), UUID.class); This is error prone because you could easily forget to set the header and it is cumbersome to do this for each call. (The worst thing is to have to use the exchange method all the time)

So it would be nice to have a "session enabled" RestTemplate that passes the session or authentication information to the called service if they are present in the current request context. (Hystrix should also be taken into account, because many RestTemplate calls are running in Hystrix so the requestContext needs to be copied to the hystrix thread context as well!)

Is that something worth considering? Or am I missing something that makes this easier?

Andy suggested in the linked github issue that this should be a suggestion in spring-session, but I think that it shouldn't be scoped to just handle spring session.

Affects: 4.3.7

Reference URL: https://github.com/spring-projects/spring-boot/issues/5892

Comment From: spring-projects-issues

Rossen Stoyanchev commented

Have you considered using a ClientHttpRequestInterceptor like for example this one ?

Comment From: spring-projects-issues

Patrick Cornelißen commented

Yes something like this might work

Comment From: bclozel

RestTemplate is now in maintenance mode. We're closing this issue as a result.