Spring Cloud Netflix Header not available in gateway after addZuulRequestHeader

I am trying to add a header in my zuulfilter class using addZuulRequestHeader("test","123") and with in the gateway (in another class) trying to retrieve the header i added previously using

@autowire HttpServeltRequest request; request.getHeader("test") // this gives me null but the same piece of code works fine in the microservice after the routing but not in the gateway. Autowiring HttpServletRequest gives me a current http request. So the header added using addZuulRequestHeader() is not available instantly or am i missing something? Or is it meant to be only available for downstream services? Any help appreciated.

Comment From: spencergibb

Can you show more? I don't know if you're missing something because I can't see anything besides a short explanation. What versions are you using? Configuration? How are you getting to the piece of code where you don't see the header? If you'd like us to spend time looking into this, please spend some time gathering details.

Comment From: AbishekDonthamsetty

Thank you @spencergibb for looking into it.

Here is the filter class.

import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import org.apache.commons.lang3.RandomStringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.security.core.context.SecurityContextHolder; import com.sample.AppUser; import com.sample.TokenGenerator; import com.sample.Claims;

public class ZuulJwtPreFilter extends ZuulFilter {

@Autowired private TokenGenerator tokenGenerator;

@Override public String filterType() { return "pre"; }

@Override
public int filterOrder() { return 1; }

@Override
public boolean shouldFilter() {  return true; }

@Override
public Object run() {
    AppUser user = (AppUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

    Claims claims   = new Claims(user);
    try {
        RequestContext.getCurrentContext().addZuulRequestHeader("Key","test"); 
        String token = tokenGenerator.getToken(claims);
        RequestContext.getCurrentContext().addZuulRequestHeader(HttpHeaders.AUTHORIZATION, token);
    } catch (Exception e) {
        //
    }
    return null;
}

Here is the class where i am having trouble retrieving the header.

import javax.servlet.http.HttpServletRequest;

@Component public class TokenGenerator {

@Autowire private HttpServletRequest request;

public String getToken(Claims claims) {

  String key = request.getHeader("Key");
  return claims+key; // using hashing to generate token

}

Note: TokenGenerator is in a jar and is added to my gateway as dependency (assuming that shouldn't effect me getting the request in the generator class)

Here are the dependencies springBootVersion = '1.5.9.RELEASE' compile group: 'org.springframework.cloud', name : 'spring-cloud-starter-zuul', version: '1.3.0.RELEASE' compile 'org.springframework.cloud:spring-cloud-starter-eureka:1.2.3.RELEASE' compile 'javax.servlet:servlet-api:2.5'

My guess is using RequestContext.getCurrentContext().getRequest().getHeader("Key") in the TokenGenerator class might give me the value but my question is why doesn't HttpServletRequest doesn't give me the header info in gateway and gives me the header info in the micorservice after routing?

Please let me know if you need any other info.

Comment From: spencergibb

Please learn how to properly format code and logs.

RequestContext.addZuulRequestHeader() doesn't actually change the request, it just keeps things in a local map to be used later.

You need to use RequestContext.getRequest().

Comment From: Akhilesh601

This is the problem of sensitive header. zull will not send sensitive information in the header. so to overcome on that you have to add below code in your .yml file

sensitiveHeaders: Cookie,Set-Cookie

so it will not treat authorization as sensitive information

for more details please go through below link

https://www.appsdeveloperblog.com/pass-authorization-header-to-downstream-microservice/#:~:text=Configure%20Zuul%20API%20Gateway%20to%20Forward%20an%20Authorization%20Header&text=To%20make%20Zuul%20API%20Gateway%20allow%20Authorization%20Header%20to%20be,from%20the%20comma-delimited%20list.&text=or%20explicitly%20set%20it%20to%20the%20empty%20list.