I am using webclient to make 3rd party api call in spring boot.
I am making post request with authorization key in headers.
But I am facing unauthorized error.
here is the code :
https://stackoverflow.com/posts/72070182/revisions
Let me know how can we pass authorization key in headers with request body.
Related
I have set up a gateway and a microservice with ktor. I want authentication on microservice level. I have made httpclient for a service in gateway, but i cannot seem to find a way to forward bearer token from api gateway request to httpclient request. There are lots of tutorials where httpclient is created with bearer token.
One way i found was manually add authorization header to every request i make but this is not what i want. I would like this process to be automatic. Any ideas? Maybe ktor might not be good for api gateway?
I have a REST API which calls another REST API using the Feign client. Between the two calls I have a reverse proxy which add Cookie in the Header's response.
In my next calls the Cookie is still present in the header although I only add Bearer using a Spring's Interceptor.
I don't understand how this can happen because my Feign client is a Singleton managed by Spring.
I have implemented APIs in my Spring boot application. I want to secure the API calls. The flow should be my API is called with Auth token in header -> my API app validate the token by calling another API -> if validation is successful than response is sent else unauthorized msg sent. How do i do this? I am new with this security implementation.
Thanks!
I have 2 microservices. 1 is a Spring boot 2 project setup as a oauth2 server running on port 8000 and the other is a Spring boot 2 project oauth2 client running on port 8001.
I have the oauth server setup and I can confirm it's working because I get a token when I login using the client id and secret. I use Postman to do a post to /oauth/token and I can see the content. I see the access token and refresh token.
I then use Postman to do a call to the other microservice which is a Spring boot project setup as a oauth2 client. I set the Access Token using Postman as a oauth2 Authorization and I can see that the Authorization: Bearer TOKEN is added to the header. I then do a call to the oauth2 client where I call the following endpoint:
#GetMapping("/api/user/test")
#PreAuthorize("isAuthenticated()")
public MyObject doTest() {
return new String("Test");
}
When I invoke that url I can determine that spring sends a request to the oauth server to get the current user. In my application.yml I have the following so that spring knows where the oauth server is:
security:
oauth2:
resource:
user-info-uri: http://localhost:8000/oauth/user
So far so good. Now here is the thing. I debug the http://localhost:8000/oauth/user url and according to spring the principal is null. I have found where it is going wrong. Either my configuration is wrong or there is a huge bug in Spring because when I add a filter to the oauth2 server and print all the headers this is what I see:
Header: application/json
Header: Java/1.8.0_181
Header: localhost:8000
Header: http
Header: 8000
Header: 172.20.0.1
Header: gzip
Header: 0
Header: 192.168.178.153:9001
Header: Keep-Alive
As you can see there is no Authorization header. Apparently spring oauth2 client isn't sending the Authorization header when invoking user-info-uri. Can anybody help?
I need to know how to configure my spring boot oauth2 client so that each url that needs authentication will call a certain url to get the current user.
Thanks in advance,
Martijn
I found the solution. It was connecting through a zull proxy and by default the zuul proxy filters out the Authorization header. Add this to the zuul configuration and it will work: zuul.sensitiveHeaders: Cookie,Set-Cookie
I'm using Spring Boot with web and security starter dependencies, and spring-security-oauth2. I'm trying to secure a REST API with a remote (Openstack Keystone) OAuth2 provider.
So far I've managed to correctly fetch an access_token but when it comes to getting the user information I get a 404 not found, as it seems that the OS provider expects the access_token to be provided in the request parameters.
I can't figure out how to persuade the OAuth2RestTemplate class to append the access_token to the security.oauth2.client.resource.user-info-uri endpoint.
Figured out that setting security.oauth2.client.client-authentication-scheme to query will make the RestTemplate append the access_token to the subsequent requests for user information.