Override URL and Authentication configuration of Spring Cloud Feign client - spring-boot

I am trying to leverage Spring Cloud Feign client for declaring rest endpoints(third-party-endpoints) which will be called based on the request that my controller receives.
I have declared a feign client interface like:
#FeignClient(name = "my-client", url = "https://abc.xyz.com", configuration = MyClientConfiguration.class)
public interface MyFeignClient{
}
MyClientConfiguration is an unannotated feign configuration class just exposing BasicAuthRequestInterceptor bean preconfigured with some credential.
public class MyClientConfiguration {
#Bean
public BasicAuthRequestInterceptor basicAuthRequestInterceptor(){
return new BasicAuthRequestInterceptor("USERID","PWD");
}
}
So, what I have right now is a preconfigured feign client.
I am not sure how do I deal with the requirement that asks for being able to define/override the feign configuration with the url and credentials received in the body of different POST request.
So its not about overriding the feign configuration via properties file(like other somewhat similar SO questions), but instead being able to configure the feign client on the fly based on the url and credentials received in the body of the incoming requests.
I am aware of ways to do it with WebClient and looking for something similar to what WebClient provides via its uri and headers methods. Webclient allows us to override the webClient bean configuration with different uri and different auth credentials,
webClient
.put()
.uri("base-uri", uriBuilder -> uriBuilder.path("/rest").path("/api").path("/2").path("/issue").path("/" + id).build())
.headers(httpHeaders -> {
httpHeaders.setBasicAuth("decrypted-username", "decrypted-pwd");
})
Does Spring Cloud Feign provide any such facility where it is possible to have a generic configuration yet allowing to override those configurations at runtime?
EDIT 1 : START
The closest I got to is implementing via the feign's builder pattern :
MyFeignClient myFeignClient = Feign.builder()
.contract(new SpringMvcContract())
.requestInterceptor(new BasicAuthRequestInterceptor("decrypted-username", "decrypted-pwd")
.target(MyFeignClient.class, myRequestDTO.getBaseUrl());
I was challenged with an exception because I didn't specify which Contract to use. It was using the Default Contract.I then changed to SpringMvcContract as the annotation that I am using are the Spring MVC ones and not feign's default.
Getting DecodeException as of now. Trying to fix it. Will post update when done.
EDIT 1 : END
EDIT 2 : START
I was finally able to get this working. I figured out that the feign-gson does a great job at deserialization with minimal configuration.
My final feign configuration with the Decoder in place looks like :
MyFeignClient myFeignClient = Feign.builder()
.contract(new SpringMvcContract())
.decoder(new GsonDecoder())
.requestInterceptor(new BasicAuthRequestInterceptor("decrypted-username", "decrypted-pwd")
.target(MyFeignClient.class, myRequestDTO.getBaseUrl());
EDIT 2 : END

Related

How to specify Ribbon Configuration for a specific Feign client in a Spring Boot project having multiple Feign clients?

I have a spring boot project which is having two Feign Client's.
First Feign client (i.e. ServiceAProxy.class below), which will work on Service Discovery using Eureka or Consul.
#FeignClient(name="service-A")
public interface ServiceAProxy{
#RequestMapping(method= RequestMethod.GET)
String getResponse();
}
Second Feign client( i.e ServiceBProxy.class ), needs to have a set of server list which will be picked from Spring Cloud Configuration server or Apache zookeeper config server and will be passed to the ribbon client of ServiceBProxy.class. For that, I'm trying to add a Ribbon Client Configuration that will modify the ribbon server list. Below is the code for the second feign client.
#FeignClient(name="service-B")
#RibbonClient(name="service-B",configuration= ServiceBProxy.LocalRibbonClientConfig.class)
public interface ServiceBProxy{
#RequestMapping(method = RequestMethod.GET)
String invalidateUsers();
#Configuration
class LocalRibbonClientConfig{
#Value("${server-host1}") // fetched from config
private String host1;
#Value("${server-host2}") // fetched from config
private String host2;
#Bean
public ServerList<Server> ribbonServerList() {
return new StaticServerList<>(
new Server(host1,8080),
new Server(host2,8081)
);
}
}
}
Now, when I run the code, ServiceBProxy.class works as expected and picks the list of servers that was specified in the LocalRibbonClientConfig.class.
But the problem is with the ServiceAProxy.class which was suppose to work on the basis of service discovery also starts to use the LocalRibbonClientConfig.
How can I only allow ServiceBProxy.class to use the custom ribbon configurations and other feign clients in the project to work as per their default behaviour.
Please guide on this.

OAuth2 / OpenID Connect configuration in Spring Boot and OpenAPI

I am securing my application with OpenID Connect and Keycloak.
My API documentation is OpenAPI 3 which I generate from code.
#Bean
public OpenAPI customOpenAPI() {
OAuthFlows flows = new OAuthFlows();
OAuthFlow flow = new OAuthFlow();
String authUrl = authServerUrl + "/realms/" + realm + "/protocol/openid-connect/auth";
flow.setAuthorizationUrl(authUrl);
Scopes scopes = new Scopes();
flow.setScopes(scopes);
flows = flows.implicit(flow);
return new OpenAPI()
.components(new Components().addSecuritySchemes("keycloak",
new SecurityScheme().type(SecurityScheme.Type.OAUTH2).in(SecurityScheme.In.HEADER).flows(flows)))
.info(new Info().title(appName)
.version(appVersion))
.addSecurityItem(new SecurityRequirement().addList("keycloak",
Arrays.asList("read", "write")));
}
This works fine as I can authenticate via Keycloak's implicit flow. Now I want to secure only some endpoints and not all in my API.
I tried to annotate the desired endpoint with
#SecurityRequirement(name = "keycloak")
This seems to work. When I look in the JSON api-docs of my Swagger UI HTML, I can see that this entity is added to the endpoint configuration.
The problem seems to be that it is also placed as a global statement in the docs, so it is used for every endpoint.
QUESTION:
Is there a way to define the security scheme as non-global so I can place it to specific endpoints?
I could not find much documentation on configuring OpenAPI 3 by code. I've seen a way to add it via Annotation to the main class of the object via #OpenAPIDefinition( but I could not find a documentation for it and I did not figure out how to define the openid connect specifics within this annotation.

How to inject Feign Client with out using Spring Boot and call a REST Endpoint

I have two Java processes - which get spawned from the same Jar using different run configurations
Process A - Client UI component , Developed Using Spring bean xml based approach. No Spring Boot is there.
Process B - A new Springboot Based component , hosts REST End points.
Now from Process A , on various button click how can I call the REST end points on Process B using Feign Client.
Note - Since Process A is Spring XML based , right at the moment we can not convert that to Spring boot. Hence #EnableFeignClients can not be used to initialise the Feign Clients
So Two questions
1) If the above is possible how to do it ?
2) Till Process A is moved to Spring boot - is Feign still an easier option than spring REST template ?
Feign is a Java to HTTP client binder inspired by Retrofit, JAXRS-2.0, and WebSockets and you can easily use feign without spring boot. And Yes, feign still better option to use because Feign Simplify the HTTP API Clients using declarative way as Spring REST does.
1) Define http methods and endpoints in interface.
#Headers({"Content-Type: application/json"})
public interface NotificationClient {
#RequestLine("POST")
String notify(URI uri, #HeaderMap Map<String, Object> headers, NotificationBody body);
}
2) Create Feign client using Feign.builder() method.
Feign.builder()
.encoder(new JacksonEncoder())
.decoder(customDecoder())
.target(Target.EmptyTarget.create(NotificationClient.class));
There are various decoders available in feign to simplify your tasks.
You are able to just initialise Feign in any code (without spring) just like in the readme example:
public static void main(String... args) {
GitHub github = Feign.builder()
.decoder(new GsonDecoder())
.target(GitHub.class, "https://api.github.com");
...
}
Please take a look at the getting started guide: feign on github

How to manually call a microservice from a JHIPSTER gateway repository or service

I'm new to Jhipster, and wondering if it's possible to manually call a microservices from the gateway code using a RestTemplate or something else.
My first idea was to call the gateway itself... but I'm not sure it's a good idea.
My second idea was to try and call the service by it's URL. My concern is that I don't want to hardcode the port of a given node. Instead, i want to use proper loadbalancing.
I've read this article https://dzone.com/articles/spring-cloud-rest-client-with-netflix-ribbon-basic, but the injection failed.
I've read somewhere else that you now need to manually add the bean declaration
#LoadBalanced
#Bean
RestTemplate restTemplate(){
return new RestTemplate();
}
But now I'm struggling with the actual URI : what I am supposed to put as the root? (xxxxx)
final HcpVersionedhcp hcpVersionedhcp =
restTemplate.exchange("http://xxxxx/api/user-data/byLogin/", UserData.class);
The only configuration I have in my gateway application.yml is
ribbon:
eureka:
enabled: true
The "xxxxx" has to be replaced with your services name. If your service is "foo", you should write http://foo/api/user....
If you are using JWT as authentication, you need to auth using a user a in JHipster, or to pass the JWT token from request when possible. However the is no best practice for JWT auth, so I would suggest to go the JHipster UAA way.
In a few words, you have one more service responsible for authentication and authorization. To access your service from another service, you can use #AuthorizedFeignClient on interfaces, similar to JPA.
So you define:
#AuthorizedFeignClient(name = "xxxx")
interface XxxClient {
#RequestMapping(value = "/api/some-entities/{id}")
SomeEntity getSomeEntityById(Long #Path("id") id);
}
And inject it in any spring service / rest-controller like this:
#Inject
private XxxClient xxxClient;
//...
public void someAction() {
//...
xxxClient.getEntityById(id);
//..
}
Which internally implement client authorization flows ...

forcing the Jersey Grizzly server to authenicate

I am performing acceptance tests against REST services written using Jersey. In my services, I need to get the name of the user who successfully authenticated (BASIC) using:
#Context private SecurityContext securityContext; //at class level
String username = securityContext.getUserPrincipal().getName() //inside a resource
I am using the Jersey client API and running against the Grizzly server. I set up the server as follows:
public class BaseResourceTest extends JerseyTest {
public BaseResourceTest() throws Exception {
super(new WebAppDescriptor.Builder("net.tds.adm.na.batchcut")
.contextPath(baseUri.getPath())
.contextParam("contextConfigLocation","classpath:testContext.xml")
.initParam("com.sun.jersey.api.json.POJOMappingFeature",
"true").servletClass(SpringServlet.class)
.contextListenerClass(ContextLoaderListener.class)
.build());
}
.......
}
In my tests, I pass an authorization header as follows:
WebResource resource = resource().path(_url);
return resource.type(MediaType.APPLICATION_FORM_URLENCODED_TYPE).header(HttpHeaders.AUTHORIZATION, new String(Base64.encode("judge:smails"))).post(ClientResponse.class, _formData);
However, in my resources I get an NPE when trying to get the user name. I think I need to get the server to actively authenticate against a realm but I haven't found how to configure the server to do this. Has anybody had any experience with this?
Unfortunately Grizzly HttpServer doesn't support authentication at the moment.
But here you can find a simple example how to implement authentication using Jersey Filter.
http://simplapi.wordpress.com/2013/01/24/jersey-jax-rs-implements-a-http-basic-auth-decoder/

Resources