We have a complicated app based on Spring Cloud, Netflix Loadbalancer, to make calls between micro-services ms1<client>-->ms2<server>
We are using a restTemplate.exchange call to a URI hostname that is a Eureka Key for FQDN lookup.
This configuration works in other micro-services, in fact the the restTemplate bean works for a different component's micro-service call.
The receiving the rest call is Cloud Foundry Go-router which I believe is just a ngineX proxy server, the httpClient request should have the header variable set to "Host":"FQDN" this allows the proxy to route the request to the proper instance in the space.
PROBLEM:
httpClient from ms makes the call to the ms
CompletionException. cause: org.springframework.web.client.HttpClientErrorException: 404 NOT_FOUND
This is the response from the CF go-router (simple proxy server), the request never gets http--> the ms instance.
When the RestClient configures the request it sets the header "Host" as localhost:8090 or whatever the ms hostname is???
Discussion related Questions:
So apparently we have a configuration problem here.
Any advice on how the netflix ribbon loadbalancer client stuff sets the httpClient headers?
What package class interceptor does this magic?
What configuration variables effect this?
Code debugging indicates that netflix.client.SimpleVipAddressResolver is running.
We've traced the debug all the way to the Apache httpClient and it has the header Host set to the ms hostname, it's set to that value in the netflix httpClient wrapper too.
I tried to create a simple reference implementation of this, but can't.
Any recommendations on troubleshooting?
Where to look or read docs on what com.netflix package?
Using the Camden Spring. Using profiles,
From the memory debugging;
ClientClassName:com.netflix.niws.client.http.RestClient
VipAddressResolverClassName:com.netflix.client.SimpleVipAddressResolver
NIWSServerListClassName:com.netflix.loadbalancer.ConfigurationBasedServerList
NFLoadBalancerClassName:com.netflix.loadbalancer.ZoneAwareLoadBalancer
NFLoadBalancerRuleClassName:com.netflix.loadbalancer.AvailabilityFilteringRule
EnablePrimeConnections:false,
CustomSSLSocketFactoryClassName:null,
TrustStorePassword:null,
EnableConnectionPool:true,
listOfServers:,
OkToRetryOnAllOperations:false,
RequestIdHeaderName:null
Our suspicion is that some application.properties, .yml, or bootstrap.yml is being set or not being set some where in the scan path ???.
We had just upgrade the platform spring boot 1.3.x to 1.4.2.
The ms inbound controller had the annotation
#RequestHeader HttpHeaders httpHeaders
Which is what we attached into the restTemplate.execute as a parameter and eventually found it way to the rest-netflix-httpClient as the request headers being used to call the ms. The Go-Router on CF must be using that value to perform the proxying to the instance.
Apparently, somewhere in the upgrades, one of two things happen, either
A) boot Controller #RequestHeader in version 1.3.2 did not put header Host.
B) previous versions of spring Cloud-netflix-ribbon overwrote the Host httpHeader value with the Ribbon lookup.
Either way, there was no special interceptor.
Spring cloud netflix Eureka will take whatever httpHeaders you provide (even if that header is key:Host and use those values.
Related
I'm running a Spring Boot app using:
Spring Boot 2.3.8
Spring Cloud Hoxton.SR10
I've declared the spring-cloud-starter-zipkin and spring-cloud-starter-openfeign dependencies, and have configured my app to point to a Zipkin server. Its a pretty vanilla setup and configuration (I also declare the spring-cloud-starter-netflix-ribbon and spring-cloud-starter-kubernetes-all dependencies o allow Spring Feign to use k8s service discovery).
My app declares a #SpringFeign annotated interface with a method to call to a remote service S.
So generally zipkin is getting spans from my app (for e.g. incoming REST calls) and B3 headers are being propagated via HTTP to the service S being called through feign.
But zipkin does not report a span from my app representing the Feign call to S.
Is that something that should "just happen", or am I missing a piece of the puzzle?
I can e.g. add #NewSpan to the feign interface method, but that doesn't give me HTTP details for the request/response as span tags. And I rather not do that if this is supposed to work out of the box.
This should be done out of the box: https://docs.spring.io/spring-cloud-sleuth/docs/2.2.7.RELEASE/reference/html/#feign
You can take a look at the feign sample (you need to go back in the history, currently it is for 3.x): https://github.com/spring-cloud/spring-cloud-sleuth/tree/master/spring-cloud-sleuth-samples/spring-cloud-sleuth-sample-feign
In order to see if propagation works, look into the outgoing request, it should contain the tracing-related headers.
We're using Brave's ExtraFieldPropagation feature to propagate custom fields (e.g. an internal-only request identifier) between services as HTTP headers.
Some of our services make requests to external services using a RestTemplate or Feign client in the course of processing a request. Since Sleuth enhances all RestTemplate beans and Feign clients with the propagation feature, this means that external services receive the internal-only headers, which I'd like to avoid.
I know of two workarounds that allow me to avoid this behavior, both of which are flawed:
Instantiate a client object manually as opposed to using a #Bean so that Sleuth does not add an interceptor. The downside I see here is that developers have to remember to follow this pattern to avoid leaking information, and this is difficult to enforce.
Add an interceptor that removes these headers from outgoing requests. The downsides here are that a) I need separate interceptors for RestTemplate and Feign clients (not a huge deal); b) it looks like Feign client interceptors do not have a way to influence order of execution (see javadoc here), so I can't guarantee that the new interceptor will run last / after the Sleuth one.
Is there a way to customize Sleuth (e.g. via some kind of injector bean) such that, prior to injecting headers in an outgoing HTTP request, I can reason about the destination of the request? I saw documentation regarding custom injector beans, but it appears those no longer exist in spring boot >= 2. I can't seem to find an equivalent construct in Brave.
You can unsample a given URL which means that the headers will be propagated but not sent to Zipkin. You can't disable instrumentation for only some of the URLs cause we're instrumenting all of the components that are registered as beans.
I was trying to search, but did not find an answer suited to our situation.
Basically, we have zuul server as API gateway which does following responsibilites
+ Autheticate user, and create and maintain session with users
+ Sessions will be stored in redis (we are using spring session with redis)
I want to have all of resource servers having access to session information created by zuul server. But I could not get session information from resource servers. its alway return null, I have checked redis server and seen session is created by zuul server already
Note that we are using Netflix service discovery to forward request from Zuul respective service.
highly appreciate for any advice
actually I was missing the following code.
context.addZuulRequestHeader("Cookie", "SESSION=" + httpSession.getId());
After adding above code to pass session_id in the cookie from zuul filter to respective micro-services, it is able to pickup the session_id from zuul filter.
I had the same problem. But after I have configured the application.yml to set "sensitiveHeaders" to empty. My problem is solved! :)
zuul:
routes:
users:
path: /myusers/**
sensitiveHeaders:
url: https://downstream
you can see more details at this link
Even though you're storing session in Redis, session id is stored in cookie and must be delivered to your resource servers. But the default configuration of zuul is filtering out all cookie related headers.
The below is default configuration of zuul for senstive-headers those are not passed to downstream servers.
zuul.sensitiveHeaders=Cookie,Set-Cookie,Authorization
To pass cookie related headers from zuul to your resources servers, You need to redefine it without cookie related headers like belows.
zuul.sensitiveHeaders=Authorization
The above example is using global configuration. You can define it for each route. Please refer to the section "Cookies and Sensitive Headers" in the the linked doc : http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html
If you also need to authorization header in your resources servers, you can define above configuration with blank list.
make sure your are using filter more than 5
#Override
public int filterOrder() {
return 10;
}
for more detail find the below example
https://stackoverflow.com/a/54833734/11103297
When using Spring Session and Spring Security to protect APIs in a Microservice application, it is easy to set up to use the request header to resolve the session, the usage is very similar to the OAuth2 opaque token.
Declare a bean HttpSessionIdResolver.
HeaderHttpSessionIdResolver.xAuthToken()
Note: this is for Spring MVC. It will resolve the HTTP header x-auth-token.
When a request is sent from client, in the gateway, pass the header x-auth-token to the downstream services/components.
An working example: hantsy/spring-microservice-sample (But I did not use Zuul like Gateway in this sample application, and simply I used Nginx as reserve proxy)
I have spring web application (not spring boot) running in AWS. I am trying to create centralized configuration server. How to refresh the spring-cloud-client after the changing the properties? As per tutorial
Actuator endpoint by sending an empty HTTP POST to the client’s refresh endpoint, http://localhost:8080/refresh, and then confirm it worked by reviewing the http://localhost:8080/message endpoint.
But my aws Ec2 instances are behind the loadbalancer so i can't invoke the client url. I didn't understand the netflix Eureka and Ribbon much but it seems like adding another level of load balancer in the client side. I don't like this approach. Just to change a property i don't want to make the existing project unnecessarily complex. Is there any other way? or Am I misunderstood Eureka/Ribbon usage?
I have looked at the spring-cloud-config-client-without-spring-boot, spring-cloud-config-client-without-auto-configuration none of them have answer. First thread was answered in 2015. Wondering is there any update?
To get the configuration properties from a config server. You can do a http request. Example:
From the documentation we can see:
/{application}/{profile}[/{label}]
/{application}-{profile}.yml <- example
/{label}/{application}-{profile}.yml
/{application}-{profile}.properties
/{label}/{application}-{profile}.properties
So if you would do a request to http://localhost:8080/applicationName-activeProfile.yml you would receive the properties in .yml format for the application with that name and active profile. Spring boot config clients would automatically provide these values but you will have to provide em manually.
You don't need Eureka/Ribbon for this to work, it's a separate component.
More info: http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_spring_cloud_config
Maybe you could even use spring-cloud-config but I'm not sure what extra configuration is needed without spring-boot.
https://cloud.spring.io/spring-cloud-config/
I have a rest web service that is implemented using spring boot starter web. This service acts as a client to another application that requires authentication to make calls to it.
Calls made from the client to the server are using org.springframework.web.client.RestTemplate.
Is there a way to come up with a solution to add authentication headers to outbound requests at one single point before they are sent out?
I don't want to add headers in each of the requests separately.
Javadoc for RestTemplate says:
This template uses a SimpleClientHttpRequestFactory and a
DefaultResponseErrorHandler as default strategies for creating HTTP
connections or handling HTTP errors, respectively. These defaults can
be overridden through
HttpAccessor.setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory)
So I would take SimpleClientHttpRequestFactory and override its prepareConnection(..) method.