I want to add a Authorization header to all outgoing requests of my Spring 3.2 application.
This solution describes how to do it by adding an interceptor to a web service template (e.g. RestTemplate):
Setting a custom HTTP header dynamically with Spring-WS client
Is there a way to do it without adding interceptors to my restTemplates? Globally, for all outgoing request?
Related
I am using spring cloud gateway for our application. We have a requirement to remove all the sensitive headers from all the configured routes. I have configured it as follows -
spring:
cloud:
gateway:
default-filters:
#Remove All the sensitive request headers (Cookie, Set-Cookie & Authorization) while passing request to downstream services
- RemoveRequestHeader=Cookie
- RemoveRequestHeader=Set-Cookie
- RemoveRequestHeader=Authorization
This is working as expected. Now we have requirement to pass Authorization header to only one of the routes. Is there a way to configure this so that I don't have to add 3 RemoveRequestHeader in all the routes?
I have tried to add Authorization request header specifically for one route but it is not working because of ordering of routes. Once the request headers are removed, these can't be re-added.
P.S. - We were using Zuul before migrating to spring cloud gateway & it was possible to do this.
Default filters are all or nothing. To do what you want you need to add the RemoveRequestHeader to each route that needs it, omitting it from those that don't.
I have few services written in Node that are using "X-Request-Id" as the header to identify requests. I am now writing services in Java using spring-boot where I can use spring-cloud-sleuth to track traceId and spanId.
However, I would like to continue using the "X-Request-Id" as the request identifier across all of my services. Is there any way to rename the "X-B3-TraceId" header in spring-sleuth so that it sends the same header in HTTP requests and also uses the said header from incoming requests to set the traceId?
You can propagate extra fields, see the Propagation section of the Spring Cloud Sleuth docs.
spring:
sleuth:
propagation-keys: x-correlation-id
I have a spring boot project that uses openapi/swagger 3 annotations for documentation. Since the project is behind a Zuul gateway, there is some pre-processing of requests before they reach specific REST endpoints. Some of that pre-processing is controlled by an optional custom header - eg, X-Custom-Header. I want to add the ability to send that header on all requests into the system, but since it's not used in any of the actual endpoint logic, I don't want to have to add the header field to every endpoint method. I was hoping it would be possible to modify the OpenAPI object, similarly to how we add a security scheme, but I can't find anything that creates the requisite functionality. Am I missing anything?
I have a rest web service that is implemented using spring boot starter web. This service acts as a client to another application that requires authentication to make calls to it.
Calls made from the client to the server are using org.springframework.web.client.RestTemplate.
Is there a way to come up with a solution to add authentication headers to outbound requests at one single point before they are sent out?
I don't want to add headers in each of the requests separately.
Javadoc for RestTemplate says:
This template uses a SimpleClientHttpRequestFactory and a
DefaultResponseErrorHandler as default strategies for creating HTTP
connections or handling HTTP errors, respectively. These defaults can
be overridden through
HttpAccessor.setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory)
So I would take SimpleClientHttpRequestFactory and override its prepareConnection(..) method.
I am integrating an existing spring MVC web application with spring websockets. I was successfully able to integrate by following the instructions in
https://spring.io/guides/gs/messaging-stomp-websocket/
The existing web application has a filter, which sets a few of the attributes. I have a requirement to access the attributes set by the filter in the controller i,e in #MessageMapping method.
Could some one tel how can we access the request object in the #MessageMapping method?
When a STOMP client connects to the application, it first has to request a protocol upgrade to switch to websocket. Once using that websocket connection, the messages sent/received don't go through your regular Servlet filter - only the first HTTP request (the "Handshake") did.
Depending on your use case, there are several ways to achieve this.
If it's related to Authentication, then there are existing features for this in the Spring Framework, but also in Spring Security.
If it's related to the HTTP session, you can easily ask for all HTTP session attributes to be copied into the websocket session - or even customize the Handshake for your own needs (see reference doc). Once done, you can inject the Websocket scope in a #MessageMapping controller method and get those attributes (see reference doc).