You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During service invocation, we are affected by #3408. This is mainly because the entire spring security context is added as a header to the request. In our case, this exceeds the default allowed header size for fasthttp requests.
As the service beeing called has no secured endpoint in this case, the security context is of no use during this workflow.
I would expect, that per default a tranfer of security context information via service invocation is disabled, an that it can be added, if needed.
Actual Behavior
service invocation in context of a spring security application breaks during runtime with a too large http header. see #3408
Steps to Reproduce the Problem
Have a spring security context containing many roles and scopes received e.g. by an oauth2 jwt token.
Release Note
RELEASE NOTE:
The text was updated successfully, but these errors were encountered:
is there actually a reason why the spring security context is added as header to the service invocation?
(i do not see a reason here)
as @javageek79 mentioned - if this can not be "simply" dropped; would be good if we can at least toggle it off.
if you know some mediation approaches (that can be applied just now) - to have the security context NOT passed into the service invocation - we would be happy to hear ;-)
Expected Behavior
During service invocation, we are affected by #3408. This is mainly because the entire spring security context is added as a header to the request. In our case, this exceeds the default allowed header size for fasthttp requests.
As the service beeing called has no secured endpoint in this case, the security context is of no use during this workflow.
I would expect, that per default a tranfer of security context information via service invocation is disabled, an that it can be added, if needed.
Actual Behavior
service invocation in context of a spring security application breaks during runtime with a too large http header. see #3408
Steps to Reproduce the Problem
Have a spring security context containing many roles and scopes received e.g. by an oauth2 jwt token.
Release Note
RELEASE NOTE:
The text was updated successfully, but these errors were encountered: