enables support for feign clients using OAuth2 client credentials grant #3662
Conversation
to having both UAA and microservices access to the internal client credentials for OAuth, lately to be used by feign clients for interservice communication
so feign clients can be added declarative to. This is a requirement for the next step of a JHipster feign client subgenerator. for feature request jhipster#3649
|
I think this is the right approach for inter-service communication. 👍 @xetys. |
so an access token can be resolved using ribbon and eureka instead of an url
|
after hours of total frustration and realizing, there is no offical support to loadbalance the access token uri before acquiring access tokens....here comes an (maybe not fully elegant update), which solves the problem in its root... the last 2 commits from this comment contain a workaround, so the URL is balanced with eureka and ribbon everytime something is asking for the url. This should only happen, when FeignClients are used. from this point this PR is complete for me, please review as soon as possible, so I can proceed with a feign-client generator |
|
|
||
| return newUrl; | ||
| } catch (URISyntaxException e) { | ||
| e.printStackTrace(); |
There was a problem hiding this comment.
Please use a logger call here instead of printStackTrace.
|
I think this PR can be merged after someone else than me have reviewed it. It concerns only microservices with UAA. |
|
A bit busy right now. Ill take a look as soon as I have time Thanks & Regards, On Wed, Jun 1, 2016 at 4:53 PM, Pierre Besson notifications@github.com
|
|
same here @PierreBesson basicly you can checkout https://github.com/xetys/jhipster-uaa-setup/commits/master the failing build i will checkout as soon as i find time |
|
Ok now I found some time to provide slightly more information This PR allows you to do the following out of the box: During configuration, you decided to give the UAA the name "uaa" and port 9999 (so you can keep the default configuration unchanged) in app2 you add a Foo.class public class Foo {
private long id;
private String value;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
}and FooClient.java @FeignClient("http://app1")
public interface FooClient {
@RequestMapping("/api/foos")
List<Foo> getFoos();
}to enable the client. You may use it to serve in an app2 @RestController
@RequestMapping("/api/clients/foo")
public class FooClientResource {
private FooClient fooClient;
@Autowired
public FooClientResource(FooClient fooClient) {
this.fooClient = fooClient;
}
@RequestMapping(method = RequestMethod.GET)
public ResponseEntity<List<Foo>> getFoos() {
return ResponseEntity.ok(fooClient.getFoos());
}
}app2 will now consume foos from app1, with an seperate "session" for OAuth2 client internal, rather then the users session. Additionally both "app1" and "uaa" are load balanced using ribbon and eureka client. Note, that there is no official solution how to make spring-cloud-feign resovle the UAA via ribbon, so this PR provides a workaround (approved by Dave Syer 😄 ), to let feign also resolve your JHipster UAA (or any other). To apply this configuration in detail, you modify jhipster:
# ...
clientAuthorization:
tokenUrl: http://MyUaa:9999/oauth/token #your custom uaa
tokenServiceId: MyUaa # eurekas service name
clientId: internal
clientSecret: internal
you can view this example here hope that helps you to test....I will wrap all this is merged into a documentation and article as well |
| @@ -578,6 +578,9 @@ module.exports = JhipsterServerGenerator.extend({ | |||
| if (this.applicationType !== 'microservice' && !(this.applicationType === 'gateway' && this.authenticationType === 'uaa')) return; | |||
|
|
|||
| this.template(SERVER_MAIN_SRC_DIR + 'package/config/_MicroserviceSecurityConfiguration.java', javaDir + 'config/MicroserviceSecurityConfiguration.java', this, {}); | |||
| if(this.applicationType === 'microservice' && this.authenticationType === 'uaa') { | |||
|
This looks good. I have some minor comments, mostly aesthetic. I guess its good to merge once those comments are taken care of |
| @@ -207,6 +207,10 @@ dependencies { | |||
| compile "org.springframework.cloud:spring-cloud-starter-config" | |||
| compile "org.springframework.retry:spring-retry" | |||
| <%_ } _%> | |||
| <%_ if (applicationType === 'microservice' && authenticationType === 'uaa') { _%> | |||
There was a problem hiding this comment.
Feign clients are interesting even without uaa so I would remove the uaa check
|
found: maybe removing i fixed that in the branch |
|
OK great. Le 7 sept. 2016 6:40 PM, "David Steiman" notifications@github.com a found: maybe removing @componentscan globally was not the best idea 😆 i fixed that in the branch — |
|
sure, ask if there's something more... |
|
Sorry, I cannot find @AuthorizedFeignClient. I cannot perform any request by Feign to a protected resource with jhipster module in the marketplace. |
|
@ValerioZ did you checked out my specific branch, or using the official release....this is currently not even merged to master branch |
Conflicts: generators/server/templates/src/main/java/package/config/_MicroserviceSecurityConfiguration.java
|
@xetys I am testing on the https://github.com/jhipster/generator-jhipster/tree/xetys-feign-clients and I'm going to merge this if it's all OK. I just have one issue at the moment: I generated a microservice, with one entity, and its "./mvnw test" do not pass, as it's looking for a UAA server. So you need to mock this, or provide a specific "test" profile to solve this. This is not a blocker for me, at the moment. |
|
@xetys sorry but I put everything in Docker, and both my gateway and microservice failed, with error: Both of them are configured to connect the UAA server, of course. Sorry but I can't merge it right now, it's not working :-( |
|
I will have time to take a look in one hour. I think there is some file just missing somewhere, which I need to find. So what do you think about the Bean exclusion annotation, keep it or use direct type exclusion on component scan instead? |
|
I think the Bean exclusion could be good, but it should be in another PR, so we don't mix ideas/concerns. And I still don't understand why you want to exclude that Bean, but if you do I think you can just exclude it directly by type (I'm not 100% sure here, as I'm not sure of why you do it) |
|
As I explained, we want to leave the option open for developers, to use feign clients generally, without the uaa stuff. If we don't exclude, the OAuth request interceptor gets injected to all clients. This behaviour is described in official spring docs. |
Conflicts: generators/server/templates/src/main/java/package/config/_MicroserviceSecurityConfiguration.java
|
@jdubois I regenerated my JHipster UAA setup using this branch and do not expierienced problems using docker... I uploaded here my example, so you can try my setup you can use my docker-compose setup |
|
@xetys I merged it in https://github.com/jhipster/generator-jhipster/tree/xetys-feign-clients and corrected a few things (there was a compilation error for gateway & uaa). When I run it, I still have a error on the gateway: |
|
I don't understand what's going on:
Looks like I pushed stuff by mistake in the master branch, I'm totally lost here... That's bad, I wanted to do the 3.7.0 this evening as I won't have much time this week... |
|
@xetys next time try not to mix up commits from different PRs together. This has a lot of unwanted commits and it messes up the commit history on master |
|
@xetys I'm using official 3.6.1 release with beta UAA service. Thanks. |
|
@ValerioZ as you can see in this PR, this feature is currently in release progress and is scheduled for 3.7, and is not available to prior releases. Update to 3.7 as soon it is out, to use features like Please note, that your question would be placed better in stackoverflow, rather then in this discussion. |
so feign clients can be added declarative to. This is a requirement for the next step of a JHipster feign client subgenerator.
contents of this PR
@EnableFeignClientsthe usage of feign clients in microservice applicationsso far this gets merged, I am going to proceed with the feign client generators