-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose security context of a feign client to an hystrix command. #1054
Expose security context of a feign client to an hystrix command. #1054
Conversation
7b3d083
to
53f6ebd
Compare
I'm actually trying to figure out why the RestTemplateRetryTest test only crashes during maven build. I'm not encountering any error when running the full JUnit suite. Any guess ? |
I get the same error on master. |
Yeap, same here. I'm also surprised to see my new test on error. Going to dig on it but I don't have the same behavior than travis when running maven install. |
@@ -180,6 +185,11 @@ | |||
</dependency> | |||
<dependency> | |||
<groupId>org.springframework.boot</groupId> | |||
<artifactId>spring-boot-starter-security</artifactId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shouldn't need both this and spring-security-core
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, I didn't realized spring-cloud-commons
was already referencing the spring security libs. Thanks for pointing.
If hooks are singular (as stated in spring-attic/spring-cloud-security#87), we would need an extension mechanism, so users can add their own hooks. Would they work as a composite (and the user can add one to the composite by configuring a bean)? I'm not sure I understand the use case for this one yet though. What is there in the |
I'll give you that the use case is not quite obvious. Let me explain it to you. I am interested in having access to the The test I contributed tries to reproduce this use case inside a single Web Service.
I'll go through your reviews comments and reply to them. Hope I could be helpful with those explanations. |
53f6ebd
to
469b498
Compare
469b498
to
111ce7f
Compare
111ce7f
to
4ce9b60
Compare
In the mean time, I am going to think about the cleanest extension mechanism. Difficulty resides in the fact that users might expect to directly registers their hook with Hystrix API without knowing about our pre registered one. A runtime exception with explanations could be triggered if we detect that our Spring Cloud hook was removed. Our hook could then make use of an optional bean providing extension capabilities. What do you think about it ? |
I think if people want to use the raw Netflix API then they will forgo the opportunity to benefit from our customizations (i.e. don't worry about it). |
Alright then ! I'll just at least provide provide an extension bean. By the way, how do you feel about this feature ? Have I made myself more clear on the use case ? If you are interested into integrating that feature, I'll prepare the doc into |
I'm not sure yet. Probably something like this makes sense. I'm a little wary of adding 2 new filters to the stack, but maybe we can find a different way, or make them optional somehow, once we have the feature clearly defined. |
I understand your concerns with the new filters. I'll think about other alternatives. I'm open to suggestion if you have any idea :) I'm guessing aop could be another way around but I'm not a big fan of overusing aspects. In the meantime. I could deactivate the filters by default and make them optional with a property. Since this feature answer an edge case, deactivating it by default would make sense. |
4ce9b60
to
2014ed7
Compare
By the way, I am currently investigating the issue with the RestTemplateRestryTest. The problem comes from the retry handler of the ribbon configuration who gets overwritten when running the full maven build. the tests sets up a next server retry count to 10 but gets overwritten by the default handler. I'm close to finding out why it happens. I'll try to push a PR once I identified the source. This will help to fix the travis build. Regards |
2014ed7
to
5a478e6
Compare
5a478e6
to
040561c
Compare
040561c
to
89dbc09
Compare
Travis is a bit mysterious sometimes. Don't worry about it. |
be60b08
to
bd81da0
Compare
Victory ! I've been encountering some weird behavior on properties defined with I implemented the extendable hook mechanism. Users only need to declare a bean implementing |
bd81da0
to
8b068e9
Compare
I'll rework that PR with the proper documentation within asciidoc sources. |
|
||
import com.netflix.hystrix.HystrixCommand; | ||
|
||
public interface CustomCommandHook { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you should add javadoc here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, I'll add the javadoc on my next PR which will also inclode the asciidoc update.
I actually realized that this feature does not limit itseft to a feign hystrix command. It allows you to access the |
I'm closing this PR since I had to renamed the branch. Replaced by PR #1093 . |
PR for issue #1053
Currently leverages on Command Hook registration of Hystrix. With this current implementation, users won't be able to register a custom Hook. Needs to be addressed. Waiting for project leads feedback.