Sharing Security Context between Spring Security and Feign Interceptor

Photo by Shahadat Rahman on Unsplash

My Current project using microsrvices architecture with Spring Boot Framework. I make custom lib (Spring Security) for each services like this

Flow

1. Clients Send request with Token Bearer
2. Gateway get the token and call Auth Service and break the token into custom http Header
3. Gateway Forward the request with http Header filled User Login to User Service
4. and UserService call Book Service to get book datas it has.

In this case when user service call book service Im using Feign, but problem is security lib do not share the authentication user to feign. So Im cannot get the datas.

Solution

update hystrix configuration of user service

hystrix:
  command:
    default:
      execution:
        isolation:
          thread:
            timeoutInMilliseconds: 60000
  shareSecurityContext: true

in Feign Config make a bean for intercept the request template

so with this configuration, Spring Security will share Authentication object with Feign when you wanna use Request Interceptor.

If it was interesting or helpful to you, please do press the 👏 clap button and help others find this story too.