spring-cloud-netflix: Hystrix shareSecurityContext is not working
Hi all. i am using the following libs and versions:
compile('org.springframework.boot:spring-boot-starter-actuator')
compile('org.springframework.cloud:spring-cloud-starter-config')
compile('org.springframework.cloud:spring-cloud-starter-eureka')
compile('org.springframework.cloud:spring-cloud-starter-ribbon')
compile('org.springframework.cloud:spring-cloud-starter-hystrix')
compile('org.springframework.cloud:spring-cloud-netflix-hystrix-stream')
compile('org.springframework.cloud:spring-cloud-starter-stream-rabbit')
compile('org.springframework.cloud:spring-cloud-starter-feign')
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.cloud:spring-cloud-starter-oauth2')
mavenBom 'org.springframework.cloud:spring-cloud-dependencies:Camden.BUILD-SNAPSHOT'
i try to get hystrix working in the THREAD isolation strategy mode relaying AccessTokens, therefore i tried both, Oauth2RestTemplate and Feign.
// Defining Beans
@LoadBalanced
@Bean
public OAuth2RestTemplate loadBalancedOauth2RestTemplate(OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext oauth2Context) {
return new OAuth2RestTemplate(resource, oauth2Context);
}
@Bean
public RequestInterceptor oAuth2RequestInterceptor(OAuth2ProtectedResourceDetails resource,
OAuth2ClientContext oauth2Context) {
return new OAuth2FeignRequestInterceptor(oauth2Context, resource);
}
I also set the feign.hystrix.enabled property to true and also hystrix.shareSecurityContext to true but still getting the “no thread bound” exception when making the service to service call. it is just working with setting the SEMAPHORE strategy.
Any ideas? @daniellavoie
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 2
- Comments: 24 (11 by maintainers)
@dsyer - Makes sense. I am thinking to have a
RequestScopeConcurrencyStrategythat can be independently configurable usinghystrix.shareRequestContextor if you have thehystrix.shareSecurityContextturned on, since it complements the entire request cycle. I have been busy, but hope I’ll be ready to issue a pull this weekend or worse next week.That’s because
@Asyncby default doesn’t use a thread pool. OK, so we are all on the same page. Good.@alwaysastudent I don’t think we want to link security and request scope together in a single class (they come from different dependencies). I think Spring Cloud Netflix allows you to stack Hystrix strategies together (but I don’t recall if that applies to the concurrency strategy - if not we’d have to see if we can extend something). If you are still working on a PR, please try and split it up so it works when Spring Security is not in use.
My small input maybe you don’t realize it. I tried to solve it myself, and maybe I don’t understand it fully but there is few places where HystrixConcurrencyStrategy is tweaked: user can inject a bean - it will be picked by HystrixSecurityAutoConfiguration and wrap it with something that wraps callable. There is also SleuthHystrixConcurrencyStrategy which takes HystrixConcurrencyStrategy from HystrixPlugins.getInstance().getConcurrencyStrategy(). If it executes after HystrixSecurityAutoConfiguration will wrap already wrapped strategy, but if order will be different then Sleuth will replace plugin and then will be overriden by HystrixSecurityAutoConfiguration (sorry for syntax, I don’t know how to explain it in polish even). I’m not sure what the order will be, will test it maybe later but my suggestion:
Maybe it would be nice to introduce Strategy that could be a general wrapper for some ‘callablewrapperproviders’ that could be chained. It would simplify what has to be done to extend it. Code in HystrixSecurityAutoConfiguration and SleuthHystrixConcurrencyStrategy it quite complicated (and similar) and this way it would be as simple as registering new ‘histrixcallablewrapperprovider’ bean or something. Making this strategy as default would not break existing code even. Because currently to do it by myself I Have to almost copy code from one of the above classes:/