1

I have a background task (method with @Scheduled annotation) which calls a resource server using ribbon/feign. The background task is running on the authorization server.

The resource server requires calls to be authenticated (and to present a certain set of authorities)

So what would be the correct way of obtaining an access token for the calls made by the scheduled task?

My current solution is to manually generate an access token in a custom feign RequestInterceptor and then set the Authorization Header for each request performed by feign.

I tried my luck using the @EnableOAuth2Client annotation and was hoping to build an OAuth2ClientContext from there which I could just inject into the feign interceptor (or have that work entirely taken care of by the OAuth2FeignRequestInterceptor from the spring-cloud-security jar) but from what I've gathered by looking at the tutorial for the clientContext to be built one has to register a web filter in the security chain. That obviously won't work for my situation where there isn't really any web request being processed as my call using feign originates from a scheduled task..

Unfortunately this topic is not covered by any of the (otherwise commendable) spring docs / examples - as far as I have seen - so I was hoping to find the answer here on SO =)

Regards

salgmachine
  • 519
  • 1
  • 3
  • 14
  • Use singleton Token generator. for same access it will use the previously created token. – Zubair Nabi Nov 10 '16 at 19:37
  • If you are on authorization server, you can probably simply get the data from oauth2 scheme (if using jdbc...) and use access token which is there. If not, you can create OAuth2RestOperations and use some of [OAuth2ProtectedResourceDetails](http://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/client/resource/OAuth2ProtectedResourceDetails.html) depending on which flow you use. – bilak Nov 11 '16 at 14:04

0 Answers0