2

I want to use OAuth2 ClientCredentials flow for inter service communication between two Resource Servers. Everything works fine except that i am not able to use service name (Ribbon Load Balancer feature) instead of hostname in my OAuth2RestTemplate calls to remote resource server.

One of my Resource Server (that calls another Resource Server) has below configuration:

Spring Boot 1.5.13
Spring Cloud Edgware.SR3

build.gradle contains entries for eureka and ribbon

compile('org.springframework.cloud:spring-cloud-starter-ribbon')
compile('org.springframework.cloud:spring-cloud-starter-eureka')


@Configuration
class RestTemplateConfig {

    @Bean
    @ConfigurationProperties("security.oauth2.client")
    public ClientCredentialsResourceDetails oauth2ClientCredentialsResourceDetails() {
        return new ClientCredentialsResourceDetails();
    }

    @LoadBalanced
    @Bean(name = "oauthRestTemplate")
    public OAuth2RestOperations oAuthRestTemplate(ClientCredentialsResourceDetails oauth2ClientCredentialsResourceDetails) {
        return new OAuth2RestTemplate(oauth2ClientCredentialsResourceDetails);
    }
}

Service Consuming this OAuth2RestTemplate

@Service
class TestService {

    @Autowired
    @Qualifier("oauthRestTemplate")
    private OAuth2RestOperations oAuth2RestOperations;

    public void notifyOrderStatus(long orderId, OrderStatus newStatus) {
        oAuth2RestOperations.exchange("http://notification-service/api/order/{id}/status/{status}", HttpMethod.POST, null, Void.class, orderId, newStatus.name());
    }
}

Exception appears while invoking remote service using service name i.e. http://notification-service instead of actual hostname and port of remote resource server. If I use actual hostname + port, then everything works fine but I don't want my one resource to know host/post of another resource server.

Exception:

Caused by: java.net.UnknownHostException: notification-service

I have few questions:

  1. If my RestTemplate is annotated with @LoadBalanced, then everything works fine. Does OAuth2RestTemplate support this annotation and can we use service name instead of hostname? If yes, any reference or documentation would be appreciated.
  2. Is it a good idea to use oauth2 client credentials for inter service security between two resource servers? I do not see any samples for the same in documentation?
Munish Chandel
  • 3,572
  • 3
  • 24
  • 35

1 Answers1

1

@LoadBalanced RestTemplate works when we use RestTemplateCustomizer to customize the newly created OAuth2RestTemplate, as shown in the below code:

@Bean(name = "MyOAuthRestTemplate")
@LoadBalanced
public OAuth2RestOperations restTemplate(RestTemplateCustomizer customizer, ClientCredentialsResourceDetails oauth2ClientCredentialsResourceDetails) {
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(oauth2ClientCredentialsResourceDetails);
    customizer.customize(restTemplate);
    return restTemplate;
}

Using service name instead of actual host name works fine using this RestTemplate.

Munish Chandel
  • 3,572
  • 3
  • 24
  • 35
  • Did this work for you? I tried this and I get error: java.net.UnknownHostException: oauth-server I am using Eureka Discovered OAuth2 server: clientCredentialsResourceDetails.setAccessTokenUri("http://oauth-server/oauth/token"); – Hamid Jun 25 '20 at 11:13
  • This finally fixed my issues: https://stackoverflow.com/questions/62574591/oauth2resttemplate-with-ribbon-eureka – Hamid Jun 27 '20 at 03:11