我有一组三个微服务,使用JHipster创建并配置了Okta OAuth2 autentication。
我还添加了与 RabbitMQ 消息服务的集成,因此其中一个服务在某些事件上生成消息,而另一个服务使用这些消息来更新其数据库。
现在,要完全更新其数据,第二个服务需要来自第三个服务的信息,我想用FeignClient调用该服务,但它失败并显示以下堆栈:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.oauth2ClientContext': Scope 'request' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:362)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.aop.target.SimpleBeanTargetSource.getTarget(SimpleBeanTargetSource.java:35)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:193)
at com.sun.proxy.$Proxy237.getAccessToken(Unknown Source)
at it.myefm.myspot.people.security.oauth2.AuthorizationHeaderUtil.getAuthorizationHeaderFromOAuth2Context(AuthorizationHeaderUtil.java:26)
at it.myefm.myspot.people.client.TokenRelayRequestInterceptor.apply(TokenRelayRequestInterceptor.java:23)
at feign.SynchronousMethodHandler.targetRequest(SynchronousMethodHandler.java:158)
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:88)
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:76)
at feign.hystrix.HystrixInvocationHandler$1.run(HystrixInvocationHandler.java:108)
at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
... 113 more
Caused by: java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
at org.springframework.web.context.request.RequestContextHolder.currentRequestAttributes(RequestContextHolder.java:131)
at org.springframework.web.context.request.AbstractRequestAttributesScope.get(AbstractRequestAttributesScope.java:42)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:350)
... 126 more
我认为问题是 Feign 执行不是从 Web 请求开始的,因此上下文中没有身份验证信息......右?
还有其他方法可以在服务之间访问我的数据吗?
问题是您TokenRelayRequestInterceptor它尝试从当前线程绑定的安全上下文解析身份验证信息。
显然,当您在使用者线程中时,您没有此类信息(至少默认情况下(,因此解析失败。
您可以执行以下操作:
- 在事件中传递必要的信息(如果是访问令牌,则事件源系统可能会出现问题,因为它可能会过期(
- 以某种方式尝试伪造第三个服务接受的访问令牌
在消费者端,您可以使用拦截器所需的信息手动设置 SecurityContext,或者忘记使用者端的拦截器并手动提供第三个服务所需的数据(我猜它只是一个Authorization标头(。
更新还可以在第三个服务中创建内部终结点,该终结点根本不需要任何身份验证,外部人员无法访问它。