I'm running a spring boot app and just starting to integrate Hystrix from spring-cloud-netflix. I'm using @HystrixCommand to wrap a service-to-service call made with a feign client.
@HystrixCommand(fallbackMethod = "updateThingFallback")
def updateRemoteThing(thingResourceClient: ThingResourceClient, thing: Thing) {
thingResourceClient.updateThing(thing) // Call using feign client
}
This feign client uses the spring security context to add security headers to the request it makes.
The problem I'm having is that when the HystrixCommand is executed it is run in a separate thread from a Hystrix thread pool and when my code tries to access the spring security context it is not available on the new thread.
I'm accessing the spring security context like this:
SecurityContextHolder.getContext().getAuthentication();
My Question is, does spring provide a way of passing the spring security context (and the application context) to the Hystrix threads that are running the Hystrix commands?
Since Spring Cloud Netflix 1.2.0 you can enable sharing of security context with Hystrix using config param:
hystrix.shareSecurityContext: true
I resolved this with: solution example But this example is for a spring-boot app, I applie this in a Tomcat 7 the two main changes was:
In the init of:"class HystrixRequestContextEnablerFilter" I added: `
@Override
public void init(FilterConfig filterConfig) throws ServletException {
HystrixPlugins.getInstance().registerCommandExecutionHook(new SecurityContextRegistratorCommandHook());
}
You should be able to get the ApplicationContext
in your bean by the normal means. I can see two ways to pass the authentication object: 1) as a parameter to your method, or 2) run hystrix with Semaphore isolation rather than on a separate thread.
@HystrixCommand(fallbackMethod = "updateThingFallback", commandProperties = {
@HystrixProperty(name = "execution.isolation.strategy", value = "SEMAPHORE")
})
Alternatively you can wrap the Executor used by Hystrix with DelegatingSecurityContextExecutor.
See https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#delegatingsecuritycontextexecutor
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With