Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to use feign client between my services with csrf protection ?
See original GitHub issueI have 403 when I attempt to contact my services with feign. How to manage it ? I want csrf protection.
Caused by: feign.FeignException: status 403 reading CharacterApi#createNewCharacterList(String); content:
{"timestamp":1455221787486,"status":403,"error":"Forbidden","message":"Expected CSRF token not found. Has your session expired?","path":"/characterList/max3"}
at feign.FeignException.errorStatus(FeignException.java:62) ~[feign-core-8.12.1.jar:8.12.1]
at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:91) ~[feign-core-8.12.1.jar:8.12.1]
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:126) ~[feign-core-8.12.1.jar:8.12.1]
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:74) ~[feign-core-8.12.1.jar:8.12.1]
at feign.hystrix.HystrixInvocationHandler$1.run(HystrixInvocationHandler.java:54) ~[feign-hystrix-8.12.1.jar:8.12.1]
at com.netflix.hystrix.HystrixCommand$1.call(HystrixCommand.java:294) ~[hystrix-core-1.4.21.jar:1.4.21]
Issue Analytics
- State:
- Created 8 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Provide an OAuth2 Token to a Feign Client - Baeldung
OpenFeign is a declarative REST client that we can use in Spring Boot applications. Let's assume that we have a REST API secured...
Read more >How to provide an OAuth2 token to a Feign client using Spring ...
My approach to this is to use OpenFeign to declare the REST Client that consumes the REST API and provide it an OAuth2...
Read more >spring-projects/spring-security - Gitter
I would sign request between two servers (something similar to OAuth1 signature) to verify that request "really" comes from selected servers.
Read more >Micro services communication with Feign client - Medium
Feign client is a wrapper library for http communications between micro services. Feign makes the developer life easier using declarative ...
Read more >403 using FeignClient, RequestInterceptor and Bearer Token
Then I attempt to access a second microservice from the first microservice using spring cloud openfeign. I created a feign.RequestInterceptor as detailed ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I used requestInterceptor on my feign client to to pass login/password.
And I deactivate csrf on the service called. I realized that csrf protection on the gateway is sufficent. I thought zuul proxy forwarded request before csrf protection work.I thought it was necessary to have csrf protection on all services. But in fact no 😃.
I have shared a module to authenticate a user through my services and now each service is able to log in a user with dedicated database. Not really “micro-service warranty” but not a problem for me. So now my feign client has its own user and password and I can manage right easily with Spring security. The feign client is considered as a user with specific rights.
Thank you for support. More I use Spring and more I want to use Spring 👍
Now you say, it seems simple. I will try tonight. I’ll let you know