Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Digest Auth support in WebClient

See original GitHub issue

Spring’s WebClient allows specifying Basic Auth credentials quite simply:

webClient.get()
        .uri(someEndpoint)
        .headers(httpHeaders -> httpHeaders.setBasicAuth(someUserName, somePassword))
        ...

However, there doesn’t seem to be a way to configure the WebClient to perform Digest Auth (RFC 7616).

A lot of servers rely on Digest Auth, and given that WebClient supports the less secure Basic Auth protocol, it would make sense to add support to the client’s capabilities. Note that this feature has been requested in other places, for example on StackOverflow.

Thanks for considering this feature request!

Issue originally posted in the Spring Security project (https://github.com/spring-projects/spring-security/issues/7861).

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:4
  • Comments:11 (7 by maintainers)

github_iconTop GitHub Comments

3reactions
rstoyanchevcommented, Jan 29, 2020

This is a reasonable request although digest is more involved than basic authentication, and also some HTTP libraries like the Jetty client have built-in support, so we’d likely leave this to be done at that level, and at the Spring Framework level make sure it can be plugged in.

In regards to Netty, I see no built-in support. However there is one external library that might be a good place to start if you need to do this. I did not try it but from a quick look, I think it could be plugged into Reactor Netty and the WebClient like this:

HttpClient client = HttpClient.create().doOnRequest((request, connection) -> {
	connection.addHandler(new HttpObjectAggregator(1048576));
	connection.addHandler(new NettyHttpAuthenticator("...", "..."));
});

ReactorClientHttpConnector connector = new ReactorClientHttpConnector(client);
WebClient client = WebClient.builder().clientConnector(connector).build();

NettyHttpAuthenticator expects (aggregated) FullHttpRequest and FullHttpResponse. Hence the HttpObjectAggregator above, and if the client sends synchronous values or Mono (but not Flux) the above could work. Further on, fully aggregated request and response should not be needed I believe, since the interaction involves just status and headers, so NettyHttpAuthenticator could probably be modified to use HttpRequest and HttpResponse and then it would work more generally.

Those are suggestions to try if you’re stuck for something.

1reaction
sebphilcommented, Jun 3, 2021

Hi! I’m having the same issue and would love to see a full digest auth client implementation in Spring WebClient.

In the meantime, I followed the ideas previously mentioned and came up with a solution that involves a FilterFunction. This enables the handling of Digest Auth as a crosscutting concern and lets you keep your actual webservice call code clean.

This filter makes use of @vzhn 's netty-http-authenticator to handle the parsing and construction of the various headers involved in Digest Auth.

Here is the gist: Digest Auth in Spring WebClient

Read more comments on GitHub >

github_iconTop Results From Across the Web

Spring Webflux WebClient : Does it supports digest based ...
The temporary solution to get digest based authentication working with webClient is given below, until spring community fixes this.
Read more >
HTTP Digest Auth with WebClient - Google Groups
When accessing the service with the vert.x WebClient, I believe the auth reponse is correct (it matches the one calculated by curl when...
Read more >
Spring WebClient and OAuth2 Support - Baeldung
Learn how to set up an application as an OAuth2 Client and use the WebClient to retrieve a secured resource in a full-reactive...
Read more >
Basic and Digest authentication for a RESTful Service ... - DZone
Basic or Digest authentication alone can be easily implemented in Spring Security 3.x; it is supporting both of them for the same RESTful...
Read more >
Basic Authentication in Spring WebClient - ViralPatel.net
The setBasicAuth method in HttpHeaders class makes it easy setting up basic authentication in WebClient Spring WebFlux. The Basic Auth can be ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The new Encoder.encodeValue and Decoder.decode methods in spring 5.2 do not provide access to the Context

Next page

Thread BLOCKED issues of DestinationCache in DefaultSubscriptionRegistry