0

I've implemented my Application like shown in this Example

http://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii

There is a UiApplication(Port 8080) and two ResourceApplications (Port 8090 and 9000)

The authentication works like shown in the Example with Spring Session and Redis.

My szenario is:

  • User is logged into UiApplication

  • User send request to ResourceApplication A

  • ResourceApplication A recieves request and want to consume ResourceApplication B

My Problem: ResourceApplication A gets 401 Unauthorized from ResourceApplication B

Is it possible to use the session of the user who sent the request to ResourceApplication A?

Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77

1 Answers1

0

Don't really seem like it is the session you want to reuse. But the token for the authentication system. Either way it is something you'd inject in the headers you send to ResourceApplication B.

If you are using RESTTemplate's I suppose you could use a ClientHttpRequestInterceptor so you don't have to do it for each call.

Kristoffer
  • 410
  • 2
  • 6
  • 16
  • Hi, that sounds nice. May you could add a short Code Example which shows how to get the Authentication Token and add it to the Request with a ClientHttpRequestInterceptor? – Yannic Bürgmann Mar 12 '15 at 13:30
  • I don't really have anything like that handy. I am doing something similar for request tracing though services. Where I have a filter that picks up a header (or generates a new ID) and stores it. And then I have a ClientHttpRequestInterceptor that does the opposite. But it is something I am looking at now and don't really have a lot of experience with – Kristoffer Mar 12 '15 at 14:37