How to get Security Principal values in downstream server of zuul proxy spring boot, Sprng security, spring-security-oauth2

Question

I create the microservices by using spring boot, Spring security, Spring oauth2, Eureka server and Zuul Proxy. I created three project given below.

1. register-Eureka: for Registering my services in the Eureka server.

2. gatway-Zuul: I implemented zuul proxy server, spring security and spring-security-oauth2.It is working fine, Token are generating and it also forwarding the request to other micro service successfully.

3. micorest: Third micro service is used for creating the restful services it is working fine.

Issue: I need to get the Loged in user detail at the micorest project controller but I have not any idea how to get it.

I tried to get it by using the Principal class.

 @RequestMapping(value = "/user", method = RequestMethod.GET)
public User getUser(Principal principal)
{
    try
    {
        System.out.println("fine here mueraza"+principal.getName());
    }
    catch(Exception e) {
        System.out.println("fine here mueraza===========principal is null==============");
    }

    return new User();

}

I used Principal to get the value but it always cumming null

@SpringBootApplication
@EnableDiscoveryClient
@EnableZuulProxy
public class GatewayZullApplication {

public static void main(String[] args) {
    SpringApplication.run(GatewayZullApplication.class, args);
}
}

Aouth2 configration

@Configuration
@EnableOAuth2Client
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
private static String REALM="microclient";
private static final int ONE_DAY = 60 * 60 * 24;
private static final int THIRTY_DAYS = 60 * 60 * 24 * 30; 

@Autowired
private TokenStore tokenStore;

@Autowired
private UserApprovalHandler userApprovalHandler;

@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
    .withClient("microclient")
        .secret("{noop}secret")
        .authorizedGrantTypes("password", "refresh_token")
        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        //.accessTokenValiditySeconds(ONE_DAY)
        .accessTokenValiditySeconds(6000)
        .refreshTokenValiditySeconds(THIRTY_DAYS);
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
    .authenticationManager(authenticationManager);
}

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.realm(REALM);
}
}

Answer 1

You can get the principal from the Jwt token. Load the user entity to the Jwt token claims.

If you need to access the User entity details from any service :

1. Get the token from the request header.
2. Parse the token with correct signing key and get the user details.

For your reference : https://medium.com/@Baimurzin/how-to-get-the-current-user-in-spring-cloud-microservices-c876e1c6fc65