1

I am developing a microservice that is responsible for starting other microservices running on CloudFoundry. Therefore I make use of the cf-java-client (https://github.com/cloudfoundry/cf-java-client). In our environment we have a special mechanism for authenticating machine users on CloudFoundry: I have to give a client id and secret to a certain endpoint, that returns an authorization code. With this code I can create temporary credentials for CloudFoundry (which live only 60 min). So far I implemented this behaviour the following:

  @Bean
  PasswordGrantTokenProvider tokenProvider() {
    final Map<String, String> temporaryCredentialsMap =
        getTemporaryCredentials(clientId, clientSecret);

    return PasswordGrantTokenProvider.builder()
        .username(temporaryCredentialsMap.get("username"))
        .password(temporaryCredentialsMap.get("password"))
        .build();
  }

My problem is now that, when the credentials expire, I get a HTTP 401 bad credentials. I was thinking of recreating the bean above. Is this possible? Or any other ideas?

SebastianK
  • 712
  • 4
  • 19
  • 1
    Just a thought. Maybe use a scoped bean? https://docs.spring.io/spring-framework/docs/current/spring-framework-reference/core.html#beans-factory-scopes. Not sure the existing scopes are a good fit, but perhaps you could create a custom scope that fits the time window of your credentials. If the token is invalid a new bean is returned, otherwise the same bean is returned with the already valid token. – Daniel Mikusa Nov 15 '19 at 18:51
  • Thanks for the hint. I gave it a try and it looks promising. I was thinking of a TimedScoped and using it for the PasswordGrantTokenProvider. The scope resets its beans every 60 mins. This way the credentials get recreated automatically. – SebastianK Nov 16 '19 at 13:08

1 Answers1

0

I solved this by changing the scope of all cf related beans to prototype scopes and requesting a new bean from the context to refresh credentials.

SebastianK
  • 712
  • 4
  • 19