When using TokenRelayGatewayFilterFactory, spring cloud gateway can not be deploy to more than 1 instance.

Question

When using TokenRelayGatewayFilterFactory, spring cloud gateway can not be deploy to more than 1 instance.

eisig opened this issue 6 years ago · 3 comments

When using TokenRelayGatewayFilterFactory, spring cloud gateway can not be deployed to more than 1 instance.

It seems that

TokenRelayGatewayFilterFactory need to load the OAuth2AuthorizedClient

private Mono<OAuth2AuthorizedClient> authorizedClient(ServerWebExchange exchange, OAuth2AuthenticationToken oauth2Authentication) {
		return this.authorizedClientRepository.loadAuthorizedClient(
				oauth2Authentication.getAuthorizedClientRegistrationId(), oauth2Authentication, exchange);
	}

The default config of AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
use InMemoryReactiveOAuth2AuthorizedClientService. So It may return empty in some instances.

Answer 1 · 2019-04-29T14:21:35.000Z

I would think that you need to provide a non in-memory implementation. @jgrandja do we have any implementations out of the box?

Answer 2 · 2019-04-30T05:15:19.000Z

Yes, after discovering the problem, I provide my own implementation. I think it's best to have a clear note in the documentation.
It seems that other spring security features work well with spring sessions.So before I found out that a a in-memory implementation was used here, I spent some time checking if the spring redis session was configured correctly.

Answer 3 · 2019-04-30T14:46:25.000Z

@ryanjbaxter @eisig At the moment, we have one implementation of ReactiveOAuth2AuthorizedClientService - InMemoryReactiveOAuth2AuthorizedClientService.

However, you could use WebSessionServerOAuth2AuthorizedClientRepository and configure it as a @Bean and than use Spring Session for your setup.