!tyUkzuxcwjMphNuxek:matrix.org

spring-security

2064 Members
Welcome. Ask away! Unless otherwise specified we assume you're using the latest 5.x version of Spring Security7 Servers

Load older messages


SenderMessageTime
27 Oct 2023
@therealali:matrix.org@therealali:matrix.org joined the room.20:36:47
@therealali:matrix.org@therealali:matrix.org joined the room.20:38:56
@therealali:matrix.org@therealali:matrix.org joined the room.20:49:06
29 Oct 2023
@therealali:matrix.org@therealali:matrix.org joined the room.21:27:27
30 Oct 2023
@claudenirfreitas-5624523c16b6c7089cb77334:gitter.imClaudenirFreitas (Claudenir Freitas) joined the room.13:12:43
@quietlyjaded:matrix.orgquietlyjaded joined the room.22:35:17
2 Nov 2023
@stms:matrix.org@stms:matrix.org joined the room.11:33:28
@stms:matrix.org@stms:matrix.org left the room.11:51:29
@tommy_plugg:matrix.org@tommy_plugg:matrix.org left the room.15:37:49
9 Nov 2023
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im

Hi,

i have some concurrency problems with using the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
We are using springbootadmin to visit / visualize the actuator endpoints our springboot-apps.
springbootadmin uses WebClient to crawl the actuator endpoints available and their status.

Out springboot-apps are protected with the oauth2 resource-server. So springbootadmin uses client credentials flow to acquire a token from our IDP.
The token is attached to every crawling request with the following InstanceExchangeFilterFunction (springbootadmin specific equivalent to ExchangeFilterFunction):

@Component
public class AppTokenCrawlerInstanceExchangeFilterFunction implements InstanceExchangeFilterFunction {
	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

	private final OAuth2AuthorizeRequest authorizeRequestCrawler = OAuth2AuthorizeRequest
		.withClientRegistrationId("app-token-crawler")
		.principal("springbootadmin-crawler")
		.build();

	public AppTokenCrawlerInstanceExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
		this.authorizedClientManager = authorizedClientManager;
	}

	@NonNull
	@Override
	public Mono<ClientResponse> filter(@NonNull Instance instance,
									   @NonNull ClientRequest request,
									   @NonNull ExchangeFunction next) {
		return Mono.just(request).flatMap(r -> {
			if (SecurityContextHolder.getContext().getAuthentication() == null) { // Crawler should only be used if now user is calling springbootadmin
				return authorizedClientManager.authorize(authorizeRequestCrawler)
					.map(oAuth2AuthorizedClient -> oAuth2AuthorizedClient.getAccessToken().getTokenValue())
					.map(accessToken -> ClientRequest.from(request).headers(headers -> headers.setBearerAuth(accessToken)).build());
			}
			return Mono.just(r);
		}).flatMap(next::exchange);
	}
}

(

The access token has a lifetime of 5 minutes. When the token expires (1 minute before) the access token is replaced by the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
The problem is that more or less twenty requests are simultaneously fired. If the token expires in that moment, the IDPs token endpoint is not called once but in worse case 20 times.

Is the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager not designed for multithreading?

08:23:18
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im *

Hi,

i have some concurrency problems with using the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
We are using springbootadmin to visit / visualize the actuator endpoints of our springboot-apps.
springbootadmin uses WebClient to crawl the actuator endpoints available and their status.

Out springboot-apps are protected with the oauth2 resource-server. So springbootadmin uses client credentials flow to acquire a token from our IDP.
The token is attached to every crawling request with the following InstanceExchangeFilterFunction (springbootadmin specific equivalent to ExchangeFilterFunction):

@Component
public class AppTokenCrawlerInstanceExchangeFilterFunction implements InstanceExchangeFilterFunction {
	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

	private final OAuth2AuthorizeRequest authorizeRequestCrawler = OAuth2AuthorizeRequest
		.withClientRegistrationId("app-token-crawler")
		.principal("springbootadmin-crawler")
		.build();

	public AppTokenCrawlerInstanceExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
		this.authorizedClientManager = authorizedClientManager;
	}

	@NonNull
	@Override
	public Mono<ClientResponse> filter(@NonNull Instance instance,
									   @NonNull ClientRequest request,
									   @NonNull ExchangeFunction next) {
		return Mono.just(request).flatMap(r -> {
			if (SecurityContextHolder.getContext().getAuthentication() == null) { // Crawler should only be used if now user is calling springbootadmin
				return authorizedClientManager.authorize(authorizeRequestCrawler)
					.map(oAuth2AuthorizedClient -> oAuth2AuthorizedClient.getAccessToken().getTokenValue())
					.map(accessToken -> ClientRequest.from(request).headers(headers -> headers.setBearerAuth(accessToken)).build());
			}
			return Mono.just(r);
		}).flatMap(next::exchange);
	}
}

(

The access token has a lifetime of 5 minutes. When the token expires (1 minute before) the access token is replaced by the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
The problem is that more or less twenty requests are simultaneously fired. If the token expires in that moment, the IDPs token endpoint is not called once but in worse case 20 times.

Is the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager not designed for multithreading?

08:23:31
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im *

Hi,

i have some concurrency problems with using the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
We are using springbootadmin to visit / visualize the actuator endpoints of our springboot-apps.
springbootadmin uses WebClient to crawl the actuator endpoints available and their status.

The springboot-apps are protected with the oauth2 resource-server. So springbootadmin uses client credentials flow to acquire a token from our IDP.
The token is attached to every crawling request with the following InstanceExchangeFilterFunction (springbootadmin specific equivalent to ExchangeFilterFunction):

@Component
public class AppTokenCrawlerInstanceExchangeFilterFunction implements InstanceExchangeFilterFunction {
	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

	private final OAuth2AuthorizeRequest authorizeRequestCrawler = OAuth2AuthorizeRequest
		.withClientRegistrationId("app-token-crawler")
		.principal("springbootadmin-crawler")
		.build();

	public AppTokenCrawlerInstanceExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
		this.authorizedClientManager = authorizedClientManager;
	}

	@NonNull
	@Override
	public Mono<ClientResponse> filter(@NonNull Instance instance,
									   @NonNull ClientRequest request,
									   @NonNull ExchangeFunction next) {
		return Mono.just(request).flatMap(r -> {
			if (SecurityContextHolder.getContext().getAuthentication() == null) { // Crawler should only be used if now user is calling springbootadmin
				return authorizedClientManager.authorize(authorizeRequestCrawler)
					.map(oAuth2AuthorizedClient -> oAuth2AuthorizedClient.getAccessToken().getTokenValue())
					.map(accessToken -> ClientRequest.from(request).headers(headers -> headers.setBearerAuth(accessToken)).build());
			}
			return Mono.just(r);
		}).flatMap(next::exchange);
	}
}

(

The access token has a lifetime of 5 minutes. When the token expires (1 minute before) the access token is replaced by the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
The problem is that more or less twenty requests are simultaneously fired. If the token expires in that moment, the IDPs token endpoint is not called once but in worse case 20 times.

Is the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager not designed for multithreading?

08:23:43
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im *

Hi,

i have some concurrency problems with using the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
We are using springbootadmin to visit / visualize the actuator endpoints of our springboot-apps.
springbootadmin uses WebClient to crawl the actuator endpoints available and their status.

The springboot-apps are protected with the oauth2 resource-server. So springbootadmin uses client credentials flow to acquire a token from our IDP for calling the springboot-apps
The token is attached to every crawling request with the following InstanceExchangeFilterFunction (springbootadmin specific equivalent to ExchangeFilterFunction):

@Component
public class AppTokenCrawlerInstanceExchangeFilterFunction implements InstanceExchangeFilterFunction {
	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

	private final OAuth2AuthorizeRequest authorizeRequestCrawler = OAuth2AuthorizeRequest
		.withClientRegistrationId("app-token-crawler")
		.principal("springbootadmin-crawler")
		.build();

	public AppTokenCrawlerInstanceExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
		this.authorizedClientManager = authorizedClientManager;
	}

	@NonNull
	@Override
	public Mono<ClientResponse> filter(@NonNull Instance instance,
									   @NonNull ClientRequest request,
									   @NonNull ExchangeFunction next) {
		return Mono.just(request).flatMap(r -> {
			if (SecurityContextHolder.getContext().getAuthentication() == null) { // Crawler should only be used if now user is calling springbootadmin
				return authorizedClientManager.authorize(authorizeRequestCrawler)
					.map(oAuth2AuthorizedClient -> oAuth2AuthorizedClient.getAccessToken().getTokenValue())
					.map(accessToken -> ClientRequest.from(request).headers(headers -> headers.setBearerAuth(accessToken)).build());
			}
			return Mono.just(r);
		}).flatMap(next::exchange);
	}
}

(

The access token has a lifetime of 5 minutes. When the token expires (1 minute before) the access token is replaced by the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
The problem is that more or less twenty requests are simultaneously fired. If the token expires in that moment, the IDPs token endpoint is not called once but in worse case 20 times.

Is the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager not designed for multithreading?

08:24:11
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im *

Hi,

i have some concurrency problems with using the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
We are using springbootadmin to visit / visualize the actuator endpoints of our springboot-apps.
springbootadmin uses WebClient to crawl the actuator endpoints available and their status.

The springboot-apps are protected with the oauth2 resource-server. So springbootadmin uses client credentials flow to acquire a token from our IDP for calling the springboot-apps
The token is attached to every crawling request with the following InstanceExchangeFilterFunction (springbootadmin specific equivalent to ExchangeFilterFunction):

@Component
public class AppTokenCrawlerInstanceExchangeFilterFunction implements InstanceExchangeFilterFunction {
	private final ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

	private final OAuth2AuthorizeRequest authorizeRequestCrawler = OAuth2AuthorizeRequest
		.withClientRegistrationId("app-token-crawler")
		.principal("springbootadmin-crawler")
		.build();

	public AppTokenCrawlerInstanceExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
		this.authorizedClientManager = authorizedClientManager;
	}

	@NonNull
	@Override
	public Mono<ClientResponse> filter(@NonNull Instance instance,
									   @NonNull ClientRequest request,
									   @NonNull ExchangeFunction next) {
		return Mono.just(request).flatMap(r -> {
			if (SecurityContextHolder.getContext().getAuthentication() == null) { // Crawler should only be used if now user is calling springbootadmin
				return authorizedClientManager.authorize(authorizeRequestCrawler)
					.map(oAuth2AuthorizedClient -> oAuth2AuthorizedClient.getAccessToken().getTokenValue())
					.map(accessToken -> ClientRequest.from(request).headers(headers -> headers.setBearerAuth(accessToken)).build());
			}
			return Mono.just(r);
		}).flatMap(next::exchange);
	}
}

The access token has a lifetime of 5 minutes. When the token expires (1 minute before) the access token is replaced by the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
The problem is that more or less twenty requests are simultaneously fired. If the token expires in that moment, the IDPs token endpoint is not called once but in worse case 20 times.

Is the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager not designed for multithreading?

08:24:27
@marbon87-5622625a16b6c7089cb756db:gitter.im@marbon87-5622625a16b6c7089cb756db:gitter.im removed their display name marbon87 (Mark Bonnekessel).08:39:22
10 Nov 2023
@llonrr:matrix.orgMonHk changed their display name from Moses to MonHk.04:32:05
13 Nov 2023
@wpfeiffe-58509d15d73408ce4f3ce6e4:gitter.imwpfeiffe (Bill Pfeiffer)Is anyone aware of a good example or tutorial on performing a two step login? I have the need to log a user in through normal means/ UI (userid, password), check if they are set to use MFA, and then present a second UI for OTP code if MFA required and then authenticate. If they are not MFA, I would just authenticate with userid/password and pass through. I've seen MFA examples for a single step, but really want to use Spring Security properly using filter/authentication provider here to manage the 2 (request/response) steps required for this. Note I'm not asking about totp itself, but how to structure the 2-step flow with spring security mechanisms. (cross posted on Stack Overflow: https://stackoverflow.com/questions/77474103/spring-security-mfa-with-two-steps13:28:42
@brunodmartins:matrix.orgBruno joined the room.20:02:06
15 Nov 2023
@ht990332:matrix.orghussam joined the room.19:11:51
18 Nov 2023
@therealali:matrix.org@therealali:matrix.org joined the room.05:36:02
@therealali:matrix.org@therealali:matrix.org joined the room.05:36:53
@therealali:matrix.org@therealali:matrix.org left the room.05:37:30
25 Nov 2023
@luvtk-5db3b622d73408ce4fcf0e31:gitter.imluvtk (luvtk) joined the room.16:33:48
27 Nov 2023
@laelaps4444:matrix.org@laelaps4444:matrix.org joined the room.22:56:52
@laelaps4444:matrix.org@laelaps4444:matrix.org left the room.22:59:50
30 Nov 2023
@tntim96-5944b81dd73408ce4f67f506:gitter.imtntim96 (tntim96) joined the room.01:30:52
@oris21:matrix.orgoris21 joined the room.05:20:08
@testtest201:matrix.org@testtest201:matrix.org joined the room.19:27:10
@testtest201:matrix.org@testtest201:matrix.org joined the room.19:29:04
@testtest201:matrix.org@testtest201:matrix.org left the room.19:29:05

There are no newer messages yet.


Back to Room ListRoom Version: 6