Can you say a bit more about what you're trying to do with the proxy config? When I run a similar example on my end without the proxy config, it behaves the way I expect -- transparently adding an auth header*.
I have a feeling something may be getting lost in the proxy config. It looks like you're setting credentials using the proxy's host (host.com) and port (8080), but you're making requests out to host.com on port 443. I don't think the client is finding any credentials that match an auth scope on host.com:443 and so it's not sending an Authorization header automatically. Furthermore, you may be clobbering any credentials you have configured for your proxy on host.com:8080. If you're intending to proxy requests to host.com:443 through a proxy on host.com:8080, you'll want to make sure your auth scope uses 443 instead of 8080. * What it actually does in this case is sends the request without an Authorization header and captures the 401 challenge response, then sends a subsequent request with the Authorization header. This should all be transparent to the caller, though. On Thursday, October 18, 2018 at 12:45:21 PM UTC-7, [email protected] wrote: > > Right now, I'm trying to figure out why the Authorization Header is not > being created when a HttpClient makes a request. > > I would have thought defining CredentialsProvider and passing it via > *using()* would trigger some logic to auto add the Authorization header > into the Request. > > Unless I misunderstand the purpose of CredentialsProvider. > > As Dimas mentioned, HttpClient > <https://www.dropwizard.io/1.3.5/docs/manual/client.html#apache-httpclient> > can > be setup. Then used ProxyConfiguration > <https://www.dropwizard.io/1.3.5/docs/manual/client.html#proxy-authentication> > to > set the following configurations: > > myClient: > url: https://host.com/api/ > httpClient: > timeout: 3s > connectionTimeout: 3s > proxy: > host: 'host.com' > port: 8080 > scheme: 'https' > auth: > username: 'insert-username' > password: 'insert-password' > authScheme: Basic > credentialType: UsernamePassword > nonProxyHosts: > - 'localhost' > > > So when I do the following: > > CredentialsProvider credsProvider = new BasicCredentialsProvider(); > credsProvider.setCredentials( > new AuthScope(proxyConfig.getHost(), proxyConfig.getPort()), > new UsernamePasswordCredentials("username", "password") > ); > > final HttpClient apiHttpClient = new HttpClientBuilder(env) > .using(config.getHttpClient()) > .using(credsProvider) > .build("client"); > > > When I make a GET call, I notice the Authorization header is missing: > > HttpGet request = new HttpGet(requestUrl); > > request.setProtocolVersion(new ProtocolVersion("HTTP", 2, 0)); > > JsonNode response = this.getHttpClient().execute(request, > getResponseHandler()); > > > > So right after the HttpGet is initialized, I have to run > request.setHeader(HttpHeaders.AUTHORIZATION, "Basic > {encoded-username/password}") in order to ensure the authorization header > is there. > > So that brings me to my assumption that CredentialsProvider (via .using( > credsProvider)) would have trigger something that automatically adds the > header in the requests. > > > On Thursday, October 18, 2018 at 10:31:45 AM UTC-4, [email protected] > wrote: >> >> Not an API gateway, I am making two microservices that would take >> requests forwarded from the client. Then the microservices forward them off >> to third-party services. >> >> The client is supposed to think the microservices has all the information >> it needs. The microservices are used to use the client's desired API and >> make it look like the third-party services adhere to it. >> >> It is supposed to be a quick and dirty way to demonstrate the adherence >> to a API standard required by the client. As that's what my company wants >> to develop and provide to the client. >> >> On Wednesday, October 17, 2018 at 5:00:46 PM UTC-4, Martin Charlesworth >> wrote: >>> >>> It sounds like you're trying to write your own api gateway. If I were >>> you I'd take a look at Netflix Zuul where most of the scaffolding is in >>> place for you, before reinventing the wheel. >> >> -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
