You'll want to register a filter on the Dropwizard/Jersey Client object
(not environment.jersey() which is the "server"). Actually tracking the
client's security context can be a little tricky--use a ThreadLocal as you
mentioned, or, to preserve sanity in potentially async/multithreaded cases,
pass around the Principal as a value and wire to each outgoing request as
needed. FWIW I am not a fan of ThreadLocal for security properties.
On Wednesday, October 24, 2018 at 10:56:50 PM UTC-4, Michael Koziarski
wrote:
>
> Hi,
>
> We have a dropwizard 1.1 service which authenticates inbound requests
> using dropwizard-auth and I'm hoping to get access to that Principal in
> classes which aren't resources. The tl;dr for why, is we have our own
> internal authentication mechanism which retrieves a token from an http
> header and needs to pass a variant of that header back out on any outbound
> requests it makes to other services. Unfortunately I basically have no
> idea how the jersey injection works... At all.
>
> What I'm *hoping* to be able to do is register a ClientRequestFilter which
> will thread the Principal from the inbound HttpServletRequest through to
> the outbound jersey client request. Something like:
>
> ```
> public class AuthenticationContextInjectionFilter implements
> ClientRequestFilter {
> public static final String OUTBOUND_HEADER_NAME = "Some-Thing";
>
> @Inject // Or is it @Context?
> private Provider<MyPrincipalClass> principal; // Have also tried
> Provider<Principal>
>
> @Override
> public void filter(ClientRequestContext requestContext) throws
> IOException {
> final MyPrincipalClass principalVal = this.principal.get();
> requestContext.getHeaders().add(OUTBOUND_HEADER_NAME,
> principalVal.getHeader());
> }
> }
>
> // and in my Application
> environment.jersey().register(AuthenticationContextInjectionFilter.class);
> ```
>
> However, it's basically always null so however jersey's injection works is
> clearly not the way I think it works.
>
> Is it possible to achieve what I'm trying to do here? I can probably biff
> the value into a ThreadLocal to work around this, but that feels a little
> like i'm surrendering. Is there some introductory documentation I could
> read on this stuff?
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
