Skip to content

Spring security context added as additional http header to http request via service invocation  #638

Description

@javageek79

Expected Behavior

During service invocation, we are affected by #3408. This is mainly because the entire spring security context is added as a header to the request. In our case, this exceeds the default allowed header size for fasthttp requests.
As the service beeing called has no secured endpoint in this case, the security context is of no use during this workflow.
I would expect, that per default a tranfer of security context information via service invocation is disabled, an that it can be added, if needed.

Actual Behavior

service invocation in context of a spring security application breaks during runtime with a too large http header. see #3408

Steps to Reproduce the Problem

Have a spring security context containing many roles and scopes received e.g. by an oauth2 jwt token.

Release Note

RELEASE NOTE:

Metadata

Metadata

Assignees

Labels

P1kind/bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions