Expected Behavior
During service invocation, we are affected by #3408. This is mainly because the entire spring security context is added as a header to the request. In our case, this exceeds the default allowed header size for fasthttp requests.
As the service beeing called has no secured endpoint in this case, the security context is of no use during this workflow.
I would expect, that per default a tranfer of security context information via service invocation is disabled, an that it can be added, if needed.
Actual Behavior
service invocation in context of a spring security application breaks during runtime with a too large http header. see #3408
Steps to Reproduce the Problem
Have a spring security context containing many roles and scopes received e.g. by an oauth2 jwt token.
Release Note
RELEASE NOTE:
Expected Behavior
During service invocation, we are affected by #3408. This is mainly because the entire spring security context is added as a header to the request. In our case, this exceeds the default allowed header size for fasthttp requests.
As the service beeing called has no secured endpoint in this case, the security context is of no use during this workflow.
I would expect, that per default a tranfer of security context information via service invocation is disabled, an that it can be added, if needed.
Actual Behavior
service invocation in context of a spring security application breaks during runtime with a too large http header. see #3408
Steps to Reproduce the Problem
Have a spring security context containing many roles and scopes received e.g. by an oauth2 jwt token.
Release Note
RELEASE NOTE: