javaspringjavabeansnetflix-zuulsession-scope

Spring session scope bean reset between requests when accessing through zuul

The spring app has a session bean, which contains certain data. That data is loaded from DB at init request to the controller, which is always a first request client calls at start up. That data is used for other requests by same user. Now, everything works fine on its own. However after trying to integrate the app into the system using zuul (which as far as I understand in this context simply redirects request from one url into another), it broke. Whenever a method is called after the init, the session bean's data is null.

Here is a snippet from service class:

    @Autowired
    TaskCache cache;


    @Override
    public void initUserSession() {
        List<Task> data = loadTasks();
        cache.setTasks(data);
        LinearFilterStack<Task> fs = createFilterStack(data);
        cache.setFilterStack(fs);

        System.out.println(cache.hashCode()); //hashcode stays same
        System.out.println(cache.getFilterStack() == null) //false
    }


    @Override
    public List<Task> getTasks(Sort sort) {
        System.out.println(cache.hashCode()); //hashcode stays same
        System.out.println(cache.getFilterStack() == null) //true
        LinearFilterStack<Task> fs = cache.getFilterStack();
        List<Task> tasks = fs.filter(cache.getTasks()); //Obviously NPE
        sortTasks(tasks, sort);
        return tasks;
    }

@Component
@Scope(value=WebApplicationContext.SCOPE_SESSION, proxyMode=ScopedProxyMode.TARGET_CLASS)
public class TaskCache { ... }

And again, this only happens through zuul. I.e. if I use localhost:30022/rest/... it works, if I use localhost:8080/app/tasks/rest/... (which zuul redirects to localhost:30022/rest/...) I get NPE, because the cache bean loses its data after init request.

Solution

  • That could be caused by default behavior of Zuul that prevents passsing of cookie related headers.

    The following is that default configuration of Zuul and it doesn't allow pass below headers to your downstream API servers.

    zuul.sensitiveHeaders= Authorization,Cookie,Set-Cookie

    So please try to define below properties. It will allow all your cookie related header to be passed to your API servers.

    zuul.sensitiveHeaders= Authorization

    You can find more details in section "Cookies and Sensitive Headers" of this document