AuthRefreshTask shouldn't construct AuthenticationClient

[robmoffat]

We have a situation where our key manager is internal, but the pod is externally hosted. To get to the pod, I need to use a proxy.

This means, when I construct the AuthenticationClient I do it like this:

@Bean
    public AuthenticationClient createAuthenticationClient(@Qualifier(BOT_EXTERNAL_CLIENT) Client sessionClient, @Qualifier(BOT_INTERNAL_CLIENT) Client keyManagerClient) {
        LOGGER.info("Creating authenticationClient: \n -- sessionauthUrl: "+sessionauthUrl+"\n -- keymanUrl: "+keymanUrl);
        AuthenticationClient authClient = new AuthenticationClient(sessionauthUrl, keymanUrl, sessionClient, keyManagerClient);
        return authClient;
    }

(NB, two separate clients)

However, the AuthRefreshTask does this:

   if (symClient.getSymAuth() != null && symClient.getSymAuth().getHttpClient() != null) {

                //Take the stored http client configuration with the pre-loaded keystores.
                authClient = new AuthenticationClient(symClient.getSymAuth().getSessionUrl(), symClient.getSymAuth().getKeyUrl(), symClient.getSymAuth().getHttpClient());

            } else {

Because it uses a separate AuthenticationClient, it's losing a lot of the detail about the different clients.

Hence, my logs are full of the AuthRefreshTask failing.

For my money, it would make more sense if the SymphonyClient had access to the AuthenticationClient. Then, the AuthRefreshTask could use that, rather than trying to construct it's own.

thanks,
Rob

[ftbb]

Thanks for that..

The issue is the SymAuth doesn't have a notion of setting (storing) two different Clients and the AuthenticationClient only stores the "default". A bit flawed.

Need to make this more robust.

[ftbb]

commit 8b59ce7

Session and Key HTTP clients are now persisted in SymAuth/AuthenticationClient and used in refresh task.