For a deeper look into our World Check One API, look into:
Getting 401 Unauthorized when using Feign Framework, not when using HttpRequest Library
When trying to call the request to save a case, if I use HttpRequest Library as shown below it works fine:
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
https://rms-world-check-one-api.thomsonreuters.com/v1/cases
.uri(URI.create("https://rms-world-check-one-api.thomsonreuters.com/v1/cases"))
.header("Content-Type", "application/json")
.header("Authorization", authorisationString) //authorisationString computed in a different part of the code
.header("Date", currentDateString)
.POST(HttpRequest.BodyPublishers.ofString(body)) //body of the request
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
return content.readValue(response.body(), ResponseCase.class);
The above works fine.
However, when I try to use Feign Framework along with Spring, it gives me 401 error, even though we have been using it with these frameworks for years and we haven't changed anything in the code below:
@Configuration
public class ThomsonServiceClientConfig {
@Bean
public ThomsonServiceClient caseClient(ThomsonServiceContext context) {
return Feign.builder()
.logLevel(Logger.Level.BASIC)
.logger(new Slf4jLogger())
.decoder(new JacksonDecoder())
.target(ThomsonServiceClient.class, "https://rms-world-check-one-api.thomsonreuters.com");
}
}
public interface ThomsonServiceClient {
@RequestLine("POST /v1/cases")
@Headers({ "Content-Type: application/json", "Authorization: {auth}", "Date: {date}" })
ResponseCase getCase(@Param("auth") String auth, @Param("date") String date, String requestBody);
}
Having the above classes, when calling this:
return executor.submit(() -> thomsonServiceClient.getCase(authorisationString, currentDateString, body)).get(); //same authorisationString and currentDate as in the httpRequest snippet
It returns the following Exceptions:
Caused by: java.util.concurrent.ExecutionException: feign.FeignException$Unauthorized: [401] during [POST] to [https://rms-world-check-one-api.thomsonreuters.com/v1/cases] [ThomsonServiceClient#getCase(String,String,String)]: []
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[na:na]
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) ~[na:na]
at com.emso.nebula.sanction.thomson.webservice.ThomsonService.getCase(ThomsonService.java:78) ~[classes/:na]
... 99 common frames omitted
Caused by: feign.FeignException$Unauthorized: [401] during [POST] to [https://rms-world-check-one-api.thomsonreuters.com/v1/cases] [ThomsonServiceClient#getCase(String,String,String)]: []
at feign.FeignException.clientErrorStatus(FeignException.java:197) ~[feign-core-10.10.1.jar:na]
at feign.FeignException.errorStatus(FeignException.java:177) ~[feign-core-10.10.1.jar:na]
at feign.FeignException.errorStatus(FeignException.java:169) ~[feign-core-10.10.1.jar:na]
at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:92) ~[feign-core-10.10.1.jar:na]
We have been calling the WC1 api using Feign and Spring for a long time now, we just started seeing these errors this week.
Thank you for replying. Turns out, we updated recently spring boot that automatically updated Feign from 10.9 to 10.10.1. This introduced a bug in Feign where it automatically appends a space next to each comma in the header values. So it was messing up the authorization token and the Date.
The bug is already reported here:
Thank you for your query.
Can you please share the raw request and response headers of the failed API call along with the request body?