Getting 401 Unauthorized when using Feign Framework, not when using HttpRequest Library

evanthia.tingiri

When trying to call the request to save a case, if I use HttpRequest Library as shown below it works fine:

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
https://rms-world-check-one-api.thomsonreuters.com/v1/cases
    .uri(URI.create("https://rms-world-check-one-api.thomsonreuters.com/v1/cases"))
    .header("Content-Type", "application/json")
    .header("Authorization", authorisationString) //authorisationString computed in a different part of the code
    .header("Date", currentDateString)
    .POST(HttpRequest.BodyPublishers.ofString(body)) //body of the request
    .build();
HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());
return content.readValue(response.body(), ResponseCase.class);

The above works fine.

However, when I try to use Feign Framework along with Spring, it gives me 401 error, even though we have been using it with these frameworks for years and we haven't changed anything in the code below:

@Configuration
public class ThomsonServiceClientConfig {

@Bean
    public ThomsonServiceClient caseClient(ThomsonServiceContext context) {
        return Feign.builder()
            .logLevel(Logger.Level.BASIC)
            .logger(new Slf4jLogger())
            .decoder(new JacksonDecoder())
            .target(ThomsonServiceClient.class, "https://rms-world-check-one-api.thomsonreuters.com");
    }
}

public interface ThomsonServiceClient {

@RequestLine("POST /v1/cases")
@Headers({ "Content-Type: application/json", "Authorization: {auth}", "Date: {date}" })
    ResponseCase getCase(@Param("auth") String auth, @Param("date") String date, String requestBody); 
}

Having the above classes, when calling this:

return executor.submit(() -> thomsonServiceClient.getCase(authorisationString, currentDateString, body)).get(); //same authorisationString and currentDate as in the httpRequest snippet

It returns the following Exceptions:

Caused by: java.util.concurrent.ExecutionException: feign.FeignException$Unauthorized: [401] during [POST] to [https://rms-world-check-one-api.thomsonreuters.com/v1/cases] [ThomsonServiceClient#getCase(String,String,String)]: []

at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[na:na]

at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) ~[na:na]

at com.emso.nebula.sanction.thomson.webservice.ThomsonService.getCase(ThomsonService.java:78) ~[classes/:na]

... 99 common frames omitted

Caused by: feign.FeignException$Unauthorized: [401] during [POST] to [https://rms-world-check-one-api.thomsonreuters.com/v1/cases] [ThomsonServiceClient#getCase(String,String,String)]: []

at feign.FeignException.clientErrorStatus(FeignException.java:197) ~[feign-core-10.10.1.jar:na]

at feign.FeignException.errorStatus(FeignException.java:177) ~[feign-core-10.10.1.jar:na]

at feign.FeignException.errorStatus(FeignException.java:169) ~[feign-core-10.10.1.jar:na]

at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:92) ~[feign-core-10.10.1.jar:na]

We have been calling the WC1 api using Feign and Spring for a long time now, we just started seeing these errors this week.

evanthia.tingiri

Thank you for replying. Turns out, we updated recently spring boot that automatically updated Feign from 10.9 to 10.10.1. This introduced a bug in Feign where it automatically appends a space next to each comma in the header values. So it was messing up the authorization token and the Date.

The bug is already reported here:

https://github.com/OpenFeign/feign/issues/1270

Prabhjyot

@evanthia.tingiri,

Thank you for your query.

Can you please share the raw request and response headers of the failed API call along with the request body?