From 238bf1d77c03f130fb94174ebcd9d0a2cebb4236 Mon Sep 17 00:00:00 2001
From: liquidjoo <liquidjoo@gmail.com>
Date: Fri, 5 Jul 2019 17:01:26 +0900
Subject: [PATCH] oauth sso dev

---
 authorization-server/build.gradle             |   1 -
 .../config/WebMvcConfig.java                  |   2 +-
 .../config/WebSecurityConfig.java             |  33 ++++--------
 .../io/bluemoon/queue/QueueApplication.class  | Bin 0 -> 708 bytes
 .../resources/application.properties          |  18 +++++++
 .../queue/QueueApplicationTests.class         | Bin 0 -> 627 bytes
 settings.gradle                               |   7 +--
 .../testservice/ResourceServiceConfig.java    |  37 +++++++-------
 .../testservice/TestServiceApplication.java   |  47 +++++++++---------
 .../testservice/utils/UserContext.java        |  21 ++++++++
 .../testservice/utils/UserContextFilter.java  |  36 ++++++++++++++
 .../testservice/utils/UserContextHolder.java  |  26 ++++++++++
 .../utils/UserContextInterceptor.java         |  21 ++++++++
 .../src/main/resources/application.properties |   3 +-
 zuul-oauth2/build.gradle                      |   2 -
 .../zuuloauth2/ZuulOauth2Application.java     |  28 +++++++++++
 .../filter/AuthenticationFilter.java          |   1 +
 .../zuuloauth2/utils/UserContext.java         |  21 ++++++++
 .../zuuloauth2/utils/UserContextFilter.java   |  36 ++++++++++++++
 .../zuuloauth2/utils/UserContextHolder.java   |  26 ++++++++++
 .../utils/UserContextInterceptor.java         |  21 ++++++++
 .../src/main/resources/application.properties |  18 +++++++
 22 files changed, 330 insertions(+), 75 deletions(-)
 create mode 100644 queue/out/production/classes/io/bluemoon/queue/QueueApplication.class
 create mode 100644 queue/out/production/resources/application.properties
 create mode 100644 queue/out/test/classes/io/bluemoon/queue/QueueApplicationTests.class
 create mode 100644 test-service/src/main/java/io/bluemoon/testservice/utils/UserContext.java
 create mode 100644 test-service/src/main/java/io/bluemoon/testservice/utils/UserContextFilter.java
 create mode 100644 test-service/src/main/java/io/bluemoon/testservice/utils/UserContextHolder.java
 create mode 100644 test-service/src/main/java/io/bluemoon/testservice/utils/UserContextInterceptor.java
 create mode 100644 zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContext.java
 create mode 100644 zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextFilter.java
 create mode 100644 zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextHolder.java
 create mode 100644 zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextInterceptor.java

diff --git a/authorization-server/build.gradle b/authorization-server/build.gradle
index 6c97d64..3a21ca2 100644
--- a/authorization-server/build.gradle
+++ b/authorization-server/build.gradle
@@ -26,7 +26,6 @@ ext {
 dependencies {
     compile('org.springframework.security:spring-security-oauth2-client')
     compile('org.springframework.security:spring-security-oauth2-jose')
-    
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.springframework.boot:spring-boot-starter-web'
diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
index 6f00df0..a658dd6 100644
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
@@ -13,7 +13,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.List;
 
-//@EnableWebSecurity
+@EnableWebSecurity
 public class WebMvcConfig implements WebMvcConfigurer {
 
     @Autowired
diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
index 51a9245..4f88ca4 100644
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
@@ -23,7 +23,7 @@ import org.springframework.web.filter.CharacterEncodingFilter;
 @Configuration
 //@EnableOAuth2Client
 //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
-//@Order(-1)
+@Order(-1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
@@ -52,29 +52,18 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-//        http.formLogin();
-//http://localhost:8081/mk-auth/oauth/authorize?response_type=code&client_id=system1&redirect_uri=http://localhost:8081/mk-auth/code&scope=read
-//        curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=password&username=user1&password=1234"
-// curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=refresh_token&scope=read&refresh_token=131e73e1-0806-4f26-a84c-6d06eeecfd5d"
-
-
-
-
-
 
 //        --------------------------------- sso test
-//        http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
-//                .and()
-//                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
-//                .and()
-//                .authorizeRequests().anyRequest().authenticated()
-//                .and()
-//                .headers().frameOptions().disable()
-//                .and()
-//                .oauth2Login()
-//                .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
-//                .and()
-//                .addFilterBefore(filter, CsrfFilter.class);
+        http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
+                .and()
+                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
+                .and()
+                .authorizeRequests().anyRequest().authenticated()
+                .and()
+                .headers().frameOptions().disable()
+                .and()
+                .oauth2Login()
+                .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
 
     }
 
diff --git a/queue/out/production/classes/io/bluemoon/queue/QueueApplication.class b/queue/out/production/classes/io/bluemoon/queue/QueueApplication.class
new file mode 100644
index 0000000000000000000000000000000000000000..ca491ae846fdad80282a0b49bbd8916b5f12df99
GIT binary patch
literal 708
zcmah{O-~y!5Pc4Tgl!5Te3iDBRy~9q@C9*6g#?j$S{1da(nC+)tyxTW?clY6zr~4)
z13#cYs$#rEVpXML4>Ov1_IvZj`{(c7J%D|@jnKqK3!4$Pu-(EdhNX{6D|g7S(BGXf
zG)LyAWLS-rmY;o*Nc&ABIdyumNku*pR)u=jY`Qa5GJJ@Y;YsdgVT|S%UV6#Dgm^Ta
z<|-9V89gNKLMY9!)&CKni%Y?Cp))>qR_Sb5X$zYX+xi@sAsQQRQ~61SVK)C|-wT8c
zJ72was*n>^Dw^_0YvU?)qCJd_&3HKta;H`l^2*p>JTb;`;hjm1K2@2wl8>t+#{|^J
z?_d#24DX+J+QLo;uknVV`(*PZIhUzp82opLN7<SrJ&E<SucTjF*C-cdIh?bh-MRM2
zm6O+wk7n+|+tnnf9pE9}p+SE}_!?lrDa965oHC=lIJgD7so*xn00SK?SFt*P2rsBw
trtZtx<%5b0X!ja}-&pwmbUz{lSS5*WjiZef>V*-yRa`@la?n}_9sqR`xRd|@

literal 0
HcmV?d00001

diff --git a/queue/out/production/resources/application.properties b/queue/out/production/resources/application.properties
new file mode 100644
index 0000000..35e1106
--- /dev/null
+++ b/queue/out/production/resources/application.properties
@@ -0,0 +1,18 @@
+spring.application.name=queue
+server.port=8080
+
+spring.jackson.serialization.write-dates-as-timestamps=false
+
+#spring.datasource.url=jdbc:mysql://rds.master.uneedcomms.net/mmc?charset=utf8
+#spring.datasource.username=mmc_crud
+#spring.datasource.password=s3art33c
+#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+
+cloud.aws.credentials.access-key=AKIAJG77K3AKVKQVE3LA
+cloud.aws.credentials.secret-key=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
+cloud.aws.region.auto=false
+cloud.aws.region.static=ap-northeast-2
+cloud.aws.stack.auto=false
+
+#sqs.queue_name=sender-sms.fifo
+#sqs.url=https://sqs.ap-northeast-2.amazonaws.com/203872522995/sender-sms.fifo
diff --git a/queue/out/test/classes/io/bluemoon/queue/QueueApplicationTests.class b/queue/out/test/classes/io/bluemoon/queue/QueueApplicationTests.class
new file mode 100644
index 0000000000000000000000000000000000000000..3f2b1924a6205a694c92ed674749c535a756d7a5
GIT binary patch
literal 627
zcma)(yH3L}6o!AdO$#N^au;k&P>}F~SU^Yxi75hcQJI}!T9?Ewjsv_F6A}Xtz(XNU
z+zx;k$Z$^1<@?XE{qgzs4qy+fO;oYez;XjC4D~~$l{;dnZgqMLwG(qI8CsFj@~p^W
zX|F|`Qf47CiAa0GsxqD=Yi^)&hEAjmkJCbC#%TUf$U^dq(soCqR3*YGqpxM|@&kr2
zG1|#z7a4I&=-OqWoyufS<%)E>S{vv4sn(8+?ek$l`|%Pdx_M;^o5)jDuC)H=jNPGl
z6jb~M+d^w;IgPqeZa^}@qo8dW_I*=6vP$>wtjOe(vG?53EIwItJbsT~`5sarArkl-
zjE!+W=`nUpd4GTqH3STs|GX}`g7Ppt6}r#Q<DpC(Hc+AGE58cpxe$=8Q^d(L^1=2i
z*o!YW$ku(bi7EOI#|@Z9lOl#0f-4^0@iFCogLB_NHUYzl>@4{T=Dcl@IMAZFO~UgD
I7O)6>0XLJJN&o-=

literal 0
HcmV?d00001

diff --git a/settings.gradle b/settings.gradle
index 569dd92..4b02362 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,6 +1 @@
-rootProject.name = 'project-mark'
-include 'eureka-server'
-include 'contents'
-include 'zuul-oauth2'
-include 'authorization-server'
-include 'test-service'
\ No newline at end of file
+rootProject.name = 'project-mark'
\ No newline at end of file
diff --git a/test-service/src/main/java/io/bluemoon/testservice/ResourceServiceConfig.java b/test-service/src/main/java/io/bluemoon/testservice/ResourceServiceConfig.java
index ce5b898..82d729c 100644
--- a/test-service/src/main/java/io/bluemoon/testservice/ResourceServiceConfig.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/ResourceServiceConfig.java
@@ -1,18 +1,19 @@
-//package io.bluemoon.testservice;
-//
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-//import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
-//
-//@EnableResourceServer
-//@Configuration
-//public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
-//
-//    @Override
-//    public void configure(HttpSecurity http) throws Exception {
-//        http.requestMatcher(new RequestHeaderRequestMatcher("Authorization"))
-//                .authorizeRequests().anyRequest().fullyAuthenticated();
-//    }
-//}
+package io.bluemoon.testservice;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
+
+@Configuration
+public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .anyRequest()
+                .authenticated();
+    }
+}
diff --git a/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java b/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java
index 4377a98..37bca4e 100644
--- a/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java
@@ -17,32 +17,33 @@ import java.security.Principal;
 @EnableResourceServer
 public class TestServiceApplication {
 
+
     public static void main(String[] args) {
         SpringApplication.run(TestServiceApplication.class, args);
     }
 
-    @Controller
-    @RequestMapping("/")
-    public static class TestController{
-
-        @RequestMapping(method = RequestMethod.GET)
-        @ResponseBody
-        public String helloMk2(Principal principal) {
-            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
-        }
-
-        @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_USER')")
-        @RequestMapping(value = "secret", method = RequestMethod.GET)
-        @ResponseBody
-        public String helloMk2Secret(Principal principal) {
-            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
-        }
-
-        @RequestMapping(method = RequestMethod.GET, value = "test")
-        @ResponseBody
-        public String test() {
-            return "test";
-        }
-    }
+//    @Controller
+//    @RequestMapping("/")
+//    public static class TestController{
+//
+//        @RequestMapping(method = RequestMethod.GET)
+//        @ResponseBody
+//        public String helloMk2(Principal principal) {
+//            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
+//        }
+//
+//        @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_USER')")
+//        @RequestMapping(value = "secret", method = RequestMethod.GET)
+//        @ResponseBody
+//        public String helloMk2Secret(Principal principal) {
+//            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
+//        }
+//
+//        @RequestMapping(method = RequestMethod.GET, value = "test")
+//        @ResponseBody
+//        public String test() {
+//            return "test";
+//        }
+//    }
 
 }
diff --git a/test-service/src/main/java/io/bluemoon/testservice/utils/UserContext.java b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContext.java
new file mode 100644
index 0000000..478d433
--- /dev/null
+++ b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContext.java
@@ -0,0 +1,21 @@
+package io.bluemoon.testservice.utils;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+@Setter
+public class UserContext {
+    public static final String CORREATION_ID = "tmx-correlation-id";
+    public static final String AUTH_TOKEN = "Authorization";
+    public static final String USER_ID = "tmx-user-id";
+    public static final String ORG_ID = "tmx-org-id";
+
+    private String correlationId;
+    private String authToken;
+    private String userId;
+    private String orgId;
+
+}
diff --git a/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextFilter.java b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextFilter.java
new file mode 100644
index 0000000..aa632bc
--- /dev/null
+++ b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextFilter.java
@@ -0,0 +1,36 @@
+package io.bluemoon.testservice.utils;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+@Component
+@Slf4j
+public class UserContextFilter implements Filter {
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        log.debug("I am entering the licensing service id with auth token : ", httpServletRequest.getHeader("Authorization"));
+
+        UserContextHolder.getContext().setCorrelationId(httpServletRequest.getHeader(UserContext.CORREATION_ID));
+        UserContextHolder.getContext().setUserId(httpServletRequest.getHeader(UserContext.USER_ID));
+        UserContextHolder.getContext().setAuthToken(httpServletRequest.getHeader(UserContext.AUTH_TOKEN));
+        UserContextHolder.getContext().setOrgId(httpServletRequest.getHeader(UserContext.ORG_ID));
+
+        chain.doFilter(httpServletRequest, response);
+
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}
diff --git a/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextHolder.java b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextHolder.java
new file mode 100644
index 0000000..a57bc6b
--- /dev/null
+++ b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextHolder.java
@@ -0,0 +1,26 @@
+package io.bluemoon.testservice.utils;
+
+import org.springframework.util.Assert;
+
+public class UserContextHolder {
+    private static final ThreadLocal<UserContext> userContext = new ThreadLocal<UserContext>();
+
+    public static final UserContext getContext() {
+        UserContext context = userContext.get();
+
+        if (context == null) {
+            context = createEmptyContext();
+            userContext.set(context);
+        }
+        return userContext.get();
+    }
+
+    public static final void setContext(UserContext context) {
+        Assert.notNull(context, "Only non-null UserContext instances are permitted");
+        userContext.set(context);
+    }
+
+    public static final UserContext createEmptyContext() {
+        return new UserContext();
+    }
+}
diff --git a/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextInterceptor.java b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextInterceptor.java
new file mode 100644
index 0000000..8599c9f
--- /dev/null
+++ b/test-service/src/main/java/io/bluemoon/testservice/utils/UserContextInterceptor.java
@@ -0,0 +1,21 @@
+package io.bluemoon.testservice.utils;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+public class UserContextInterceptor implements ClientHttpRequestInterceptor {
+    @Override
+    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
+
+        HttpHeaders headers = request.getHeaders();
+        headers.add(UserContext.CORREATION_ID, UserContextHolder.getContext().getCorrelationId());
+        headers.add(UserContext.AUTH_TOKEN, UserContextHolder.getContext().getAuthToken());
+
+        return execution.execute(request, body);
+    }
+}
diff --git a/test-service/src/main/resources/application.properties b/test-service/src/main/resources/application.properties
index 68dfc1c..cb6cbaa 100644
--- a/test-service/src/main/resources/application.properties
+++ b/test-service/src/main/resources/application.properties
@@ -8,5 +8,4 @@ server.servlet.context-path=/api
 #security.oauth2.client.client-id=system1
 #security.oauth2.client.client-secret=1234
 #security.oauth2.resource.token-info-uri=http://127.0.0.1:8081/mk-auth/oauth/check_token
-security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
-security.oauth2.resource.prefer-token-info=false
\ No newline at end of file
+security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
\ No newline at end of file
diff --git a/zuul-oauth2/build.gradle b/zuul-oauth2/build.gradle
index 962adea..d1ab903 100644
--- a/zuul-oauth2/build.gradle
+++ b/zuul-oauth2/build.gradle
@@ -26,8 +26,6 @@ ext {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.cloud:spring-cloud-starter-netflix-zuul'
-    implementation 'org.springframework.cloud:spring-cloud-starter-oauth2'
-    implementation 'org.springframework.cloud:spring-cloud-starter-security'
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java
index 06c7872..28e3e81 100644
--- a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java
@@ -1,12 +1,20 @@
 package io.bluemoon.zuuloauth2;
 
+import io.bluemoon.zuuloauth2.utils.UserContextInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.client.RestTemplate;
 
+import java.security.Principal;
+import java.util.Collections;
+import java.util.List;
+
 @SpringBootApplication
 @EnableZuulProxy
 public class ZuulOauth2Application {
@@ -14,9 +22,29 @@ public class ZuulOauth2Application {
     @LoadBalanced
     @Bean
     public RestTemplate getRestTemplate() {
+//        RestTemplate template = new RestTemplate();
+//        List interceptors = template.getInterceptors();
+//        if (interceptors == null) {
+//            template.setInterceptors(Collections.singletonList(new UserContextInterceptor()));
+//        } else {
+//            interceptors.add(new UserContextInterceptor());
+//            template.setInterceptors(interceptors);
+//        }
+//        return template;
         return new RestTemplate();
     }
 
+    @Controller
+    @RequestMapping("/")
+    public static class TestController {
+        @RequestMapping(method = RequestMethod.GET)
+        public String test(Principal principal) {
+            System.out.println(principal.getName());
+            System.out.println(principal.toString());
+            return "aa";
+        }
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(ZuulOauth2Application.class, args);
     }
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java
index de82e68..81d7d32 100644
--- a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java
@@ -50,6 +50,7 @@ public class AuthenticationFilter extends ZuulFilter {
     @Override
     public Object run() throws ZuulException {
         RequestContext ctx = RequestContext.getCurrentContext();
+        log.debug("what???{}", ctx);
         return null;
     }
 }
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContext.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContext.java
new file mode 100644
index 0000000..e4ff87e
--- /dev/null
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContext.java
@@ -0,0 +1,21 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+@Setter
+public class UserContext {
+    public static final String CORREATION_ID = "tmx-correlation-id";
+    public static final String AUTH_TOKEN = "Authorization";
+    public static final String USER_ID = "tmx-user-id";
+    public static final String ORG_ID = "tmx-org-id";
+
+    private String correlationId;
+    private String authToken;
+    private String userId;
+    private String orgId;
+
+}
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextFilter.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextFilter.java
new file mode 100644
index 0000000..449b348
--- /dev/null
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextFilter.java
@@ -0,0 +1,36 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+@Component
+@Slf4j
+public class UserContextFilter implements Filter {
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        log.debug("I am entering the licensing service id with auth token : ", httpServletRequest.getHeader("Authorization"));
+
+        UserContextHolder.getContext().setCorrelationId(httpServletRequest.getHeader(UserContext.CORREATION_ID));
+        UserContextHolder.getContext().setUserId(httpServletRequest.getHeader(UserContext.USER_ID));
+        UserContextHolder.getContext().setAuthToken(httpServletRequest.getHeader(UserContext.AUTH_TOKEN));
+        UserContextHolder.getContext().setOrgId(httpServletRequest.getHeader(UserContext.ORG_ID));
+
+        chain.doFilter(httpServletRequest, response);
+
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextHolder.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextHolder.java
new file mode 100644
index 0000000..5e40ad2
--- /dev/null
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextHolder.java
@@ -0,0 +1,26 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import org.springframework.util.Assert;
+
+public class UserContextHolder {
+    private static final ThreadLocal<UserContext> userContext = new ThreadLocal<UserContext>();
+
+    public static final UserContext getContext() {
+        UserContext context = userContext.get();
+
+        if (context == null) {
+            context = createEmptyContext();
+            userContext.set(context);
+        }
+        return userContext.get();
+    }
+
+    public static final void setContext(UserContext context) {
+        Assert.notNull(context, "Only non-null UserContext instances are permitted");
+        userContext.set(context);
+    }
+
+    public static final UserContext createEmptyContext() {
+        return new UserContext();
+    }
+}
diff --git a/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextInterceptor.java b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextInterceptor.java
new file mode 100644
index 0000000..343cb2f
--- /dev/null
+++ b/zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextInterceptor.java
@@ -0,0 +1,21 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+public class UserContextInterceptor implements ClientHttpRequestInterceptor {
+    @Override
+    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
+
+        HttpHeaders headers = request.getHeaders();
+        headers.add(UserContext.CORREATION_ID, UserContextHolder.getContext().getCorrelationId());
+        headers.add(UserContext.AUTH_TOKEN, UserContextHolder.getContext().getAuthToken());
+
+        return execution.execute(request, body);
+    }
+}
diff --git a/zuul-oauth2/src/main/resources/application.properties b/zuul-oauth2/src/main/resources/application.properties
index 8b13789..fc70255 100644
--- a/zuul-oauth2/src/main/resources/application.properties
+++ b/zuul-oauth2/src/main/resources/application.properties
@@ -1 +1,19 @@
+server.port=8765
 
+zuul.sensitive-headers=
+
+zuul.routes.mk2-service.path=/api/**
+zuul.routes.mk2-service.url=http://127.0.0.1:8082/api
+zuul.routes.mk2-service.sensitive-headers=
+#zuul.routes.mk2-service.sensitive-headers=Cookie,Set-Cookie,Authorization
+
+zuul.routes.mk2-oauth.path=/mk-auth/**
+#zuul.routes.mk2-oauth.url=https://59a7bc58.ngrok.io
+zuul.routes.mk2-oauth.url=http://localhost:8081/mk-auth
+zuul.routes.mk2-oauth.sensitive-headers=
+#zuul.routes.mk2-oauth.sensitive-headers=Cookie,Set-Cookie,Authorization
+#zuul.routes.mk2-oauth.path=/mk2auth/**
+
+
+logging.level.web=debug
+spring.http.log-request-details=true
\ No newline at end of file