[英]Spring Security Cloud: UI service through a ZUUL gateway security setup
I am having a problem setting up correctly my authentication and authorization correctly in my UI service. 我在UI服务中正确设置身份验证和授权时遇到问题。
I currently have the following setup (all utilizing Spring.* and Spring Cloud.*): 我目前有以下设置(全部使用Spring。*和Spring Cloud。*):
- Config Service;
- Registry Service;
- Gateway Service (Zuul);
- Authentication Service (Spring Cloud Security, JWT);
- Company backend service (db <-> rest);
- Ui service;
In terms of backend security everything is working as it should: you request a JWT token with credentials through a gateway from an authentication service and if all matches it is presented back via REST. 在后端安全性方面,所有事情都按其应有的方式运行:您通过身份验证服务通过网关请求带有凭据的JWT令牌,如果所有匹配项都通过REST呈现。
Company service is aware of the new token and validates it when it is presented. 公司服务知道新令牌,并在新令牌出现时对其进行验证。
The problem is with the UI service. 问题出在UI服务上。 What I'm doing currently is using Spring Boot and Thymeleaf and manually constructing HttpHeaders, HttpEntity and Cookie objects without utilizing Spring Cloud Security in the frontend part in order to get to certain parts of the webapp.
我目前正在使用Spring Boot和Thymeleaf并手动构造HttpHeaders,HttpEntity和Cookie对象,而无需在前端部分使用Spring Cloud Security来访问Web应用程序的某些部分。 This is a lot of stupid unnecessary code.
这是很多愚蠢的不必要的代码。 I understand that I couldn't understand how I can integrate Spring Cloud security into my UI service.
我知道我不明白如何将Spring Cloud安全性集成到我的UI服务中。
This is an example of one of the controller methods (very ugly): 这是一种控制器方法的示例(非常难看):
@RequestMapping("/firms")
public String firm (Model model,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse,
HttpSession httpSession) throws IOException {
final String returnPage;
Cookie cookie = authService.findCookie(servletRequest, servletResponse);
HttpHeaders httpHeaders = authService.createJwtAuthHeader(cookie);
HttpEntity requestEntity = new HttpEntity(httpHeaders);
ResponseEntity <UserObject> userObjectResponse = authService.createUserResponseEntity(requestEntity, servletResponse);
authService.setUserSessionDetails(userObjectResponse, httpSession);
if (userObjectResponse != null && userObjectResponse.getBody() != null) {
log.info(CommonMessages.GOT_COOKIE_FROM_AUTH_SERVICE.toString(), cookie.getName());
returnPage = "firm";
} else {
log.error(CommonMessages.NO_COOKIES_FOUND_NO_ACCESS_REDIRECTING.toString());
httpSession.setAttribute("authorized", false);
returnPage = "error";
}
return returnPage;
}
Maybe somebody encountered a similar problem and found a resource or an example which I could use in order to integrate Spring Cloud Security correctly into my UI service? 也许有人遇到了类似的问题,并找到了可以用来将Spring Cloud Security正确集成到我的UI服务中的资源或示例?
Thanks! 谢谢!
Here is a handy example that you may want to take a look into: https://github.com/ddewaele/spring-cloud-security-samples/blob/master/sample1/gateway/src/main/resources/application.yml 这是一个方便的示例,您可能需要研究一下: https : //github.com/ddewaele/spring-cloud-security-samples/blob/master/sample1/gateway/src/main/resources/application.yml
The main idea here is to mark your service with @EnableOAuth2Sso
so it could behave as OAuth 2.0 Client . 这里的主要思想是使用
@EnableOAuth2Sso
标记您的服务,以便它可以充当OAuth 2.0 Client 。 This means that it will do the following things: 这意味着它将执行以下操作:
OAuth2RestTemplate
that injects Access Token automatically to your outcoming requests. OAuth2RestTemplate
调用其他微服务成为可能,该OAuth2RestTemplate
会自动将访问令牌注入到即将发出的请求中。 In this case, the microservice that you are calling must be annotated with @EnableResourceServer
which means that it will require Access Token in order to process requests. @EnableResourceServer
进行注释,这意味着它将需要访问令牌才能处理请求。 For more information on this topic, you can take a look at another my post here . 有关此主题的更多信息,您可以在此处查看我的另一篇文章。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.