Spring Cloud-如何在Zuul反向代理上配置OAuth2RestTemplate来传递授权令牌?
[英]Spring Cloud - How to configure OAuth2RestTemplate on Zuul reverse proxy to pass authorization tokens through?
问题描述
I am using Zuul as a reverse proxy for routing of requests to my microservices. 
我正在使用Zuul作为反向代理,以将请求路由到我的微服务。 I have also enabled resource server (@EnableResourceServer) on this reverse proxy so requests are authorised against my authorisation server. 我还在此反向代理上启用了资源服务器(@EnableResourceServer),因此可以根据我的授权服务器对请求进行授权。 There are no configurations of the resource server, only some bypass of security for a few requests, nothing more. 没有资源服务器的配置,只有一些请求绕过了安全性,仅此而已。 This reverse proxy is also simply passing the OAuth2 headers when routing requsts to other microservices so other microservices are able to do all the security related things as needed. 当将请求路由到其他微服务时,此反向代理还简单地传递了OAuth2标头,因此其他微服务可以根据需要执行所有与安全性有关的事情。 Everything works perfect...but. 一切正常……但是。
One of my zuul filters I have created is filter for resource expansion. 我创建的zuul过滤器之一是用于资源扩展的过滤器。 It means it automatically gets all the related resources according to provided url parameters (eg for employee resource the url param could be "expand=manager,contacts" and it gets all this additional data using HAL links on employee resource and adds the additional data to _embedded field in JSON). 这意味着它会根据提供的url参数自动获取所有相关资源(例如,对于员工资源而言,url参数可以是“ expand = manager,contacts”,并使用员工资源上的HAL链接获取所有这些附加数据,并将这些附加数据添加到JSON中的_embedded字段)。
The problem I have is that when I am doing this expansion, I need to use RestTemplate to do the expansion (to get all the data that should be embedded). 我的问题是,在进行此扩展时,我需要使用RestTemplate进行扩展(以获取应嵌入的所有数据)。 I am not able to figure out how to configure the OAuth2RestTemplate so it adds OAuth2 authorization header to outgoing requests. 我无法弄清楚如何配置OAuth2RestTemplate,因此它将OAuth2授权标头添加到传出请求中。 I have tried this from spring cloud documentation: 我已经从Spring Cloud文档中尝试过此操作:
@Bean
public OAuth2RestTemplate restTemplate(UserInfoRestTemplateFactory factory) {
return factory.getUserInfoRestTemplate();
}
But I have some null pointer exception from OAuth2TokenRelayFilter. 但是我有一些来自OAuth2TokenRelayFilter的空指针异常。 There is a condition inside this filter htat looks like this: 此过滤器htat中有一个条件,如下所示:
restTemplate.getResource().getClientId()
.equals(auth.getOAuth2Request().getClientId())
but restTemplate.getResource() returns null and also getClientId() on OAuth2Request instance returns null... Looks like I am really missing something. 但是restTemplate.getResource()返回null,并且OAuth2Request实例上的getClientId()也返回null ...看来我确实缺少一些东西。
Before introducing OAuth2 the setup of RestTemplate was: 在引入OAuth2之前,RestTemplate的设置是:
@Bean
@LoadBalanced
RestTemplate restTemplate() {
return new RestTemplate();
}
So as you see load balancing is also needed (Using Ribbon for load balancing, Eureka is used for service discovery that is based one service aliases, so no direct urls in zuul config) 因此,如您所见,还需要负载平衡(使用Ribbon进行负载平衡,Eureka用于基于一个服务别名的服务发现,因此zuul配置中没有直接的url)
Any suggestionshow to set it up? 有什么建议如何设置吗?
Thanks, Lukas 谢谢,卢卡斯
1 个解决方案
解决方案1
0 2017-08-08 11:49:11
So after some more investigation I have configured the reverse proxy also as OAuth2Client so the security context is properly setup for each request OAuth2TokenRelayFilter started to work. 因此,在进行更多调查之后,我还将反向代理也配置为OAuth2Client,以便为每个请求OAuth2TokenRelayFilter开始正确设置安全上下文。
Spring cloud documentation chapter "Resource Server Token Relay" describes following "rest template will then have the same OAuth2ClientContext (request-scoped) that is used by the authentication filter". Spring Cloud文档章节“资源服务器令牌中继”描述了以下内容:“其余模板将具有与身份验证过滤器所使用的OAuth2ClientContext(请求范围)相同的OAuth2ClientContext”。 ... It means that client have to be enabled by @EnableOAuth2Client so that OAuth2ClientContext is properly set up. ...这意味着必须通过@ EnableOAuth2Client启用客户端,以便正确设置OAuth2ClientContext。
I hope I understand it correctly. 我希望我能正确理解。
Lukas 卢卡斯
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.