堆栈内存溢出
  简体   繁体   English

Zuul代理简单身份验证

[英]Zuul proxy simple auth

 原文  2018-06-23 11:07:06       java/ spring/ spring-security/ netflix-zuul

问题描述

I have simple spring boot app that proxy some api with zuul proxy 我有一个简单的Spring Boot应用程序,可以使用zuul代理服务器来代理一些API 

@EnableZuulProxy
@SpringBootApplication
public class DemoClientApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoClientApplication.class, args);
    }
}

application.yml application.yml 

server:
  port: 8080
zuul:
  routes:
    test:
      path: /api/**
      url: http://localhost:8081/api/

localhost:8081 has basic auth, something like 本地主机:8081具有基本身份验证,类似 

localhost:8081/j_spring_security_check?j_username=user&j_password=pass

that return me cookies with JSESSIONID and by setting up this JSESSIONID to header i can get resource. 返回带有JSESSIONID的cookie并通过将此JSESSIONID设置为标头可以获取资源。 I cant change localhost:8081 because its not my service. 我不能更改localhost:8081,因为它不是我的服务。 How can I get this JSESSIONID and setting up to zuul? 如何获得此JSESSIONID并设置为zuul? Can I do this just with yml? 我可以只使用yml吗?

1 个解决方案

解决方案1
 0  2018-06-23 11:33:44

I think you are asking about Sensitive Headers in the configuration options. 我认为您在配置选项中询问的是敏感标题。 By default, headers Cookie, Set-Cookie, Authorization are blocked by the sensitiveHeaders: Cookie,Set-Cookie,Authorization configuration. 默认情况下, sensitiveHeaders: Cookie,Set-Cookie,Authorization阻止标头Cookie,Set-Cookie,授权sensitiveHeaders: Cookie,Set-Cookie,Authorization配置。 It can be overridden, but you need to be sure that you are not leaking sensitive information in cookies down stream: 可以覆盖它,但是您需要确保不会在cookie的下游泄漏敏感信息: 

 zuul:
  routes:
    users:
      path: /myusers/**
      sensitiveHeaders:
      url: https://downstream

But first you need to read why they are disabled in the Spring Cloud documentation: 但是首先您需要阅读Spring Cloud文档中为什么禁用它们:

You can share headers between services in the same system, but you probably do not want sensitive headers leaking downstream into external servers. 您可以在同一系统中的服务之间共享标头,但是您可能不希望敏感标头泄漏到下游到外部服务器中。 You can specify a list of ignored headers as part of the route configuration. 您可以在路由配置中指定忽略的标头列表。 Cookies play a special role, because they have well defined semantics in browsers, and they are always to be treated as sensitive. Cookies发挥着特殊的作用,因为它们在浏览器中具有定义明确的语义,并且始终将它们视为敏感内容。 If the consumer of your proxy is a browser, then cookies for downstream services also cause problems for the user, because they all get jumbled up together (all downstream services look like they come from the same place). 如果代理的使用者是浏览器,那么下游服务的cookie也会给用户带来麻烦,因为它们都混杂在一起(所有下游服务看起来都来自同一位置)。

http://cloud.spring.io/spring-cloud-netflix/single/spring-cloud-netflix.html#_cookies_and_sensitive_headers http://cloud.spring.io/spring-cloud-netflix/single/spring-cloud-netflix.html#_cookies_and_sensitive_headers

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Zuul代理不路由 - Zuul proxy not routing 文件上传zuul代理请求大小问题 - file upload zuul proxy request size issue Zuul将同一请求代理到另一个端口 - Zuul proxy same request to another port Spring Boot + 云 | Zuul 代理 | 集成测试 - Spring Boot + Cloud | Zuul Proxy | Integration testing zuul 代理总是给 401 未经授权 - zuul proxy always giving 401 unauthorized Spring boot 和 Zuul 代理 DeferringLoadBalancerExchangeFilterFunction 错误 - Spring boot and Zuul proxy DeferringLoadBalancerExchangeFilterFunction Error 有没有办法使用 Zuul 代理内部 http 调用? - Is there a way to use Zuul to proxy inner http calls? Zuul根据登录的用户代理到不同的URL - Zuul proxy to different URL according to logged in user Spring RestTemplate 和代理身份验证 - Spring RestTemplate and Proxy Auth Zuul代理人将CORS政策阻止了来源“空” - Origin 'null' has been blocked by CORS policy, Zuul proxy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM