[英]Spring oauth2 client not sending Authorization header
I have 2 microservices. 我有2个微服务。 1 is a Spring boot 2 project setup as a oauth2 server running on port 8000 and the other is a Spring boot 2 project oauth2 client running on port 8001.
1是作为在端口8000上运行的oauth2服务器的Spring boot 2项目设置,另一个是在端口8001上运行的Spring boot 2项目oauth2客户端。
I have the oauth server setup and I can confirm it's working because I get a token when I login using the client id and secret. 我已经安装了oauth服务器,可以确认它是否正常运行,因为使用客户端ID和密码登录时会收到令牌。 I use Postman to do a post to /oauth/token and I can see the content.
我使用Postman在/ oauth / token上发布了帖子,我可以看到其中的内容。 I see the access token and refresh token.
我看到了访问令牌和刷新令牌。
I then use Postman to do a call to the other microservice which is a Spring boot project setup as a oauth2 client. 然后,我使用Postman调用另一个微服务,该另一个微服务是作为oauth2客户端的Spring引导项目设置。 I set the Access Token using Postman as a oauth2 Authorization and I can see that the
Authorization: Bearer TOKEN
is added to the header. 我使用Postman作为oauth2授权来设置访问令牌,并且可以看到将
Authorization: Bearer TOKEN
添加到了标题中。 I then do a call to the oauth2 client where I call the following endpoint: 然后,我调用oauth2客户端,并在其中调用以下端点:
@GetMapping("/api/user/test")
@PreAuthorize("isAuthenticated()")
public MyObject doTest() {
return new String("Test");
}
When I invoke that url I can determine that spring sends a request to the oauth server to get the current user. 当我调用该URL时,我可以确定spring向oauth服务器发送了一个请求以获取当前用户。 In my application.yml I have the following so that spring knows where the oauth server is:
在我的application.yml中,我有以下内容,以便spring知道oauth服务器在哪里:
security:
oauth2:
resource:
user-info-uri: http://localhost:8000/oauth/user
So far so good. 到现在为止还挺好。 Now here is the thing.
现在这是事情。 I debug the
http://localhost:8000/oauth/user url
and according to spring the principal is null. 我调试了
http://localhost:8000/oauth/user url
并且根据spring,主体为null。 I have found where it is going wrong. 我发现问题出在哪里。 Either my configuration is wrong or there is a huge bug in Spring because when I add a filter to the oauth2 server and print all the headers this is what I see:
我的配置错误或在Spring中存在一个巨大的错误,因为当我向oauth2服务器添加过滤器并打印所有标头时,这就是我看到的:
Header: application/json Header: Java/1.8.0_181 Header: localhost:8000 Header: http Header: 8000 Header: 172.20.0.1 Header: gzip Header: 0 Header: 192.168.178.153:9001 Header: Keep-Alive
As you can see there is no Authorization header. 如您所见,没有授权头。 Apparently spring oauth2 client isn't sending the Authorization header when invoking user-info-uri.
显然,在调用user-info-uri时,spring oauth2客户端没有发送Authorization标头。 Can anybody help?
有人可以帮忙吗?
I need to know how to configure my spring boot oauth2 client so that each url that needs authentication will call a certain url to get the current user. 我需要知道如何配置spring boot oauth2客户端,以便每个需要身份验证的URL都将调用某个URL以获取当前用户。
Thanks in advance, Martijn 在此先感谢Martijn
I found the solution. 我找到了解决方案。 It was connecting through a zull proxy and by default the zuul proxy filters out the Authorization header.
它通过zull代理进行连接,默认情况下zuul代理会过滤掉Authorization标头。 Add this to the zuul configuration and it will work:
zuul.sensitiveHeaders: Cookie,Set-Cookie
将此添加到zuul配置中,它将起作用:
zuul.sensitiveHeaders: Cookie,Set-Cookie
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.