您如何在代理后面使用 spring-security OAuth2，但仅对 OAuth 组件使用 ForwardedHeaderTransformer

Question

I am trying to merge Spring Cloud Gateway with Discovery Client with Spring Security with OAuth. I got most of it working except that I cannot do both OAuth and Discovery Client.

When I use Discovery Client it correctly resolves to the service say /v1/whoami goes to the whoami service requesting / , when I enable security, I would get a 404 when it tries to request /oauth/authorization/google as it should be /v1/oauth/authorization/google

To fix the above I add this

    @Bean
    public ForwardedHeaderTransformer forwardedHeaderTransformer() {
        return new ForwardedHeaderTransformer();
    }

However, when I do that it will look up /v1/whoami as /v1/whoami which does not exist.

I tried creating and registering this class but it does not work either

public class ForwardedHeaderTransformerForOAuthOnly extends ForwardedHeaderTransformer {
    @Override
    public ServerHttpRequest apply(ServerHttpRequest request) {

        System.out.println(">>>> " + request.getPath().value());
        if (isOauth(request)) {
            System.out.println(">>>> IS OAUTH");
            return super.apply(request);
        }
        return request;
        //return super.apply(request);
    }

    private boolean isOauth(ServerHttpRequest request) {
        return request.getPath().value().startsWith("/oauth2/authorization/") || request.getPath().value().startsWith("/login/oauth2/code/");
    }
}

Answer 1

I got it working adding the following to eat the prefix before the service ID.

spring:
  cloud:
    gateway:
      discovery:
        locator:
          predicates:
            - Path='/*/'+serviceId+'/**'
          filters:
            - StripPrefix=2

Combined with adding

@Bean
public ForwardedHeaderTransformer forwardedHeaderTransformer() {
    return new ForwardedHeaderTransformer();
}