[英]Spring WebClient Configuration Okta OAuth2
I'm building an API Gateway which uses Spring Webflux, Spring Cloud Gateway, Spring Cloud Security & Okta for OAuth2.我正在构建一个 API 网关,它使用 Spring Webflux,Spring 云网关,Z38008DD81C2F4D798Z5ECF6 用于 OCEAF21D798ZECF6
Here's my RouteLocator, through which I can call my Foo Microservice.这是我的 RouteLocator,我可以通过它调用我的 Foo 微服务。
@Bean
public RouteLocator routeLocator(RouteLocatorBuilder builder, TokenRelayGatewayFilterFactory filterFactory) {
return builder.routes()
.route("foo", r ->
r.path("/foo")
.filters(f -> f
.rewritePath("/foo", "/api/v1/foo")
.filter(filterFactory.apply()))
.uri("lb://foo-service")
)
.build();
}
This works perfectly fine.这工作得很好。
However, since I need to aggregate the results of different microservices, let's say Foo and Bar, I'm creating a load balanced Spring WebClient bean that I can use to make http calls:但是,由于我需要聚合不同微服务的结果,比如说 Foo 和 Bar,我正在创建一个负载平衡的 Spring WebClient bean,我可以使用它来进行 http 调用:
@Bean
@LoadBalanced
public WebClient.Builder webClientBuilder() {
return WebClient.builder();
}
How can I configure the WebClient to pass the Token on every request the same way as the TokenRelayGatewayFilterFactory does in the RouteLocator?如何配置 WebClient 以在每个请求上传递令牌,就像 TokenRelayGatewayFilterFactory 在 RouteLocator 中所做的那样?
EDIT:编辑:
Here's my updated WebClient bean:这是我更新的 WebClient bean:
@Bean
@LoadBalanced
public WebClient.Builder webClientBuilder(ReactiveClientRegistrationRepository clientRegistrations,
ServerOAuth2AuthorizedClientRepository authorizedClients) {
var oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients);
oauth.setDefaultOAuth2AuthorizedClient(true);
oauth.setDefaultClientRegistrationId("okta");
return WebClient
.builder()
.filter(oauth);
}
Now it seems like it is working on the Chrome browser.现在它似乎在 Chrome 浏览器上运行。 After logging in on Okta I can access /foo on Foo microservice through Http GET.
登录 Okta 后,我可以通过 Http GET 访问 Foo 微服务上的 /foo。 Although when I try an Http POST on /foo through Postman, (while adding the Authorization header), I'm getting a 302 response that redirects me to an Okta html page.
虽然当我通过 Postman 在 /foo 上尝试 Http POST 时(在添加授权标头时),但我收到了 302 响应,将我重定向到 Okta ZFC35FDC70D5FC69D269883A822C7A 页面。
Funnily enough, using the RouteLocator I don't get any redirection and both GET and POST work through Postman.有趣的是,使用 RouteLocator 我没有得到任何重定向,GET 和 POST 都通过 Postman 工作。 The redirection seems to be happening only when using WebClient.
重定向似乎仅在使用 WebClient 时发生。
Any idea why?知道为什么吗?
EDIT #2:编辑#2:
My Security config file:我的安全配置文件:
@Configuration
@EnableWebFluxSecurity
class SecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http
.csrf().disable()
.authorizeExchange().anyExchange().authenticated()
.and()
.oauth2Login()
.and()
.oauth2ResourceServer().jwt()
.and()
.and().build();
}
@Bean
CorsWebFilter corsWebFilter(){
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.setAllowedOrigins(List.of("*"));
corsConfig.setMaxAge(3600L);
corsConfig.addAllowedMethod("*");
corsConfig.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig);
return new CorsWebFilter(source);
}
}
Take a look at ServletOAuth2AuthorizedClientExchangeFilterFunction (or the reactive equivalent) This video covers it in more detail: https://youtu.be/v2J32nd0g24?t=2168看看 ServletOAuth2AuthorizedClientExchangeFilterFunction (或反应式等效)这个视频更详细地介绍了它: https://youtu.be/v2J32nd0g24?t=2168
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.