Spring 引导 oauth2 响应,重定向 url 作为基础服务而不是代理(网关)
[英]Spring boot oauth2 response with redirect url as underlying service instead of proxy (Gateway)
问题描述
I am implementing oauth2 server using Springboot
我正在使用 Springboot 实现 oauth2 服务器
I have four microservices我有四个微服务
- Sales (sales)销售额(销售额)
- Inventory (inventory)库存(存货)
- IAM service (Authorization Server, with Oauth2) (http://iam:8089) IAM 服务(授权服务器,带 Oauth2)(http://iam:8089)
- Gateway (gateway on http://www.gateway.com )网关(网关在http://www.gateway.com )
All these services are behind the Spring clould gateway, and its deployed under K8S, And Gateway is exposed as external interface.所有这些服务都在Spring云网关后面,部署在K8S下,网关对外暴露接口。
Now if I try to do authenticat user using oauth2 throught gateway like below.现在,如果我尝试使用 oauth2 通过网关对用户进行身份验证,如下所示。
Step 1:步骤1:
Http Request http://www.gateway.com/oauth/authorize Http 请求http://www.gateway.com/oauth/authorize
So in Response header I am getting like所以在响应 header 中我越来越喜欢
Location : http://iam:8089/v1/oauth/login (But expectation is http://www.gateway.com/oauth/login )位置:http://iam:8089/v1/oauth/login(但期望是http://www.gateway.com/oauth/login )
and because of that browser redirect me to http://iam:8089/oauth/login并且由于该浏览器将我重定向到 http://iam:8089/oauth/login
Where Ideally I am expecting that also routed through gateway service something like理想情况下,我希望它也通过网关服务进行路由,例如
http://www.gateway.com/oauth/login http://www.gateway.com/oauth/login
Can someone please help me to solve this.有人可以帮我解决这个问题吗?
Thanks Alpesh谢谢阿尔佩什
1 个解决方案
解决方案1
0 2021-06-17 18:08:51
Sounds like a good setup in line with what we recommend at Curity in our IAM Primer Article , with the Authorization Server (AS) behind a reverse proxy or gateway.听起来这是一个很好的设置,符合我们在IAM 入门文章中的 Curity 推荐的设置,授权服务器 (AS) 在反向代理或网关后面。
In your case the AS listens at http://Iam:8089 but that is an internal URL. The AS also has a 'Base URL' that is used by inte.net clients, and this is the URL of the gateway, which is http://www.gateway.com in your example:在您的情况下,AS 侦听 http://Iam:8089,但这是一个内部 URL。AS 也有一个供 inte.net 客户端使用的“基本 URL”,这是网关的 URL,它是http://www.gateway.com在你的例子中:
- It will be returned to clients in OpenID Connect discovery requests它将在 OpenID Connect 发现请求中返回给客户端
- It will be returned to browsers in browser redirects during authentication在身份验证期间,它将在浏览器重定向中返回给浏览器
There should be somewhere in Spring OAuth2 Server where you set the Base URL, similar to that in the Curity Identity Server (see image below).应该在 Spring OAuth2 服务器中的某处设置基础 URL,类似于 Curity Identity Server 中的设置(见下图)。 The process should be to set this value and then verify that it is returned in a metadata request.该过程应该是设置此值,然后验证它是否在元数据请求中返回。 You should then be configured correctly.然后您应该正确配置。
In Spring I expect the setting you need is in the fluent configuration somewhere - maybe one of the Configurer classes .在 Spring 中,我希望您需要的设置在某处的流畅配置中-也许是Configurer 类之一。 I find it pretty hard to find what I'm looking for in Spring though.不过,我发现很难在 Spring 中找到我要找的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.