[英]Disable or bypass OAuth security for microservice-to-microservice communication in Spring Boot
I have some microservices in Spring Boot and my front end application is in angular. I am using OpenID Connect for authentication and authorization.我在 Spring Boot 中有一些微服务,我的前端应用程序在 angular 中。我正在使用 OpenID Connect 进行身份验证和授权。 Right now, in my application, when the angular app is loaded, it redirects the user to the authentication server and after login the token is received which is sent by the angular application in each HTTP request to the resource servers.现在,在我的应用程序中,当加载 angular 应用程序时,它会将用户重定向到身份验证服务器,并在登录后收到令牌,该令牌由 angular 应用程序在每个 HTTP 请求中发送到资源服务器。 Now I have a question.现在我有一个问题。 My microservices also communicate with each other but as each microservice is acting as a resource server and the Rest APIs are secure now, so microservices can not communicate.我的微服务也相互通信,但由于每个微服务都充当资源服务器,并且 Rest API 现在是安全的,因此微服务无法通信。 What I want to achieve is that the requests which are sent by the user from the angular app should contain a token and those requests should be verified but I want to bypass or disable OAuth security for inter service-service communication between microservices.我想要实现的是,用户从 angular 应用程序发送的请求应该包含一个令牌,并且应该验证这些请求,但我想绕过或禁用 OAuth 微服务之间服务间通信的安全性。 Is there any way to achieve this in Spring Boot?有什么办法可以在 Spring Boot 中实现这一点?
Do not disable OAuth2 security in your micro-services:不要在您的微服务中禁用 OAuth2 安全性:
In first case, you can access bearer token from the Authentication in the security context.在第一种情况下,您可以从安全上下文中的身份验证访问不记名令牌。 Add this Bearer string as Authorization header to the requests to other micro-services.将此 Bearer 字符串作为 Authorization header 添加到对其他微服务的请求中。
In second case configuring REST client (WebClient, RestTemplate, FeignClient, ...) with client credentials is usually enough for it to automatically fetch an access-token from the authorization-server and add it as bearer header before sending requests to the resource-server.在第二种情况下,使用客户端凭据配置 REST 客户端(WebClient、RestTemplate、FeignClient 等)通常足以使其自动从授权服务器获取访问令牌并将其添加为承载 header,然后再向资源发送请求-服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.