Accessing a oauth2 secured service via WSO2 API Manager
Question
我有一个项目,其中有多个使用Spring oauth2保护的微服务。我已经在WSO2 API Manager上发布了这些服务,并禁用了WSO2的oauth2功能,因为我的服务已经使用Spring oauth2保护了。在WSO2上,使用spring oauth2的令牌,我得到响应,或者状态代码0为“无响应”,或者状态代码为403未经授权。这里可能是问题所在。
1 answers
solution1
0 2018-04-16 09:15:32
The WSO2AM (API Manager) authorizes the clients using the OAuth protocol and the backend services should trust the WSO2AM providing service authorization.
The API MAnager is not able (by default) validate the tokens of your backend services.
As far I know WSO2 AM clears the "Authorization" header to the backend services. (correct me when I am wrong).
your options:
Setup a proper environment, where APIM is used to authorize users. The APIM can send a JWT token to the backend services with user identity and attributes and the backend service will validate and trust the APIM JWT token containing user identity and attributes. I really suggest you stick to the way how APIM works and not try to force it working other way
If you really must using your own OAuth tokens, you could send the authorization token in different header (which will not get cleared)
You could create a custom mediation flow to to re-enter the authorization header into the request (I am not sure if you will need to update the exposed api mediation flow too or not to skip the default authorizer).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.