I have simple spring boot app that proxy some api with zuul proxy
@EnableZuulProxy
@SpringBootApplication
public class DemoClientApplication {
public static void main(String[] args) {
SpringApplication.run(DemoClientApplication.class, args);
}
}
application.yml
server:
port: 8080
zuul:
routes:
test:
path: /api/**
url: http://localhost:8081/api/
localhost:8081 has basic auth, something like
localhost:8081/j_spring_security_check?j_username=user&j_password=pass
that return me cookies with JSESSIONID and by setting up this JSESSIONID to header i can get resource. I cant change localhost:8081 because its not my service. How can I get this JSESSIONID and setting up to zuul? Can I do this just with yml?
I think you are asking about Sensitive Headers in the configuration options. By default, headers Cookie, Set-Cookie, Authorization are blocked by the sensitiveHeaders: Cookie,Set-Cookie,Authorization
configuration. It can be overridden, but you need to be sure that you are not leaking sensitive information in cookies down stream:
zuul:
routes:
users:
path: /myusers/**
sensitiveHeaders:
url: https://downstream
But first you need to read why they are disabled in the Spring Cloud documentation:
You can share headers between services in the same system, but you probably do not want sensitive headers leaking downstream into external servers. You can specify a list of ignored headers as part of the route configuration. Cookies play a special role, because they have well defined semantics in browsers, and they are always to be treated as sensitive. If the consumer of your proxy is a browser, then cookies for downstream services also cause problems for the user, because they all get jumbled up together (all downstream services look like they come from the same place).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.