Feign 客户端为 Url 抛出未经授权的异常,其中不需要身份验证
[英]Feign Client Throwing Unauthorized Exception for Url, where authentication is not needed
问题描述
我关注了这个博客并创建了一些微服务:Eureka-server、Auth-service、Zuul-service、Gallery-service、Image-service。 从画廊服务中,我想使用 Feign-Client 调用 auth-service API url 不需要身份验证,但客户端抛出 FeignException$Unauthorized 我正在使用 Z1D1FADBD9150349C135781140FFEEDZF 令牌进行身份验证。
//AuthServerProxy.java
@FeignClient(name = "auth-service")
@RibbonClient(name = "auth-service")
public interface AuthServiceProxy {
@PostMapping("/auth/authenticate")
public ResponseEntity<?> authenticate(@RequestBody UserEntity userEntity);
@GetMapping("/auth/register")
public String test();
}
Controller - 图库服务
@Autowired
AuthServiceProxy authServiceProxy;
@GetMapping("/test")
public String test(){
UserEntity userEntity = new UserEntity();
userEntity.setUsername("admin");
userEntity.setPassword("admin");
ResponseEntity<?> responseEntity = authServiceProxy.authenticate(userEntity);
System.out.println(responseEntity.getStatusCode());
return responseEntity.toString();
}
@GetMapping("/test/str")
public String testStr(){
return authServiceProxy.test();
}
安全配置 - ZuulServer、Auth-Service
.antMatchers(HttpMethod.POST, "/auth/authenticate").permitAll()
这是错误日志
ERROR 1123 --- [nio-8100-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is feign.FeignException$Unauthorized: status 401 reading AuthServiceProxy#authenticate(UserEntity)] with root cause
feign.FeignException$Unauthorized: status 401 reading AuthServiceProxy#authenticate(UserEntity)
at feign.FeignException.errorStatus(FeignException.java:94) ~[feign-core-10.2.3.jar:na]
at feign.FeignException.errorStatus(FeignException.java:86) ~[feign-core-10.2.3.jar:na]
at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:93) ~[feign-core-10.2.3.jar:na]
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:149) ~[feign-core-10.2.3.jar:na]
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:78) ~[feign-core-10.2.3.jar:na]
at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103) ~[feign-core-10.2.3.jar:na]
at com.sun.proxy.$Proxy101.authenticate(Unknown Source) ~[na:na]
at com.test.gallery.Controller.test(Controller.java:47) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_201]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_201]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_201]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_201]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1039) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) ~[spring-webmvc-5.1.9.RELEASE.jar:5.1.9.RELEASE]
...
非常感谢任何帮助。 TIA
3 个解决方案
解决方案1
1 2020-08-10 05:32:14
看起来身份验证 header 没有通过FeignClient
尝试添加此配置:
@Bean
public RequestInterceptor requestInterceptor() {
return requestTemplate -> {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
requestTemplate.header(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", details.getTokenValue()));
}
};
}
解决方案2
1 2020-08-17 13:09:05
Feign 不知道应该传递给目标服务的授权。不幸的是,您需要自己处理。下面是一个可以帮助的 java class
@Component
public class FeignClientInterceptor implements RequestInterceptor {
private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String BEARER_TOKEN_TYPE = "Bearer";
@Override
public void apply(RequestTemplate template) {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
template.header(AUTHORIZATION_HEADER, String.format("%s %s", BEARER_TOKEN_TYPE, details.getTokenValue()));
}
}
解决方案3
0 2019-10-29 16:36:54
听起来问题可能是您没有将@EnableResourceServer 附加到您的Auth-Service。
如果没有该注释,任何不属于 spring 安全性 package(例如 /oauth/token、/oauth/check_token)的端点将自动需要授权。
此外,您可能需要添加与此类似的 ResourceServerConfigurerAdapter,以确保将资源端点配置为允许所有这些:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private final TokenStore tokenStore;
public ResourceServerConfig(TokenStore tokenStore) {
this.tokenStore = tokenStore;
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.POST).permitAll()
.and()
.logout().disable()
.csrf().disable();
}
}
*******编辑*********
如果您能够从浏览器中的请求中获得 ok 响应但没有 feign,那么您的问题很可能是您的 Feign 客户端没有指向正确的端点。 通常你会期望一个 404 错误,但由于 API 是安全的,你会得到一个 401,因为它甚至不允许你知道什么是有效端点,除非你经过身份验证或者它是一个不安全的端点
如果您的 AuthServiceProxy feign 客户端使用您的 zuul-server 而不是 auth-service,那么您可以将日志记录添加到您的 zuul 过滤器以查看成功和不成功请求的样子。 从那里进行必要的更改以使您的代理请求与您从浏览器发出的请求相匹配,您应该对 go 感到满意
解决方案4
-1 2021-12-28 17:46:28
谢谢magicjedi90,它有助于了解指向HTTPS而不是HTTP及其作品的想法
401:Apache 轴客户端(java)使用 NTLM 身份验证技术调用 web 服务(.net)时发生未经授权的异常
[英]401: Unauthorized Exception occurred with an apache axis client(java) to invoke a webservice(.net) with an NTLM Authentication Technique
如何使用 Spring Boot feign 客户端进行 Oauth2 身份验证?
[英]How to use Spring Boot feign client for Oauth2 authentication?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.