向我的 Azure Kubernetes API-Gateway 發送 GetRequest 時出現 403 錯誤

Question

我在 Azure Kubernetes 提供了一個 API 網關微服務。 當我登錄獲取令牌時，它可以工作，但是如果我想使用 Bearer 令牌訪問資源，它不允許我這樣做。

@Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("/authenticate").permitAll().
            antMatchers("/users").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(jwtRequestFilter,  UsernamePasswordAuthenticationFilter.class);
    }

我的登錄數據來自管理員，但他仍然不允許我從 /users 訪問。 Postman 出現的錯誤代碼是 403。

我懷疑這是由於 Azure SQL 防火牆造成的。

有人能告訴我為什么我可以向我的 API 網關和 JWT 發起發布請求，但沒有得到用戶數據的 GetRequest 嗎？

apiVersion: apps/v1
kind: Deployment
metadata:
  name: apigateway-front
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apigateway-front
  template:
    metadata:
      labels:
        app: apigateway-front
    spec:
      nodeSelector:
        "beta.kubernetes.io/os": linux
      containers:
        - name: apigateway-front
          image: containerregistry.azurecr.io/apigateway:11
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 250m
              memory: 512Mi
          ports:
          - containerPort: 8800
            name: apigateway

---
apiVersion: v1
kind: Service
metadata:
  name: apigateway-front
spec:
  type: LoadBalancer
  ports:
  - port: 8800
  selector:
    app: apigateway-front


---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: contacts
spec:
  replicas: 1
  selector:
    matchLabels:
      app: contacts
  template:
    metadata:
      labels:
        app: contacts
    spec:
      nodeSelector:
        "beta.kubernetes.io/os": linux
      containers:
      - name: contacts
        image: containerregistry.azurecr.io/contacts:12
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 512Mi
        ports:
        - containerPort: 8100
          name: contacts

---
apiVersion: v1
kind: Service
metadata:
  name: contacts
spec:
  ports:
  - port: 8100
  selector:
    app: contacts
---


apiVersion: apps/v1
kind: Deployment
metadata:
  name: templates
spec:
  replicas: 1
  selector:
    matchLabels:
      app: templates
  template:
    metadata:
      labels:
        app: templates
    spec:
      nodeSelector:
        "beta.kubernetes.io/os": linux
      containers:
      - name: templates
        image: containerregistry.azurecr.io/templates:13
        resources:
         requests:
            cpu: 100m
            memory: 128Mi
         limits:
            cpu: 250m
            memory: 512Mi
        ports:
         - containerPort: 8200
           name: templates
---
apiVersion: v1
kind: Service
metadata:
  name: templates
spec:
  ports:
  - port: 8200
  selector:
    app: templates

來自 API-Gateway 的日志

2020-06-08 07:59:36.097  INFO 1700 --- [           main] s.ApiGateway.ApiGatewayApplication       : No active profile set, falling back to default profiles: default
2020-06-08 07:59:37.115  INFO 1700 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2020-06-08 07:59:37.200  INFO 1700 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 1 JPA repository interfaces.
2020-06-08 07:59:37.673  WARN 1700 --- [           main] o.s.boot.actuate.endpoint.EndpointId     : Endpoint ID 'hystrix.stream' contains invalid characters, please migrate to a valid format.
2020-06-08 07:59:37.924  INFO 1700 --- [           main] o.s.cloud.context.scope.GenericScope     : BeanFactory id=1f96386b-fb6d-3ddd-bccb-9a4c4b64c2fd
2020-06-08 07:59:39.047  INFO 1700 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8800 (http)
2020-06-08 07:59:39.062  INFO 1700 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2020-06-08 07:59:39.062  INFO 1700 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-06-08 07:59:39.338  INFO 1700 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2020-06-08 07:59:39.338  INFO 1700 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 3192 ms
2020-06-08 07:59:39.484  WARN 1700 --- [           main] c.n.c.sources.URLConfigurationSource     : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:39.484  INFO 1700 --- [           main] c.n.c.sources.URLConfigurationSource     : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:39.513  INFO 1700 --- [           main] c.netflix.config.DynamicPropertyFactory  : DynamicPropertyFactory is initialized with configuration sources: com.netflix.config.ConcurrentCompositeConfiguration@77bc2e16
2020-06-08 07:59:39.599  WARN 1700 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2020-06-08 07:59:39.939  INFO 1700 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2020-06-08 07:59:40.688  INFO 1700 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2020-06-08 07:59:40.776  INFO 1700 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2020-06-08 07:59:40.881  INFO 1700 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.4.15.Final
2020-06-08 07:59:41.143  INFO 1700 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2020-06-08 07:59:41.385  INFO 1700 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.SQLServer2012Dialect
2020-06-08 07:59:42.377  INFO 1700 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2020-06-08 07:59:42.388  INFO 1700 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2020-06-08 07:59:43.793  INFO 1700 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@498b611e, org.springframework.security.web.context.SecurityContextPersistenceFilter@47fca3cc, org.springframework.security.web.header.HeaderWriterFilter@6c2dd88b, org.springframework.security.web.authentication.logout.LogoutFilter@3909a854, sendMessage.ApiGateway.JwtRequestFilter@1b98355f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6a0c7af6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3d7b3b18, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6dde1bf5, org.springframework.security.web.session.SessionManagementFilter@484b5a21, org.springframework.security.web.access.ExceptionTranslationFilter@5bccaedb, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1e000a17]
2020-06-08 07:59:43.838  WARN 1700 --- [           main] c.n.c.sources.URLConfigurationSource     : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:43.838  INFO 1700 --- [           main] c.n.c.sources.URLConfigurationSource     : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:44.010  INFO 1700 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2020-06-08 07:59:44.219  WARN 1700 --- [           main] ion$DefaultTemplateResolverConfiguration : Cannot find template location: classpath:/templates/ (please add some templates or check your Thymeleaf configuration)
2020-06-08 07:59:44.672  INFO 1700 --- [           main] o.s.c.n.zuul.ZuulFilterInitializer       : Starting filter initializer
2020-06-08 07:59:44.689  INFO 1700 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 2 endpoint(s) beneath base path '/actuator'
2020-06-08 07:59:44.769  INFO 1700 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8800 (http) with context path ''
2020-06-08 07:59:44.916  INFO 1700 --- [           main] s.ApiGateway.ApiGatewayApplication       : Started ApiGatewayApplication in 10.045 seconds (JVM running for 15.368)
2020-06-08 08:19:19.354  INFO 1700 --- [nio-8800-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-06-08 08:19:19.355  INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2020-06-08 08:19:19.395  INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet        : Completed initialization in 40 ms
2020-06-08 08:19:19.450  WARN 1700 --- [nio-8800-exec-2] o.s.c.n.zuul.web.ZuulHandlerMapping      : No routes found from RouteLocator

Answer 1

問題解決了。 我忘記在 Postman 中寫授權 header