Zuul spring安全性并在请求中添加附加参数

时间:2016-07-06 17:48:01

标签: spring spring-cloud microservices netflix-zuul spring-cloud-netflix

我正在使用Spring Microservices构建微服务,我有两个与之相关的问题。

1。我在Api网关中有Spring安全性,即 Zuul服务器,如果我已经从流中读取一次请求进行身份验证(从POST请求获取用户名/传递),Zuul现在不转发任何请求<登记/> Request Header
如何阅读请求,然后再将相同的请求转发给下游服务?

2. Zuul没有将 request.setAttribute()转发给下游服务,因此解决方法是使用 ctx.addZuulRequestHeader ,这会使 public Authentication getAuthentication(HttpServletRequest request) { final String token = request.getHeader(AUTH_HEADER_NAME); logger.info("token="+token); if (token != null) { logger.info("Entering getAuthentication"); final UserToken userInfo = tokenHandler.validateToken(token); if (userInfo != null && token.equals(String.valueOf(redisUtility.getValue(userInfo.getUsername()+"_"+userInfo.getUniqueId())))) { logger.info("Validating token key="+userInfo.getUsername()+"_"+userInfo.getUniqueId()); User user=userDetailsService.loadUserByUsername(userInfo.getUsername()); if(user!=null && user.getUsername().equals(userInfo.getUsername()) && user.getLastPasswordResetTime()<userInfo.getCreatedTime()){ request.setAttribute("username",user.getUsername());//**Not able to fetch this in Downstream services** logger.info("Token Authenticated for User "+user.getUsername()); return new UserAuthentication(user); } } } return null; } public class SimpleFilter extends ZuulFilter { private static Logger log = LoggerFactory.getLogger(SimpleFilter.class); @Override public String filterType() { return "pre"; } @Override public int filterOrder() { return 1; } @Override public boolean shouldFilter() { return true; } @Override public Object run() { RequestContext ctx = RequestContext.getCurrentContext(); HttpServletRequest request = ctx.getRequest(); request.setAttribute("test", "test");// Not able to get this in services log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString())); return null; } @Bean public SimpleFilter simpleFilter() { return new SimpleFilter(); } @RequestMapping(value = "/test/avl",method=RequestMethod.POST) public String test(HttpServletRequest request) { System.out.println(request.getAttribute("test")+""); return "Spring in Action"; } 太大,如何实现 request.setAttribute 并获取下游服务。

SELECT
    T1.my_column,
    T2.my_other_column
FROM
    Table1 T1
INNER JOIN Table2 T2 ON
    T2.a = T1.a AND
    T2.b = T1.b AND
    (T2.c = T1.c OR T1.c IS NULL)

1 个答案:

答案 0 :(得分:1)

我知道它已经晚了1年。但对于任何新访客。

创建过滤器。

@Component
public class AuthenticationFilter extends ZuulFilter {
    @Override
    public String filterType() {
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 1;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();

        ctx.addZuulRequestHeader("userId", "123456789");
        return null;
    }
}

使用@Component注释它,因此它将自动加载。在内部运行方法中,使用addZuulRequestHeader