我有一个应用程序试图在Zuul代理下调用RESTApi。
应用程序具有OAuth2服务器提供的有效jwt令牌。 我在标头中有承载授权的令牌,但我有一个 401 (“访问此资源需要完全身份验证”)响应来自zuul服务器。
我的zuul配置:
eureka:
client:
registerWithEureka: true
fetchRegistry: true
serviceUrl:
defaultZone: http://localhost:8761/eureka/
instance:
leaseRenewalIntervalInSeconds: 10
statusPageUrlPath: ${management.context_path}/info
healthCheckUrlPath: ${management.context_path}/health
server:
port: 80
management:
port: 81
context_path: /admin
security:
sessions: stateless
# Disable Spring Boot basic authentication
basic:
enabled: false
endpoints:
restart:
enabled: true
shutdown:
enabled: true
health:
sensitive: false
# The OAuth2 server definition that would be used to send the authorization requests to
authserver:
hostname: localhost
port: 9000
contextPath: uaa
spring:
oauth2:
resource:
userInfoUri: http://${authserver.hostname}:${authserver.port}/${authserver.contextPath}/user
jwt.key-uri: http://${authserver.hostname}:${authserver.port}/${authserver.contextPath}/oauth/token_key
preferTokenInfo: false
output:
ansi:
enabled: ALWAYS
主要的zuul文件:
@SpringBootApplication
@EnableZuulProxy
@EnableResourceServer
public class ZuulApplication {
public static void main(String[] args) {
new SpringApplicationBuilder(ZuulApplication.class).web(true).run(args);
}
}
zuul安全配置文件:
@Configuration
public class WebSecurityConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/admin/trace").permitAll()
.anyRequest().authenticated()
;
}
}
restApi的召唤:
final String access_token = (String) httpSession.getAttribute(OAuthComponent.HTTPSESSION_OAUTH_ACCESS_TOKEN);
final MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
headers.add("Authorization", "Bearer " + access_token);
headers.add("Content-Type", "application/json");
final HttpEntity<Object> request = new HttpEntity<>(searchParams,headers);
return restOperations.postForObject("http://localhost/ms-arbre-recherche/utilisateur/search", request, Object.class);
我使用Spring cloud Brixton SR2和spring boot 1.4.0RC1。
答案 0 :(得分:1)
这是我的安全配置:
@Configuration
@EnableResourceServer
public class JwtSecurityConfig extends ResourceServerConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/oauth/**").permitAll()
.antMatchers("/**").hasAuthority("ROLE_API")
.and()
.csrf().disable();
}
}
我做的主要不同的是我使用的是OauthRestTemplate。
@Configuration
public class ActivationApiEndpointConfig {
@Bean
protected OAuth2ProtectedResourceDetails resource() {
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource
.setAccessTokenUri("http://cdpsit04is01.eng.rr.com:8888/oauth/token");
resource.setClientId("clientid");
resource.setClientSecret("clientsecret");
resource.setGrantType("client_credentials");
resource.setScope(Arrays.asList("write", "read"));
resource.setAuthenticationScheme(AuthenticationScheme.header);
return resource;
}
@Bean
public OAuth2RestOperations applicationApiTemplate() {
AccessTokenRequest atr = new DefaultAccessTokenRequest();
return new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
}
}
然后
String returnValue = applicationApiTemplate.getForObject(uri.expand(pathVariables).toUri(), String.class);
你还需要确保你的pom(或取决于):
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>