是否可以使用Zuul作为"假的"资源服务器,在返回代理&#d; d内容之前检查OAuth2范围?
类似的东西:
project.task('stageMyEar', type: Upload) {
configuration = getDefaultConfiguration()
repositories {
maven {
url "${projectProperty('releaseArtifactoryUrl')}"
credentials {
username "${projectProperty('releaseArtifactoryUsername')}"
password "${projectProperty('releaseArtifactoryPassword')}"
}
}
}
}
private getDefaultConfiguration() {
def defaultConfiguration = project.configurations.archives
defaultConfiguration.artifacts.each {
it.buildDependencies.values.clear()
}
project.version = 'current'
return defaultConfiguration
}
内部API服务可以免于任何安全问题,Zuul代理服务充当网关。以上所有都是Spring应用程序,如果这有所不同。
答案 0 :(得分:1)
绝对
您还必须配置资源服务器的配置 创建一个bean ResourceServerConfig,它扩展ResourceServerConfigurerAdapter并覆盖configure(HttpSecurity security)方法。使用@EnableResourceServer注释对其进行注释。
类似这样的事情
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// .antMatchers("/swagger*", "/v2/**")
// .access("#oauth2.hasScope('read')")
.anyRequest()
.permitAll();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
// Resource resource = new ClassPathResource("publicKey.txt");
// String publicKey = null;
//
// try {
// publicKey = IOUtils.toString(resource.getInputStream(), Charset.defaultCharset());
// } catch (final IOException e) {
// throw new RuntimeException(e);
// }
// converter.setVerifierKey(publicKey);
return converter;
}
}