春季启动Oauth2:使用Feign,Ribbon,Zull和Eureka从客户端到资源的令牌中继

时间:2018-11-21 14:53:04

标签: spring-boot spring-security oauth-2.0 netflix-zuul spring-cloud-feign

我有一个oauth2客户端,该客户端成功从授权服务器获取令牌。 (并非总是如此,但现在是...:))

客户端,zuul网关和资源服务器都在Eureka中注册。

我的客户端使用代理访问名为microservice-files的远程资源服务。

@RestController
@FeignClient(name = "zuul-server")
@RibbonClient(name = "microservice-files")

public interface ProxyMicroserviceFiles {

    @GetMapping(value = "microservice-files/root")
    FileBean getUserRoot();

}

所以我想将令牌中继到Zull,然后再中继到资源服务器。

我可以通过这种方式中继令牌来联系Zuul,显然负载平衡也得到了管理(我刚刚测试过我不知道,这很好),zuul也可以中继令牌,但是我不是很方便d喜欢以前的方法。

@EnableConfigurationProperties
@SpringBootApplication
@EnableFeignClients("com.clientui")
public class ClientUiApplication {

    @Bean
    public OAuth2RestOperations restOperations(
            OAuth2ProtectedResourceDetails resource, 
            OAuth2ClientContext context) {

        return new OAuth2RestTemplate(resource, context);
    }

    public static void main(String[] args) {

        SpringApplication.run(ClientUiApplication.class, args);
    }
}

这是测试控制者

@Controller
public class ClientController {

    @Autowired
    private RestOperations restOperations;

    @RequestMapping("/root")
    public ResponseEntity userRootTest() {

       String rootUrl = "http://localhost:9004/microservice-files/root";

       return  restOperations.getForEntity(rootUrl,FileBean.class);

    }

}

2 个答案:

答案 0 :(得分:1)

如果我正确理解了您的问题,那么您可以使用RequestInterceptor在伪装的每个请求中添加一个令牌。为此,您可以使用下一个配置:

@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(OAuth2ClientContext oauth2ClientContext,
                                                        OAuth2ProtectedResourceDetails resource) {
    return new OAuth2FeignRequestInterceptor(oauth2ClientContext, resource);
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    resource.setAccessTokenUri("http://127.0.0.1:9000/auth/login");
    resource.setUserAuthorizationUri("http://127.0.0.1:9000/auth/authorize");
    resource.setClientId("my-client");
    resource.setClientSecret("my-secret");
    return resource;
}

答案 1 :(得分:0)

这就是我使它起作用的方法。

 @Bean(name = "oauth2RestTemplate")
    @LoadBalanced
    public OAuth2RestTemplate restTemplate(SpringClientFactory clientFactory) {
        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails());
        RibbonLoadBalancerClient ribbonLoadBalancerClient = new RibbonLoadBalancerClient(clientFactory);
        LoadBalancerInterceptor loadBalancerInterceptor = new LoadBalancerInterceptor(ribbonLoadBalancerClient);
        ClientCredentialsAccessTokenProvider accessTokenProvider = new ClientCredentialsAccessTokenProvider();
        accessTokenProvider.setInterceptors(Arrays.asList(loadBalancerInterceptor));
        restTemplate.setAccessTokenProvider(accessTokenProvider);

        return restTemplate;
    }

    public ClientCredentialsResourceDetails resourceDetails() {
        ClientCredentialsResourceDetails clientCredentialsResourceDetails = new ClientCredentialsResourceDetails();
        clientCredentialsResourceDetails.setId("1");
        clientCredentialsResourceDetails.setClientId("my-ms");
        clientCredentialsResourceDetails.setClientSecret("123");
        clientCredentialsResourceDetails.setAccessTokenUri("http://oauth-server/oauth/token");
        clientCredentialsResourceDetails.setScope(Arrays.asList("read"));
        clientCredentialsResourceDetails.setGrantType("client_credentials");
        
        return clientCredentialsResourceDetails;
    }
相关问题
最新问题