我正在开发一些相互交互以实现某些功能的微服务。现在尝试使用OAuth2.0标准的spring security来保护此微服务。我正在使用基于JWT的令牌进行身份验证并使用我自己的简单身份验证服务器。通过公用网关(Netflix ZUUL)进行交互,然后尝试通过@ EnableAuth2sso通过网关向下游(当一个微服务与其他微服务进行交互时传播授权标头)。
现在我正试图通过Zuul网关(已启用SSo)从邮递员访问我的一个安全微服务。已成功从我的授权服务器中检索了JWT令牌。
PostMan屏幕截图:
但是当我尝试使用jwt令牌通过网关访问我的安全服务时,它会抛出以下“访问被拒绝”异常。
异常,当我尝试通过网关访问我的服务
Access denied Exception when i try to hit my protected resorce service through gateway
这是我的密码
授权服务器:
AuthorizationServerConfigurerAdapter实现:
@Configuration
@EnableAuthorizationServer
public class O2AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
AuthenticationManager authManager;
@Autowired
UserDetailsService userDetailsService;
@Autowired
TokenEnhancer tokenEnhancer;
@Autowired
JwtAccessTokenConverter jwtAccessTokenConverter;
@Autowired
TokenStore tokenStore;
/*
* @Override public void configure(AuthorizationServerEndpointsConfigurer
* endpoints) throws Exception {
*
* endpoints.authenticationManager(authManager);
* endpoints.userDetailsService(userDetailsService); }
*/
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain enhancer = new TokenEnhancerChain();
enhancer.setTokenEnhancers(Arrays.asList(tokenEnhancer, jwtAccessTokenConverter));
endpoints.tokenStore(tokenStore);
endpoints.tokenEnhancer(enhancer);
endpoints.authenticationManager(authManager);
endpoints.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("MyActiveClient").secret("{noop}activate")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "client_credentials")
.scopes("read");
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()").tokenKeyAccess("permitAll()");
}
}
WebSecurityConfigurerAdapter实现:
@EnableWebSecurity
@Configuration
public class O2AuthSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
// TODO Auto-generated method stub
return super.authenticationManagerBean();
}
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
// TODO Auto-generated method stub
return super.userDetailsServiceBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder encoder=PasswordEncoderFactories.createDelegatingPasswordEncoder();
auth.inMemoryAuthentication()
.withUser("Praveen").password(encoder.encode("Praveen@31")).roles("ADMIN")
.and()
.withUser("Guru").password(encoder.encode("Praveen@31")).roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/**","/user","/auth/user").permitAll().anyRequest().authenticated();
}
}
ZUUL网关代码:
已启用SSo ....
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Sso
public class GatewayServiceBooter {
public static void main(String[] args)
{
SpringApplication.run(GatewayServiceBooter.class,args);
}
}
GateWay属性:
eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka/
eureka.client.registerWithEureka=true
eureka.client.fetchRegistry=true
eureka.instance.leaseRenewalIntervalInSeconds=3
eureka.instance.leaseExpirationDurationInSeconds=3
eureka.instance.preferIpAddress=true
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=5000
zuul.sensitiveHeaders=Cookie,Set-Cookie
security.oauth2.client.accessTokenUri=http://localhost:8090/oauth/token
security.oauth2.client.userAuthorizationUri=http://localhost:8090/oauth/authorize
security.oauth2.client.clientId=MyActiveClient
security.oauth2.client.clientSecret=activate
security.oauth2.resource.userInfoUri=http://localhost:8090/user
我感觉拒绝访问与配置了API访问的这一部分有关
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/**","/user","/auth/user").permitAll().anyRequest().authenticated();
}
请帮帮我。...提前谢谢