我用springboot 1.4创建了多个微服务 . 上周我决定实施oauth2授权服务 . 我的计划是这样的,
-
每个请求都应由Eureka注册的zuul网关处理 .
-
因此,eureka将调用新的授权服务以获取access_token .
我发现的问题是我能够直接从另一个端口(8081)中运行的授权服务器获取JWT访问令牌 . 当我试图通过zuul网关获取jwt令牌时,不幸的是我得到一个空字符串 .
请看一下我的网关配置
application.yml(zuul-gateway)
zuul:
routes:
static:
path: /static/**
uaa:
path: /uaa/**
sensitive-headers:
serviceId: microservice-security-oauth2-server
users:
path: /users/**
serviceId: microservice-core-user
security:
basic:
enabled: false
zuul的应用类是
@SpringBootApplication
@EnableZuulProxy
@EnableEurekaClient
@ComponentScan(basePackages={"com.configuration","com.zullfilter"})
public class ZullGatewayServerApplication {
public static void main(String[] args) {
SpringApplication.run(ZullGatewayServerApplication.class, args);
}
}
和授权服务器配置类是
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private Environment environment;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore())
.tokenEnhancer(jwtTokenEnhancer())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(jwtTokenEnhancer());
}
@Bean
protected JwtAccessTokenConverter jwtTokenEnhancer() {
String pwd = environment.getProperty("keystore.password");
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
new ClassPathResource("jwt.jks"),
pwd.toCharArray());
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
return converter;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("service-account-1")
.secret("service-account-1-secret")
.authorizedGrantTypes("client_credentials")
.scopes("resource-server-read", "resource-server-write")
.accessTokenValiditySeconds(6000);
}
}
我正在获取access_token直接请求
curl service-account-1:service-account-1-secret@localhost:8081/uaa/oauth/token -d grant_type=client_credentials
但是当我用zuul代理尝试这个时,我得到一个空字符串
curl service-account-1:service-account-1-secret@localhost:8765/uaa/oauth/token -d grant_type=client_credentials
我正在使用zuul网关版本的1.3和spring boot 1.4
如果有人在此之前遇到过这个问题,请告诉我
1 回答
在我的情况下,解决方案是告诉Zuul不要剥去前缀 . 我在auth服务器上输入了错误的URL并且禁止了401,Zuul正在吞下错误并返回200 .
我在Zuul客户端上有如下所示的ResourceServerConfigurerAdapter . 我不得不禁用CSRF,但我们所有的呼叫都是系统到系统,所以我们应该很好 .