首页 文章

使用zuul网关时,autherization服务不响应access_token

提问于
浏览
1

我用springboot 1.4创建了多个微服务 . 上周我决定实施oauth2授权服务 . 我的计划是这样的,

  • 每个请求都应由Eureka注册的zuul网关处理 .

  • 因此,eureka将调用新的授权服务以获取access_token .

我发现的问题是我能够直接从另一个端口(8081)中运行的授权服务器获取JWT访问令牌 . 当我试图通过zuul网关获取jwt令牌时,不幸的是我得到一个空字符串 .

请看一下我的网关配置

application.yml(zuul-gateway)

zuul:
   routes: 
    static:
    path: /static/** 
   uaa:
    path: /uaa/**
    sensitive-headers: 
    serviceId: microservice-security-oauth2-server
   users:
    path: /users/**
    serviceId: microservice-core-user



security:
 basic:
  enabled: false

zuul的应用类是

@SpringBootApplication
 @EnableZuulProxy
 @EnableEurekaClient
 @ComponentScan(basePackages={"com.configuration","com.zullfilter"})
 public class ZullGatewayServerApplication {

    public static void main(String[] args) {
      SpringApplication.run(ZullGatewayServerApplication.class, args);
    }

}

和授权服务器配置类是

@Configuration
   @EnableAuthorizationServer
   public class OAuth2AuthorizationConfiguration extends  AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private Environment environment;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.tokenStore(tokenStore())
            .tokenEnhancer(jwtTokenEnhancer())
            .authenticationManager(authenticationManager);
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}

@Bean
public TokenStore tokenStore() {
    return new JwtTokenStore(jwtTokenEnhancer());
}

@Bean
protected JwtAccessTokenConverter jwtTokenEnhancer() {
    String pwd = environment.getProperty("keystore.password");
    KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
            new ClassPathResource("jwt.jks"),
            pwd.toCharArray());
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
    return converter;
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
            .withClient("service-account-1")
            .secret("service-account-1-secret")
            .authorizedGrantTypes("client_credentials")
            .scopes("resource-server-read", "resource-server-write")
            .accessTokenValiditySeconds(6000);
 }
}

我正在获取access_token直接请求

curl service-account-1:service-account-1-secret@localhost:8081/uaa/oauth/token -d grant_type=client_credentials

但是当我用zuul代理尝试这个时,我得到一个空字符串

curl service-account-1:service-account-1-secret@localhost:8765/uaa/oauth/token -d grant_type=client_credentials

我正在使用zuul网关版本的1.3和spring boot 1.4

如果有人在此之前遇到过这个问题,请告诉我

spring-boot oauth-2.0 microservices netflix-zuul

1 回答

  • 1

    在我的情况下,解决方案是告诉Zuul不要剥去前缀 . 我在auth服务器上输入了错误的URL并且禁止了401,Zuul正在吞下错误并返回200 .

    zuul:
  routes:
    auth:
      path: /oauth/**
      serviceId: saapi-auth-server
      stripPrefix: false
      sensitiveHeaders: true

    我在Zuul客户端上有如下所示的ResourceServerConfigurerAdapter . 我不得不禁用CSRF,但我们所有的呼叫都是系统到系统,所以我们应该很好 .

    @Configuration
@EnableResourceServer
public class JwtSecurityConfig extends ResourceServerConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/oauth/**").permitAll()
            .antMatchers("/api/**").hasAuthority("ROLE_API_ACCESS")
            .and()
            .csrf().disable();
    }
}
    回复于

相关问题