Zuul spring安全性并在请求中添加附加参数-Java 学习之路

我正在使用Spring Microservices构建微服务，我有两个与之相关的问题 .

1.我在Api网关中有 spring 安全性，即 Zuul server ，现在如果我已经从流中读取一次要求进行身份验证（从POST请求获取用户名/传递），则Zuul不转发任何请求
new ObjectMapper().readValue(request.getInputStream(), UserDto.class);
How can I read the request and then again forward the same request to Downstream services?

Zuul没有向下游服务转发 request.setAttribute() ，因此解决方法是使用 ctx.addZuulRequestHeader ，这使得 Request Header 太大了，我如何实现 request.setAttribute 并进入下游服务 .

public Authentication getAuthentication(HttpServletRequest request) {
    final String token = request.getHeader(AUTH_HEADER_NAME);
    logger.info("token="+token);
    if (token != null) {
        logger.info("Entering getAuthentication");
        final UserToken userInfo = tokenHandler.validateToken(token);
        if (userInfo != null
                && token.equals(String.valueOf(redisUtility.getValue(userInfo.getUsername()+"_"+userInfo.getUniqueId())))) {
            logger.info("Validating token key="+userInfo.getUsername()+"_"+userInfo.getUniqueId());
            User user=userDetailsService.loadUserByUsername(userInfo.getUsername());
            if(user!=null && user.getUsername().equals(userInfo.getUsername())
                && user.getLastPasswordResetTime()<userInfo.getCreatedTime()){
                request.setAttribute("username",user.getUsername());//**Not able to fetch this in Downstream services**
                logger.info("Token Authenticated for User "+user.getUsername());
                return new UserAuthentication(user);
            }
        } 
    }
    return null;
}


  public class SimpleFilter extends ZuulFilter {

      private static Logger log = LoggerFactory.getLogger(SimpleFilter.class);

      @Override
      public String filterType() {
        return "pre";
      }

      @Override
      public int filterOrder() {
        return 1;
      }

      @Override
      public boolean shouldFilter() {
        return true;
      }

      @Override
      public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();
        request.setAttribute("test", "test");// Not able to get this in services
        log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));

        return null;
      }

 @Bean
  public SimpleFilter simpleFilter() {
    return new SimpleFilter();
  }

@RequestMapping(value = "/test/avl",method=RequestMethod.POST)
  public String test(HttpServletRequest request) {
    System.out.println(request.getAttribute("test")+"");
    return "Spring in Action";
  }

1 回答

我知道已经晚了一年 . 但对于任何新访客 .

创建一个过滤器 .

@Component
public class AuthenticationFilter extends ZuulFilter {
    @Override
    public String filterType() {
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 1;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();

        ctx.addZuulRequestHeader("userId", "123456789");
        return null;
    }
}

用@Component注释它，因此它将被自动加载 . 内部运行方法，使用 addZuulRequestHeader

回复于 2024-05-05T19:35:53+08:00

Zuul spring安全性并在请求中添加附加参数

1 回答

相关问题