我一直在尝试构建一个适用于JWT的spring分布式应用程序 . Github回购 - https://github.com/dhananjay12/spring-microservice-demo

服务说明

  • product-service:具有受保护路由的简单下游服务

  • jwt-resoure-server:包含在下游服务中的jar,使其成为提取jwt令牌并在安全上下文中设置它的资源服务器 .

  • eureka-service:发现服务

  • zuul-server:边缘服务器

  • Okta是我的auth服务器

我已经设置了oauth授权类型 - 授权代码(我知道对于spa隐式授权类型是推荐的,但是我们可以说由于某些约束将来我们仅限于此授权类型)

成功登录后的角度客户端,auth服务器恢复到角度应用程序,授权代码如下:

http://localhost:4200/?code=iTJkTvXfESQFvGJmio_l&state=my-state

现在我必须使用此代码命中auth服务器以获取访问权限和ID令牌 .

由于这需要客户端密钥,我必须通过zuul传递它(因为只有后端服务可以有客户端机密),这应该将client_secret添加到正文并将请求转发给auth服务器 .

我正在为最后一部分而苦苦挣扎 . 任何见解?尝试创建一个TokenFilter,但它不适用于post请求 . https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;

import java.io.IOException;

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.FORWARD_TO_KEY;

import javax.servlet.http.HttpServletRequest;

import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;

@Component
public class TokenFilter extends ZuulFilter {

    @Autowired
    private OauthConfiguration oauthConfiguration;

    @Override
    public int filterOrder() {
        return 6;//PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public boolean shouldFilter() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();
        if (request.getRequestURI().contains("/token")) {
            return true;
        }
        return false;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();

        request.setAttribute("client_secret", oauthConfiguration.getClientSecret());

        System.out.println(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
        return null;
    }
}
spring spring-security oauth-2.0 netflix-zuul api-gateway