我一直在尝试构建一个适用于JWT的spring分布式应用程序 . Github回购 - https://github.com/dhananjay12/spring-microservice-demo
服务说明
-
product-service:具有受保护路由的简单下游服务
-
jwt-resoure-server:包含在下游服务中的jar,使其成为提取jwt令牌并在安全上下文中设置它的资源服务器 .
-
eureka-service:发现服务
-
zuul-server:边缘服务器
-
Okta是我的auth服务器
我已经设置了oauth授权类型 - 授权代码(我知道对于spa隐式授权类型是推荐的,但是我们可以说由于某些约束将来我们仅限于此授权类型)
成功登录后的角度客户端,auth服务器恢复到角度应用程序,授权代码如下:
http://localhost:4200/?code=iTJkTvXfESQFvGJmio_l&state=my-state
现在我必须使用此代码命中auth服务器以获取访问权限和ID令牌 .
由于这需要客户端密钥,我必须通过zuul传递它(因为只有后端服务可以有客户端机密),这应该将client_secret添加到正文并将请求转发给auth服务器 .
我正在为最后一部分而苦苦挣扎 . 任何见解?尝试创建一个TokenFilter,但它不适用于post请求 . https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
import java.io.IOException;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.FORWARD_TO_KEY;
import javax.servlet.http.HttpServletRequest;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
@Component
public class TokenFilter extends ZuulFilter {
@Autowired
private OauthConfiguration oauthConfiguration;
@Override
public int filterOrder() {
return 6;//PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public boolean shouldFilter() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
if (request.getRequestURI().contains("/token")) {
return true;
}
return false;
}
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
request.setAttribute("client_secret", oauthConfiguration.getClientSecret());
System.out.println(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
return null;
}
}