Spring zuul 授权码授权类型 [英] Spring zuul for authorization code grant type
问题描述
我一直在尝试构建一个适用于 JWT 的 Spring 分布式应用程序.Github 存储库 - https://github.com/dhananjay12/spring-microservice-demo
I have been trying to build a spring distributed application that works on JWT. Github repo - https://github.com/dhananjay12/spring-microservice-demo
服务说明
- product-service :具有受保护路由的简单下游服务
- jwt-resoure-server :包含在下游服务中的 jar使其成为提取 jwt 令牌并将其设置的资源服务器安全环境.
- eureka-service:发现服务
- zuul-server : 边缘服务器
- Okta 是我的身份验证服务器
我已将 oauth 授权类型设置为 - 授权代码(我知道建议使用 spa 隐式授权类型,但可以说由于将来的某些限制,我们仅限于此授权类型)
I have set oauth grant type to be - Authorization code (I know for spa implicit grant type is recommended but lets say due to some constraint in future we are restricted to this grant type)
因此,成功登录后 angular 客户端,身份验证服务器使用以下授权代码恢复到 angular 应用程序:
So angular client after successfully login, auth server revert back to the angular app with authorization code like :
http://localhost:4200/?code=iTJkTvXfESQFvGJmio_l&state=my-状态
现在我必须使用此代码访问身份验证服务器才能获取访问权限和 ID 令牌.
Now I have to hit auth server with this code to get the access and id token.
因为这需要客户端密码,所以我必须通过 zuul(因为只有后端服务可以有客户端密码),这应该将 client_secret 添加到正文并将请求转发到身份验证服务器.
Since this requires client secret, I have to pass it through zuul (as only back-end service can have client secrets), which should add client_secret to the body and forward the request to auth server.
我正在为这最后一部分苦苦挣扎.任何见解?尝试创建 TokenFilter,但它不适用于发布请求.https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver
I am struggling with this last part. Any insights? Tried creating a TokenFilter, but its not working for post request. https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
import java.io.IOException;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.FORWARD_TO_KEY;
import javax.servlet.http.HttpServletRequest;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
@Component
public class TokenFilter extends ZuulFilter {
@Autowired
private OauthConfiguration oauthConfiguration;
@Override
public int filterOrder() {
return 6;//PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public boolean shouldFilter() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
if (request.getRequestURI().contains("/token")) {
return true;
}
return false;
}
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
request.setAttribute("client_secret", oauthConfiguration.getClientSecret());
System.out.println(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
return null;
}
}
推荐答案
您需要使用重定向来保存授权代码调用中的代码.然后,您需要使用此保存的代码调用令牌端点以获取访问令牌.
You'll need to use a redirect that saves the code from the authorization code call. Then you'll need to use this saved code to make a call to the token endpoint to get the access token.
像这样:
zuul:
routes:
auth/code:
path: /auth/code/**
sensitiveHeaders:
url: auth end point
auth/token:
path: /auth/token/**
sensitiveHeaders:
url: token end point
auth/redirect:
path: /auth/redirect/**
sensitiveHeaders:
url: base url
本文进一步解释了上述内容详情.
This article explains the above in further details.
这篇关于Spring zuul 授权码授权类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
