具有 Spring Session/Redis 身份验证和路由的 Spring Zuul API 网关在同一请求中 [英] Spring Zuul API Gateway with Spring Session / Redis Authenticate and Route in same Request
问题描述
我这几天真是苦思冥想怎么做,终于决定认输求救,求求你了!!!
I have been really been searching high and low for the last few days on how to do this and have finally decided to admit defeat and ask for help, please!!!
我遵循了 Dave Syer 博士关于 Angular 和 Spring Security 的教程,特别是将 Zuul 代理作为 api 网关并使用 Spring Session 和 Redis (https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/double#_sso_with_oauth2_angular_js_and_spring_security_part_v/a>)
I have followed Dr Dave Syer's tutorial on Angular and Spring Security specifically the Zuul Proxy as an api gateway and using Spring Session with Redis (https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/double#_sso_with_oauth2_angular_js_and_spring_security_part_v)
我遇到的问题是我通过网关从具有以下标头的外部应用程序调用资源休息服务:
The issue I am having is that I am calling resource rest services via the gateway from an external application with the following header:
String plainCreds = "user:password";
byte[] plainCredsBytes = plainCreds.getBytes();
byte[] base64CredsBytes = Base64.getEncoder().encode(plainCredsBytes);
String base64Creds = new String(base64CredsBytes);
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", "Basic " + base64Creds);
经过身份验证,然后由 zuul 路由,然后资源可以通过 redis 访问经过身份验证的会话.
to be authenticated and then routed by zuul and then the resource to have access to the authenticated session via redis.
问题是会话似乎只在请求响应后才提交到网关中的 redis.所以发生的事情是,当我使用标头调用资源服务时,我可以看到网关和会话中发生的成功身份验证,但是由于会话不在 redis 中,因此我在资源中收到了 403通过zuul路由.
The issue is that the session seems to only commit to redis in the gateway after the request has responded. So what is happening is that when I call a resource service with the header, I can see the successful authentication occurring in the gateway and session being created, however I am getting a 403 in the resource due to the session not being in redis after its been routed via zuul.
但是,如果我收到错误消息,请获取会话 ID 并将其添加到标头中,然后再试一次,因为现在我的经过身份验证的会话在路由后可用于资源项目.
However if I get the error, grab the session id and add it to the header and try again it works because now my authenticated session is available for the resource project after its been routed.
请问有人能指出我如何通过网关接听电话以在同一请求中进行身份验证和路由吗?
Please could someone point me in the direction of how I go about getting my calls via the gateway to authenticate and route in the same request please?
谢谢贾斯汀
推荐答案
我在不同页面上关注了 Justin Taylor 的帖子,所以这是他的解决方案.在这里提供带有源代码的解决方案让我很有意义:
I followed Justin Taylor's posts on different pages so this is his solution. It makes me sense to have solution with source code here:
- 立即提交 Spring Session - 由于 spring-session v1.0 有注释属性
@EnableRedisHttpSession(redisFlushMode = RedisFlushMode.IMMEDIATE)可立即将会话数据保存到 Redis 中.文档这里. - 简单的 Zuul 过滤器,用于将会话添加到当前请求的标头中:
- Make Spring Session commit eagerly - since spring-session v1.0 there is annotation property
@EnableRedisHttpSession(redisFlushMode = RedisFlushMode.IMMEDIATE)which saves session data into Redis immediately. Documentation here. - Simple Zuul filter for adding session into current request's header:
@Component
public class SessionSavingZuulPreFilter extends ZuulFilter {
@Autowired
private SessionRepository repository;
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 0;
}
@Override
public Object run() {
RequestContext context = RequestContext.getCurrentContext();
HttpSession httpSession = context.getRequest().getSession();
Session session = repository.getSession(httpSession.getId());
context.addZuulRequestHeader("Cookie", "SESSION=" + httpSession.getId());
log.info("ZuulPreFilter session proxy: {}", session.getId());
return null;
}
}
再一次 - 这不是我的解决方案 - 证书交给贾斯汀泰勒.
Once more - this is not my solution - credentials go to Justin Taylor.
这篇关于具有 Spring Session/Redis 身份验证和路由的 Spring Zuul API 网关在同一请求中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
