如何避免使用Zuul重定向到另一台主机? [英] How to avoid redirect to another host with Zuul?

问题描述

我试图与Spring Cloud Netflix中使用的反向代理Zuul一起玩. 我从Spring博客(

I tried to play with Zuul, a reverse proxy used in Spring Cloud Netflix. I've started a project from a tutorial found on spring blog (https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v)

但是我不确定我是否正确理解Zuul的角色.

I'm not sure however that I correctly understood the role of Zuul.

如果我转到localhost:8080/login，我以为Zuul可以代理我的请求，所以我留在localhost:8080 但是我有302重定向到localhost:9999/uaa/login.

If I go to localhost:8080/login, I thought that Zuul would have proxified my request so that I stay on localhost:8080 But I got a 302 redirect to localhost:9999/uaa/login.

配置的zuul路由如下:

The zuul routes configured are as follows :

zuul: routes: resource: path: /resource/** url: http://localhost:9000/resource login: path: /login/** url: http://localhost:9999/uaa/login user: path: /user/** url: http://localhost:9999/uaa/user auth: path: /auth/** url: http://localhost:9999/uaa/

zuul: routes: resource: path: /resource/** url: http://localhost:9000/resource login: path: /login/** url: http://localhost:9999/uaa/login user: path: /user/** url: http://localhost:9999/uaa/user auth: path: /auth/** url: http://localhost:9999/uaa/

是否有可能始终保留在localhost:8080上(我认为Zuul应该这样做)?

Is it ever possible to always stay on localhost:8080 (which is what I thought Zuul was supposed to do) ?

完整项目可在github上找到，因此可以在本地运行: https://github.com/hlassiege/oauth-social-zuul

The full project is available on github so it is possible to run it locally : https://github.com/hlassiege/oauth-social-zuul

推荐答案

重定向实际上是由Spring Security引起的，而不是由配置的Zuul部分引起的，因此，无论Zuul配置如何，安全性功能都将阻止您在通过身份验证之前，请先接触任何东西.位于"localhost:9999/uaa"的服务器是OAuth2授权服务器.它在SSO场景中起着Github或Facebook的作用(使用Facebook登录"等).您不希望代理这些呼叫，因为服务器会处理自己的协议.如果您没有OAuth2 SSO，那么您可以可以代理调用您想要的任何内容.

The redirect is actually caused by Spring Security, not by the Zuul part of the configuration, so irrespective of the Zuul configuration, the Security features are going to stop you getting to anything before you have authenticated. The server at "localhost:9999/uaa" is an OAuth2 authorization server. It plays a role like Github or Facebook would in the SSO scenario ("Login with Facebook" etc.). You wouldn't want to proxy those calls because the server handles its own protocols. If you didn't have OAuth2 SSO then you could proxy calls to anything you wanted.

这篇关于如何避免使用Zuul重定向到另一台主机?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！