Spring Cloud Gateway和TokenRelay过滤器 [英] Spring Cloud Gateway and TokenRelay Filter

问题描述

我正在尝试将JHipster从使用Zuul迁移到Spring Cloud Gateway.JHipster使用Eureka来查找路由，我相信我已经正确配置了Spring Cloud Gateway来查找路由并将访问令牌传播给它们.这是我的配置:

I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config:

spring:
  cloud:
    gateway:
      default-filters:
        - TokenRelay
      discovery:
        locator:
          enabled: true
          lower-case-service-id: true
          route-id-prefix: /services/
      httpclient:
        pool:
          max-connections: 1000

我遇到的问题是访问令牌没有向下游服务发送 Authorization 标头.

The problem I’m experiencing is the access token is not sending an Authorization header to the downstream services.

这是在我的 application.yml 中使用Zuul配置事物的方式:

Here's how things were configured with Zuul in my application.yml:

zuul: # those values must be configured depending on the application specific needs
  sensitive-headers: Cookie,Set-Cookie #see https://github.com/spring-cloud/spring-cloud-netflix/issues/3126
  host:
    max-total-connections: 1000
    max-per-route-connections: 100
  prefix: /services
  semaphore:
    max-semaphores: 500

我创建了一个拉取请求，以显示集成Spring Cloud Gateway之后发生的变化.

I created a pull request to show what's changed after integrating Spring Cloud Gateway.

https://github.com/mraible/jhipster-reactive-microservices-oauth2/pull/4

重现此问题的步骤:

git clone -b reactive git@github.com:mraible/jhipster-reactive-microservices-oauth2.git

启动JHipster注册表，Keycloak和网关应用程序:

Start JHipster Registry, Keycloak, and the gateway app:

cd jhipster-reactive-microservices-oauth2/gateway
docker-compose -f src/main/docker/jhipster-registry.yml up -d
docker-compose -f src/main/docker/keycloak.yml up -d
./mvnw

启动MongoDB和博客应用:

Start MongoDB and the blog app:

cd ../blog
docker-compose -f src/main/docker/mongodb.yml up -d
./mvnw

在浏览器中导航到 http://localhost:8080 ，并使用 admin/admin ，然后尝试转到实体> 博客.您将收到403拒绝访问错误.如果您在Chrome开发者工具中查看网络流量，则会发现访问令牌未包含在任何标题中.

Navigate to http://localhost:8080 in your browser, log in with admin/admin, and try to go to Entities > Blog. You will get a 403 access denied error. If you look in Chrome Developer Tools at the network traffic, you'll see the access token isn't included in any headers.

推荐答案

我能够使用此答案解决此问题.

I was able to solve this using this answer.

spring:
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true
          predicates:
            - name: Path
              args:
                pattern: "'/services/'+serviceId.toLowerCase()+'/**'"
          filters:
            - name: RewritePath
              args:
                regexp: "'/services/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
                replacement: "'/${remaining}'"

我还必须将 .pathMatchers("/services/**").authenticated()添加到我的安全配置中，而Zuul并不需要.您可以看到我的在此处提交.

I also had to add .pathMatchers("/services/**").authenticated() to my security config, which wasn't needed for Zuul. You can see my commit here.

这篇关于Spring Cloud Gateway和TokenRelay过滤器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！