Spring Cloud Gateway和TokenRelay过滤器 [英] Spring Cloud Gateway and TokenRelay Filter
问题描述
我正在尝试将JHipster从使用Zuul迁移到Spring Cloud Gateway.JHipster使用Eureka来查找路由,我相信我已经正确配置了Spring Cloud Gateway来查找路由并将访问令牌传播给它们.这是我的配置:
I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config:
spring:
cloud:
gateway:
default-filters:
- TokenRelay
discovery:
locator:
enabled: true
lower-case-service-id: true
route-id-prefix: /services/
httpclient:
pool:
max-connections: 1000
我遇到的问题是访问令牌没有向下游服务发送 Authorization
标头.
The problem I’m experiencing is the access token is not sending an Authorization
header to the downstream services.
这是在我的 application.yml
中使用Zuul配置事物的方式:
Here's how things were configured with Zuul in my application.yml
:
zuul: # those values must be configured depending on the application specific needs
sensitive-headers: Cookie,Set-Cookie #see https://github.com/spring-cloud/spring-cloud-netflix/issues/3126
host:
max-total-connections: 1000
max-per-route-connections: 100
prefix: /services
semaphore:
max-semaphores: 500
我创建了一个拉取请求,以显示集成Spring Cloud Gateway之后发生的变化.
I created a pull request to show what's changed after integrating Spring Cloud Gateway.
https://github.com/mraible/jhipster-reactive-microservices-oauth2/pull/4
重现此问题的步骤:
git clone -b reactive git@github.com:mraible/jhipster-reactive-microservices-oauth2.git
启动JHipster注册表,Keycloak和网关应用程序:
Start JHipster Registry, Keycloak, and the gateway app:
cd jhipster-reactive-microservices-oauth2/gateway
docker-compose -f src/main/docker/jhipster-registry.yml up -d
docker-compose -f src/main/docker/keycloak.yml up -d
./mvnw
启动MongoDB和博客应用:
Start MongoDB and the blog app:
cd ../blog
docker-compose -f src/main/docker/mongodb.yml up -d
./mvnw
在浏览器中导航到 http://localhost:8080 ,并使用 admin/admin
,然后尝试转到实体> 博客.您将收到403拒绝访问错误.如果您在Chrome开发者工具中查看网络流量,则会发现访问令牌未包含在任何标题中.
Navigate to http://localhost:8080 in your browser, log in with admin/admin
, and try to go to Entities > Blog. You will get a 403 access denied error. If you look in Chrome Developer Tools at the network traffic, you'll see the access token isn't included in any headers.
推荐答案
我能够使用此答案解决此问题.
I was able to solve this using this answer.
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
predicates:
- name: Path
args:
pattern: "'/services/'+serviceId.toLowerCase()+'/**'"
filters:
- name: RewritePath
args:
regexp: "'/services/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
replacement: "'/${remaining}'"
我还必须将 .pathMatchers("/services/**").authenticated()
添加到我的安全配置中,而Zuul并不需要.您可以看到我的在此处提交.
I also had to add .pathMatchers("/services/**").authenticated()
to my security config, which wasn't needed for Zuul. You can see my commit here.
这篇关于Spring Cloud Gateway和TokenRelay过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!