内部微服务请求以Spring云应用程序中的Forbidden状态响应 [英] inter micro-service request responds with Forbidden status in spring cloud application

问题描述

我正在调查微服务架构。我选择了spring cloud框架。

I am investigating microservice architecture. I chose the spring cloud framework.

我的应用程序shema看起来像这样：

My application shema looks like this:

我也有发现服务器尤里卡，但我决定跳过图片来简化它。

Also I have discovery server eureka but I decided to skip on the picture to simplify it.

您可以在githib上找到完整的示例源代码： https://github.com/gredwhite / spring-cloud

Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud

hello world service：

@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
    return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}

你好服务：

@GetMapping("/hello")
public String hello(@RequestParam("name") String name) throws UnknownHostException, InterruptedException {           
     return "Hello " + name + "!";
 }

当我启动 hello服务并尝试访问 localhost：8082 / h / hello？name = Vasya （ / h - 上下文路径） - 请求成功发生，我在响应中看到 Hello Vasya 消息。 我需要说该服务已停用身份验证。

When I started the hello service and try to access localhost:8082/h/hello?name=Vasya (/h - context path) - request happens successfully and I see Hello Vasya mesage in the response. I need to say that authentication is disabled for that service.

hello world service 有 index.html 页面，当我尝试访问它时 - auth流程成功发生，最终这个应用程序成功登录。然后我尝试从 hello world service 执行方法 / hello ，我看到响应：

hello world service has index.html page and when I try to acces it - auth flow happens successfully and eventually this application log in successfully. Then I try to execute method /hello from the hello world service and I see response:

{"timestamp":"2018-05-17T08:53:04.623+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/hw/helloWorld"}

Oauth2配置：

hello world service

@SpringBootApplication
@EnableEurekaClient
@RibbonClient(name = "say-hello")
@EnableAutoConfiguration
@EnableOAuth2Sso
public class HelloWorldStarter {

    public static void main(String[] args) {
        SpringApplication.run(HelloWorldStarter.class, args);
    }


    @RestController
    @EnableDiscoveryClient
    @EnableCircuitBreaker
    public static class HelloWorldController {
        @Autowired
        private RestTemplate restTemplate;
        @Autowired
        private DiscoveryClient discoveryClient;

        @GetMapping("/helloWorld")
        @HystrixCommand(fallbackMethod = "reliable")
        public String hello() {           
            return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
        }

        public String reliable() {
            return "Could not get response from service";
        }
    }

    @org.springframework.context.annotation.Configuration
    public static class Configuration {
        @Bean
        @LoadBalanced
        RestTemplate restTemplate() {
            return new RestTemplate();
        }
    }
}

application.yml ：

spring:
  application:
    name: hello-world-service
server:
  port: 8081
  servlet:
    context-path: /hw
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka
  instance:
    preferIpAddress: true

security:
  oauth2:
    client:
      client-id: acme
      client-secret: acmesecret
      access-token-uri: http://localhost:8080/oauth/token
      user-authorization-uri: http://localhost:8080/oauth/authorize
    resource:
      user-info-uri: http://localhost:8080/me

logging:
  level:
    org.springframework.security: DEBUG
    org.springframework.web: DEBUG

问题

Questions

1. 我该如何解决这个问题？


2. 在上一次修复之后，我想知道如何对该服务执行授权请求。换句话说，我想在hello服务上启用oauth 2授权，并且有可能从 hello world service

1. How can I fix this problem?
2. After previous point fix I want to know how to execute authorized request to that service. In other words I want to enable oauth 2 authorization on hello service and have possibility to make request from the hello world service

$发出请求b $ b

推荐答案

我认为你使用非常奇怪的方法来解决你的问题。

I think you use very strange approach to solve your problem.

我建议您使用以下解决方案：

I suggest you the following solution:

1. 创建FeignClient服务。

@FeignClient(name = "hello-service", url = "http://hello-service")
public interface HelloService {

    @RequestMapping(method = RequestMethod.GET, value = "/hello")
    String hello(@PathVariable("name") String name);

}

1. 将oauth2FeignRequestInterceptor添加到SpringBoot Application类中

@Bean
    public RequestInterceptor oauth2FeignRequestInterceptor() {
        return new RequestInterceptor() {
            @Override
            public void apply(RequestTemplate requestTemplate) {
                OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails();

                requestTemplate.header("Authorization", "bearer " + details.getTokenValue());
            }
        };
    }

1. 在SpringBoot Application类中添加几个注释

@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableFeignClients
public class HelloWorldStarter

这都是希望它有所帮助。

That's all hope it helps.

这篇关于内部微服务请求以Spring云应用程序中的Forbidden状态响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！