内部微服务请求以Spring云应用程序中的Forbidden状态响应 [英] inter micro-service request responds with Forbidden status in spring cloud application
问题描述
我正在调查微服务架构。我选择了spring cloud框架。
I am investigating microservice architecture. I chose the spring cloud framework.
我的应用程序shema看起来像这样:
My application shema looks like this:
我也有发现服务器尤里卡,但我决定跳过图片来简化它。
Also I have discovery server eureka but I decided to skip on the picture to simplify it.
您可以在githib上找到完整的示例源代码: https://github.com/gredwhite / spring-cloud
Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud
hello world service:
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
你好服务:
@GetMapping("/hello")
public String hello(@RequestParam("name") String name) throws UnknownHostException, InterruptedException {
return "Hello " + name + "!";
}
当我启动 hello服务$ c时$ c>并尝试访问
localhost:8082 / h / hello?name = Vasya
( / h
- 上下文路径) - 请求成功发生,我在响应中看到 Hello Vasya
消息。 我需要说该服务已停用身份验证。
When I started the hello service
and try to access localhost:8082/h/hello?name=Vasya
(/h
- context path) - request happens successfully and I see Hello Vasya
mesage in the response. I need to say that authentication is disabled for that service.
hello world service
有 index.html
页面,当我尝试访问它时 - auth流程成功发生,最终这个应用程序成功登录。然后我尝试从 hello world service
执行方法 / hello
,我看到响应:
hello world service
has index.html
page and when I try to acces it - auth flow happens successfully and eventually this application log in successfully. Then I try to execute method /hello
from the hello world service
and I see response:
{"timestamp":"2018-05-17T08:53:04.623+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/hw/helloWorld"}
Oauth2配置:
hello world service
@SpringBootApplication
@EnableEurekaClient
@RibbonClient(name = "say-hello")
@EnableAutoConfiguration
@EnableOAuth2Sso
public class HelloWorldStarter {
public static void main(String[] args) {
SpringApplication.run(HelloWorldStarter.class, args);
}
@RestController
@EnableDiscoveryClient
@EnableCircuitBreaker
public static class HelloWorldController {
@Autowired
private RestTemplate restTemplate;
@Autowired
private DiscoveryClient discoveryClient;
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
public String reliable() {
return "Could not get response from service";
}
}
@org.springframework.context.annotation.Configuration
public static class Configuration {
@Bean
@LoadBalanced
RestTemplate restTemplate() {
return new RestTemplate();
}
}
}
application.yml :
spring:
application:
name: hello-world-service
server:
port: 8081
servlet:
context-path: /hw
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka
instance:
preferIpAddress: true
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
logging:
level:
org.springframework.security: DEBUG
org.springframework.web: DEBUG
问题
Questions
- 我该如何解决这个问题?
- 在上一次修复之后,我想知道如何对该服务执行授权请求。换句话说,我想在hello服务上启用oauth 2授权,并且有可能从
hello world service
- How can I fix this problem?
- After previous point fix I want to know how to execute authorized request to that service. In other words I want to enable oauth 2 authorization on hello service and have possibility to make request from the
hello world service
$发出请求b $ b
推荐答案
我认为你使用非常奇怪的方法来解决你的问题。
I think you use very strange approach to solve your problem.
我建议您使用以下解决方案:
I suggest you the following solution:
- 创建FeignClient服务。
@FeignClient(name = "hello-service", url = "http://hello-service")
public interface HelloService {
@RequestMapping(method = RequestMethod.GET, value = "/hello")
String hello(@PathVariable("name") String name);
}
- 将oauth2FeignRequestInterceptor添加到SpringBoot Application类中
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor() {
return new RequestInterceptor() {
@Override
public void apply(RequestTemplate requestTemplate) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails();
requestTemplate.header("Authorization", "bearer " + details.getTokenValue());
}
};
}
- 在SpringBoot Application类中添加几个注释
@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableFeignClients
public class HelloWorldStarter
这都是希望它有所帮助。
That's all hope it helps.
这篇关于内部微服务请求以Spring云应用程序中的Forbidden状态响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!