我从 Spring Boot 1.5.20 迁移到 Spring Boot 2.1.4。 我将使用 Zuul 和 Spring 安全 oauth 的应用程序重写为 Spring 云网关和 spring-security-oauth2-client。
我尝试创建 spring 云网关过滤器以添加 JWT 不记名令牌。我在编写过滤器时遇到问题。
这是workflow
我尝试使用@RegisteredOAuth2AuthorizedClient,但它不适用于 Spring 云网关过滤器。之后,我尝试了 oAuth2AuthorizedClientService 和 UAA loadAuthorizedClient 但没有访问令牌。
对于代码,这是我的github-repo!
我希望 Spring 云网关过滤器添加带有 JWT 令牌的标头 Authorization。
【问题讨论】:
标签: spring-security spring-cloud-gateway cloudfoundry-uaa
您可以创建此过滤器:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import lombok.Getter;
import lombok.Setter;
public class Oauth2ClientGatewayFilter2 extends AbstractGatewayFilterFactory<Oauth2ClientGatewayFilter2.Config> {
@Autowired
private ReactiveClientRegistrationRepository clientRegistrations;
@Autowired
private ReactiveOAuth2AuthorizedClientService clientService;
public Oauth2ClientGatewayFilter2() {
super(Config.class);
}
@Override
public GatewayFilter apply(Config config) {
return (exchange, chain) -> {
OAuth2AuthorizeRequest oAuth2AuthorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("myClient")
.principal("myPrincipal").build();
ReactiveOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations,clientService);
return manager.authorize(oAuth2AuthorizeRequest)
.map(client -> client.getAccessToken().getTokenValue())
.map(bearerToken -> {
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
builder.header(HttpHeaders.AUTHORIZATION, "Bearer " + bearerToken);
ServerHttpRequest request = builder.build();
return exchange.mutate().request(request).build();
}).defaultIfEmpty(exchange).flatMap(chain::filter);
};
}
@Getter
@Setter
public static class Config {
private String clientRegistrationId;
}
}
并在 application.yaml 中定义您的 OAuth2 配置:
spring:
security:
oauth2:
client:
registration:
myClient:
client-name: myClient
client-id: amiga-client
client-secret: ee073dec-869d-4e8d-8fa9-9f0ec9dfd8ea
authorization-grant-type: client_credentials
provider:
myClient:
token-uri: https://myserver.com/auth/oauth/v2/token
您只需向 ReactiveOAuth2AuthorizedClientManager 询问 OAuth2 持有者访问令牌,并在当前请求的 Authorization 标头中设置其值。
【讨论】:
这个sample 展示了如何使用 Spring Security OAuth2 设置 Spring Cloud Gateway。
【讨论】: