Spring Zuul Oauth2 Gateway/Resource 服务器
Spring Zuul Oauth2 Gateway/Resource Server
是否可以将 Zuul 用作 "fake" 资源服务器,在返回代理内容之前检查 OAuth2 范围?
类似于:
incoming request (with token) -> Zuul proxy + resource server -> internal API (insecure)
内部 API 服务可以从任何安全问题中解脱出来,Zuul 代理服务充当网关。以上所有都是 Spring 应用程序,如果有区别的话。
绝对
您还必须为资源服务器配置配置
创建一个扩展 ResourceServerConfigurerAdapter 的 bean ResourceServerConfig 并覆盖 configure(HttpSecurity security) 方法。用@EnableResourceServer 注释对其进行注释。
像这样
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// .antMatchers("/swagger*", "/v2/**")
// .access("#oauth2.hasScope('read')")
.anyRequest()
.permitAll();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
// Resource resource = new ClassPathResource("publicKey.txt");
// String publicKey = null;
//
// try {
// publicKey = IOUtils.toString(resource.getInputStream(), Charset.defaultCharset());
// } catch (final IOException e) {
// throw new RuntimeException(e);
// }
// converter.setVerifierKey(publicKey);
return converter;
}
}
是否可以将 Zuul 用作 "fake" 资源服务器,在返回代理内容之前检查 OAuth2 范围?
类似于:
incoming request (with token) -> Zuul proxy + resource server -> internal API (insecure)
内部 API 服务可以从任何安全问题中解脱出来,Zuul 代理服务充当网关。以上所有都是 Spring 应用程序,如果有区别的话。
绝对
您还必须为资源服务器配置配置 创建一个扩展 ResourceServerConfigurerAdapter 的 bean ResourceServerConfig 并覆盖 configure(HttpSecurity security) 方法。用@EnableResourceServer 注释对其进行注释。
像这样
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// .antMatchers("/swagger*", "/v2/**")
// .access("#oauth2.hasScope('read')")
.anyRequest()
.permitAll();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
// Resource resource = new ClassPathResource("publicKey.txt");
// String publicKey = null;
//
// try {
// publicKey = IOUtils.toString(resource.getInputStream(), Charset.defaultCharset());
// } catch (final IOException e) {
// throw new RuntimeException(e);
// }
// converter.setVerifierKey(publicKey);
return converter;
}
}