i从弹簧靴1.5.20移动到弹簧靴2.1.4。我重写了使用Zuul和Spring Security Oauth的应用程序到Spring Cloud Gateway和Spring-Security-Oauth2-Client。
我尝试创建Spring Cloud Gateway滤波器以添加JWT BEARER令牌。我要编写过滤器有问题。
这是工作流程
我尝试使用 @nocenteDoAuth2AuthorizedClient,但它与Spring Cloud Gateway过滤器无效。之后,我尝试了oauth2authorizedclientservice和uaa loadAuthorizedClient,但没有访问令牌。
对于代码,这是我的github-repo!
我希望Spring Cloud Gateway过滤器将使用JWT令牌添加标头授权。
您可以创建此过滤器:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import lombok.Getter;
import lombok.Setter;
public class Oauth2ClientGatewayFilter2 extends AbstractGatewayFilterFactory<Oauth2ClientGatewayFilter2.Config> {
@Autowired
private ReactiveClientRegistrationRepository clientRegistrations;
@Autowired
private ReactiveOAuth2AuthorizedClientService clientService;
public Oauth2ClientGatewayFilter2() {
super(Config.class);
}
@Override
public GatewayFilter apply(Config config) {
return (exchange, chain) -> {
OAuth2AuthorizeRequest oAuth2AuthorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("myClient")
.principal("myPrincipal").build();
ReactiveOAuth2AuthorizedClientManager manager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations,clientService);
return manager.authorize(oAuth2AuthorizeRequest)
.map(client -> client.getAccessToken().getTokenValue())
.map(bearerToken -> {
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
builder.header(HttpHeaders.AUTHORIZATION, "Bearer " + bearerToken);
ServerHttpRequest request = builder.build();
return exchange.mutate().request(request).build();
}).defaultIfEmpty(exchange).flatMap(chain::filter);
};
}
@Getter
@Setter
public static class Config {
private String clientRegistrationId;
}
}
并在application.yaml中定义您的oauth2配置:
spring:
security:
oauth2:
client:
registration:
myClient:
client-name: myClient
client-id: amiga-client
client-secret: ee073dec-869d-4e8d-8fa9-9f0ec9dfd8ea
authorization-grant-type: client_credentials
provider:
myClient:
token-uri: https://myserver.com/auth/oauth/v2/token
您只需询问OAuth2携带者访问令牌to reactiveOauth2AuthorizedClientManager 并将其值设置为授权当前请求的标题。
此示例显示了如何使用Spring Security Oauth2设置Spring Cloud Gateway。