Basic Authentication service called By Zuul

Question

I'm Zuul as edge server. so all request pass by this edge server. I have a micro-service A. all web services of A are protected by Basic Authentication. How can we call the services of A b passing by Zuul proxy? Should I add header for messages?

Answer 1

This change is little tricky.

@Override
public int filterOrder() {
    return 1; // change the return value to more than 5 the above code will work.
}

try with the final code below:

@Component
public class PreFilter extends ZuulFilter {
    private static final Logger LOG = LoggerFactory.getLogger(PreFilter.class);

    @Override
    public String filterType() {
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 10;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();
        ctx.addZuulRequestHeader("Authorization", request.getHeader("Authorization"));
        return null;
    }
}

Answer 2

Use zuul's sensitive header property with the blank value,

zuul.sensitiveHeaders=

Above property will do the trick but if you want to have filters for Cookie headers you can use that property with values,

zuul.sensitiveHeaders=Cookie,Set-Cookie

Answer 3

You can call (through Zuul) your service A like this :

https://login:password@zuulurl.com/serviceA

but firslty allow AUTHORIZATION header through Zuul for this specific service (route) with the property sensitiveHeaders in your properties file :

zuul.routes.serviceA.sensitiveHeaders=Cookie,Set-Cookie

or let it empty if you want to pass the Cookie headers too.

Here more informations about headers through Zuul

Answer 4

@Component
public class PreFilter extends ZuulFilter {
private static final Logger LOG = LoggerFactory.getLogger(PreFilter.class);

@Override
public String filterType() {
    return "pre";
}

@Override
public int filterOrder() {
    return 1;
}

@Override
public boolean shouldFilter() {
    return true;
}

@Override
public Object run() {
    RequestContext ctx = RequestContext.getCurrentContext();
    HttpServletRequest request = ctx.getRequest();
    ctx.addZuulRequestHeader("Authorization", request.getHeader("Authorization"));

    LOG.info("Parametres : {}", request.getParameterMap()
            .entrySet()
            .stream()
            .map(e -> e.getKey() + "=" + Stream.of(e.getValue()).collect(Collectors.toList()))
            .collect(Collectors.toList()));
    LOG.info("Headers : {}", "Authorization" + "=" + request.getHeader("Authorization"));
    LOG.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
    return null;
    }
}

Answer 5

This is my Zuul filter:

public class BasicAuthorizationHeaderFilter extends ZuulFilter {


@Override
public String filterType() {
    return "pre";
}

@Override
public int filterOrder() {
    return 10;
}

@Override
public boolean shouldFilter() {
    return true;
}

@Override
public Object run() {

    RequestContext ctx = RequestContext.getCurrentContext();
    ctx.getRequest().getRequestURL();
    ctx.addZuulRequestHeader("Authorization", "Basic " + Utils.getBase64Credentials("user", "Token"));
    return null;
}

}

Answer 6

Ideally the requester would have the token in the request.
If you want to have Zuul add the authentication token then you can create a ZuulFilter and use:

context.addZuulRequestHeader("Authorization", "base64encodedTokenHere");

Doing this would give open access to the services - which may not be wise.