Reputation: 715
Spring Cloud Zuul Doesn't Relay Access Token
I am trying to use Spring Cloud Zuul as an api/authentication gateway. I have successfully implemented bearer token authorization for my service behind zuul and I successfully have Zuul forwarding to my form login and routing back to my application, but I cannot get Zuul to pass the bearer token to the service.
My Zuul configuration is as follows:
@EnableEurekaClient
@EnableZuulProxy
@SpringBootApplication
@RestController
public class Application { ... }
My service configuration is as follows:
@Profile("oauth")
@Configuration
@EnableResourceServer
@EnableWebSecurity
public static class InternalApiGatewayConfig extends ResourceServerConfigurerAdapter {
When my Angular app tries to access my service through zuul, I get
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
I have managed to work around this issue by putting the following code in a ZuulFilter, but it doesn't seem right:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails)authentication.getDetails();
String tokenValue = details.getTokenValue();
ctx.addZuulRequestHeader("Authorization", "bearer " + tokenValue);
My understanding is that Zuul should automatically send the bearer token value. What am I missing?
Upvotes: 3
Views: 1606
Answers (2)
Reputation: 101
Btw this is the solution that works without spring-cloud-security
@Component
public class TokenRelayFilter extends ZuulFilter {
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
@SuppressWarnings("unchecked")
Set<String> headers = (Set<String>) ctx.get("ignoredHeaders");
// JWT tokens should be relayed to the resource servers
headers.remove("authorization");
return null;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 10000;
}
}
Upvotes: 0
Reputation: 715
So I've figured out the answer to my own question, and it was painfully simple. My project imported spring-security-oauth2. I simply needed to add a dependency on spring-cloud-security as well. With that, I did not have to implement a ZuulFilter at all.
Upvotes: 3
Related Questions
- Spring zuul proxy not accepting bearer token
- Spring OAuth Authorization Server behind Spring Cloud Zuul Proxy
- Spring Zuul Oauth2 Gateway/Resource Server
- zuul : Bearer authentication not accepted
- Spring Cloud Zuul - Access denied from auth-server when using generated jwt tokens
- Autherization service is not responsding with access_token while using zuul gateway
- Spring Cloud Zuul gateway 401 basic authentication
- Get AccessToken from spring cloud zuul API Gateway
- Spring Cloud Zuul + OAuth Error CORS
- Zuul - Api Gateway Authentication