在使用zuul网关时，自动化服务不响应access_token。

Question

我用springboot 1.4创建了多个微服务。上周，我决定实现oauth2授权服务。我的计划是，

1. 每个请求都应由由尤里卡注册的zuul网关处理。
2. 因此，新的授权服务将由eureka调用以获得access_token。

我发现的问题是，我能够直接从运行在另一个端口(8081)的授权服务器上获得JWT访问令牌。当我试图通过zuul网关获得jwt令牌时，不幸的是，我得到了一个空字符串。

请看一下我的网关配置

application.yml (zuul-网关)

 zuul:
   routes: 
    static:
    path: /static/** 
   uaa:
    path: /uaa/**
    sensitive-headers: 
    serviceId: microservice-security-oauth2-server
   users:
    path: /users/**
    serviceId: microservice-core-user



security:
 basic:
  enabled: false

zuul的应用程序类是

 @SpringBootApplication
 @EnableZuulProxy
 @EnableEurekaClient
 @ComponentScan(basePackages={"com.configuration","com.zullfilter"})
 public class ZullGatewayServerApplication {

    public static void main(String[] args) {
      SpringApplication.run(ZullGatewayServerApplication.class, args);
    }

}

授权服务器配置类是

   @Configuration
   @EnableAuthorizationServer
   public class OAuth2AuthorizationConfiguration extends  AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private Environment environment;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.tokenStore(tokenStore())
            .tokenEnhancer(jwtTokenEnhancer())
            .authenticationManager(authenticationManager);
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}

@Bean
public TokenStore tokenStore() {
    return new JwtTokenStore(jwtTokenEnhancer());
}

@Bean
protected JwtAccessTokenConverter jwtTokenEnhancer() {
    String pwd = environment.getProperty("keystore.password");
    KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
            new ClassPathResource("jwt.jks"),
            pwd.toCharArray());
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
    return converter;
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
            .withClient("service-account-1")
            .secret("service-account-1-secret")
            .authorizedGrantTypes("client_credentials")
            .scopes("resource-server-read", "resource-server-write")
            .accessTokenValiditySeconds(6000);
 }
}

我让access_token直接请求

 curl service-account-1:service-account-1-secret@localhost:8081/uaa/oauth/token -d grant_type=client_credentials

但是当我尝试使用zuul代理时，我得到了一个空字符串。

 curl service-account-1:service-account-1-secret@localhost:8765/uaa/oauth/token -d grant_type=client_credentials

我正在使用zuul网关版本的1.3和spring引导1.4

如果以前有人遇到过这个问题，请告诉我。

Answer 1

在我的例子中，解决方案是告诉Zuul不要去掉前缀。我在auth服务器上点击了错误的url，得到了401的禁止，Zuul吞下了错误并返回了200。

zuul:
  routes:
    auth:
      path: /oauth/**
      serviceId: saapi-auth-server
      stripPrefix: false
      sensitiveHeaders: true

我在Zuul客户端上有这样一个ResourceServerConfigurerAdapter。我不得不禁用CSRF，但我们所有的呼叫都是系统到系统，所以我们应该是好的。

@Configuration
@EnableResourceServer
public class JwtSecurityConfig extends ResourceServerConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/oauth/**").permitAll()
            .antMatchers("/api/**").hasAuthority("ROLE_API_ACCESS")
            .and()
            .csrf().disable();
    }
}