Support refresh token in Zuul gateway for requests with token carried in authorization header

Question

Support refresh token in Zuul gateway for requests with token carried in authorization header

Nisreen123 opened this issue 7 years ago · 2 comments

I am using Zuul gateway to redirect the user to the authorization server and then relay the access token to the services behind the gateway, using the annotations @EnableZuulProxy and
@EnableOAuth2Sso achieved this requirement perfectly, and to support the refresh token I had to auto-wire an OAuth2RestTemplate

@Bean
    protected OAuth2RestTemplate OAuth2RestTemplate(
    OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
    return new OAuth2RestTemplate(resource, context);
    }

I got the requirement where some requests hold the Access token (JWT) in the authorization header (using curl command directly to the authorization server), the gateway needs to validate the token and if valid redirect the user to the requested resource without passing by the authorization server, to achieve this I needed to add the following code :


@Override
    	    public void configure(final HttpSecurity http) throws Exception {
    	        // @formatter:off
    		  	 http
    		    .authorizeRequests()
    		    .anyRequest().authenticated().and()
    		    .addFilterAfter(oAuth2AuthenticationProcessingFilter(), AbstractPreAuthenticatedProcessingFilter.class);
    	        // @formatter:on                
    	    }	
    	 
    	  	@Autowired
    	    private ResourceServerTokenServices resourceServerTokenServices;
    	  	
    		private OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter() {
    	        OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter =
    	                new OAuth2AuthenticationProcessingFilter();
    	        oAuth2AuthenticationProcessingFilter.setAuthenticationManager(oauthAuthenticationManager());
    	        oAuth2AuthenticationProcessingFilter.setStateless(false);
    	        return oAuth2AuthenticationProcessingFilter;
    	    }
    
    
    	    private AuthenticationManager oauthAuthenticationManager() {
    	        OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager();
    	        oAuth2AuthenticationManager.setTokenServices(resourceServerTokenServices);
    	        oAuth2AuthenticationManager.setClientDetailsService(null);
    
    	        return oAuth2AuthenticationManager;
    	    }

Now the second requirement works only if the OAuth2RestTemplate used to support refresh token is commented out, otherwise, I got a user redirect exception, any help on this?

Answer 1 · 2019-01-29T01:15:53.000Z

Zuul has entered maintenance mode. This means that the Spring Cloud team will no longer be adding new features to the module. We will fix blocker bugs and security issues, and we will also consider and review small pull requests from the community.

Answer 2 · 2019-10-24T08:45:55.000Z

That's not a very helpful answer. I'm facing the exact same issue and a hint like "please use spring-cloud-gateway which configuration XYZ" would be more community friendly!