向我的Azure Kubernetes API网关发送GetRequest时出现403错误
我在Azure Kubernetes提供了API网关微服务。当我登录获取令牌时,它可以工作,但是如果我想使用承载令牌访问资源,它不允许我这样做向我的Azure Kubernetes API网关发送GetRequest时出现403错误,azure,spring-boot,kubernetes,azure-sql-database,azure-aks,Azure,Spring Boot,Kubernetes,Azure Sql Database,Azure Aks,我在Azure Kubernetes提供了API网关微服务。当我登录获取令牌时,它可以工作,但是如果我想使用承载令牌访问资源,它不允许我这样做 @Override public void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/authenticate").permitAll().
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/authenticate").permitAll().
antMatchers("/users").hasRole("ADMIN")
.anyRequest().authenticated()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
apiVersion: apps/v1
kind: Deployment
metadata:
name: apigateway-front
spec:
replicas: 1
selector:
matchLabels:
app: apigateway-front
template:
metadata:
labels:
app: apigateway-front
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: apigateway-front
image: containerregistry.azurecr.io/apigateway:11
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8800
name: apigateway
---
apiVersion: v1
kind: Service
metadata:
name: apigateway-front
spec:
type: LoadBalancer
ports:
- port: 8800
selector:
app: apigateway-front
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: contacts
spec:
replicas: 1
selector:
matchLabels:
app: contacts
template:
metadata:
labels:
app: contacts
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: contacts
image: containerregistry.azurecr.io/contacts:12
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8100
name: contacts
---
apiVersion: v1
kind: Service
metadata:
name: contacts
spec:
ports:
- port: 8100
selector:
app: contacts
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: templates
spec:
replicas: 1
selector:
matchLabels:
app: templates
template:
metadata:
labels:
app: templates
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: templates
image: containerregistry.azurecr.io/templates:13
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ports:
- containerPort: 8200
name: templates
---
apiVersion: v1
kind: Service
metadata:
name: templates
spec:
ports:
- port: 8200
selector:
app: templates
2020-06-08 07:59:36.097 INFO 1700 --- [ main] s.ApiGateway.ApiGatewayApplication : No active profile set, falling back to default profiles: default
2020-06-08 07:59:37.115 INFO 1700 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2020-06-08 07:59:37.200 INFO 1700 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 1 JPA repository interfaces.
2020-06-08 07:59:37.673 WARN 1700 --- [ main] o.s.boot.actuate.endpoint.EndpointId : Endpoint ID 'hystrix.stream' contains invalid characters, please migrate to a valid format.
2020-06-08 07:59:37.924 INFO 1700 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=1f96386b-fb6d-3ddd-bccb-9a4c4b64c2fd
2020-06-08 07:59:39.047 INFO 1700 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8800 (http)
2020-06-08 07:59:39.062 INFO 1700 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-06-08 07:59:39.062 INFO 1700 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-06-08 07:59:39.338 INFO 1700 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-06-08 07:59:39.338 INFO 1700 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3192 ms
2020-06-08 07:59:39.484 WARN 1700 --- [ main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:39.484 INFO 1700 --- [ main] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:39.513 INFO 1700 --- [ main] c.netflix.config.DynamicPropertyFactory : DynamicPropertyFactory is initialized with configuration sources: com.netflix.config.ConcurrentCompositeConfiguration@77bc2e16
2020-06-08 07:59:39.599 WARN 1700 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2020-06-08 07:59:39.939 INFO 1700 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2020-06-08 07:59:40.688 INFO 1700 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2020-06-08 07:59:40.776 INFO 1700 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2020-06-08 07:59:40.881 INFO 1700 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.4.15.Final
2020-06-08 07:59:41.143 INFO 1700 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2020-06-08 07:59:41.385 INFO 1700 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.SQLServer2012Dialect
2020-06-08 07:59:42.377 INFO 1700 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2020-06-08 07:59:42.388 INFO 1700 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2020-06-08 07:59:43.793 INFO 1700 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@498b611e, org.springframework.security.web.context.SecurityContextPersistenceFilter@47fca3cc, org.springframework.security.web.header.HeaderWriterFilter@6c2dd88b, org.springframework.security.web.authentication.logout.LogoutFilter@3909a854, sendMessage.ApiGateway.JwtRequestFilter@1b98355f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6a0c7af6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3d7b3b18, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6dde1bf5, org.springframework.security.web.session.SessionManagementFilter@484b5a21, org.springframework.security.web.access.ExceptionTranslationFilter@5bccaedb, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1e000a17]
2020-06-08 07:59:43.838 WARN 1700 --- [ main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
2020-06-08 07:59:43.838 INFO 1700 --- [ main] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
2020-06-08 07:59:44.010 INFO 1700 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-06-08 07:59:44.219 WARN 1700 --- [ main] ion$DefaultTemplateResolverConfiguration : Cannot find template location: classpath:/templates/ (please add some templates or check your Thymeleaf configuration)
2020-06-08 07:59:44.672 INFO 1700 --- [ main] o.s.c.n.zuul.ZuulFilterInitializer : Starting filter initializer
2020-06-08 07:59:44.689 INFO 1700 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator'
2020-06-08 07:59:44.769 INFO 1700 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8800 (http) with context path ''
2020-06-08 07:59:44.916 INFO 1700 --- [ main] s.ApiGateway.ApiGatewayApplication : Started ApiGatewayApplication in 10.045 seconds (JVM running for 15.368)
2020-06-08 08:19:19.354 INFO 1700 --- [nio-8800-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-06-08 08:19:19.355 INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-06-08 08:19:19.395 INFO 1700 --- [nio-8800-exec-2] o.s.web.servlet.DispatcherServlet : Completed initialization in 40 ms
2020-06-08 08:19:19.450 WARN 1700 --- [nio-8800-exec-2] o.s.c.n.zuul.web.ZuulHandlerMapping : No routes found from RouteLocator
问题解决了。当您点击/users时,我忘记在Postman共享spring boot应用程序的日志中写入授权标题。还有,当你登录时,你到底在哪里登录?我也通过邮递员登录。在为/users启动GetRequest后,我没有获得任何新日志。我现在已使日志可用API网关调用contacts microservice?您是否看到任何错误日志?用户信息在API网关中实现。我还没有为此创建额外的微服务。微服务联系人应通过短信和Whatsapp发送信息。日志中没有错误信息整个过程在kubernetes之外有效吗?您是否遵循了网关中oauth实现的指南?