Spring security Zuul重定向到在Eureka中注册的微服务后,身份验证主体丢失
为了使用Netflix堆栈,我进行了以下设置:Spring security Zuul重定向到在Eureka中注册的微服务后,身份验证主体丢失,spring-security,spring-boot,netflix-eureka,netflix-zuul,Spring Security,Spring Boot,Netflix Eureka,Netflix Zuul,为了使用Netflix堆栈,我进行了以下设置: 尤里卡服务器 一个模块,通过Zuul代理向外界公开(注册到Eureka) 许多后端微服务(注册到Eureka) 我的问题是,当我第二次/第三次调用代理中的URL(重定向到微服务)时,自动认证主体将丢失 以下是日志条目: 09:14:31.300 INFO 8720 --- [nio-8080-exec-7] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Mon
- 尤里卡服务器
- 一个模块,通过Zuul代理向外界公开(注册到Eureka)
- 许多后端微服务(注册到Eureka)
09:14:31.300 INFO 8720 --- [nio-8080-exec-7] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Mon Sep 14 09:14:31 CEST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
09:14:33.387 INFO 8720 --- [io-8080-exec-10] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Mon Sep 14 09:14:33 CEST 2015, principal=eadmin, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DE9DEDCB6A809133C54ABC3403A46B38}]
09:14:33.387 INFO 8720 --- [io-8080-exec-10] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Mon Sep 14 09:14:33 CEST 2015, principal=eadmin, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DE9DEDCB6A809133C54ABC3403A46B38}]
09:14:35.407 INFO 8720 --- [nio-8080-exec-1] o.s.c.n.zuul.filters.ProxyRouteLocator : Finding route for path: /userregistryservice/user-registry/getAllRoles
09:23:40.119 INFO 8720 --- [nio-8080-exec-2] o.s.c.n.zuul.filters.ProxyRouteLocator : Finding route for path: /userregistryservice/user-registry/getAllRoles
09:24:06.689 INFO 8720 --- [nio-8080-exec-3] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Mon Sep 14 09:24:06 CEST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
我已经实现了一个Zuul代理,在这里我将主体传递到要重定向的请求头,但是当第二次发送请求时,不会调用此筛选器(Spring Security捕获请求,因为它是一个匿名请求)
你知道这里发生了什么吗
谢谢
编辑:通过与Fiddler的调查,我发现在两个成功的请求之后,被拒绝的请求得到了HTTP 302代码的响应:
编辑#2:这是我的Spring启动安全配置
@Autowired
private RequestHeaderAuthenticationFilter siteminderFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.anonymous().and().addFilter(siteminderFilter)
.authorizeRequests()
.antMatchers("/authfallback/**", "/access_requests.css")
.permitAll()
.antMatchers("/auth/**")
.fullyAuthenticated()
.antMatchers("/**/metrics")
.hasAnyRole("SYSTEM", "ADMIN")
.antMatchers("/logs")
.hasAnyRole("SYSTEM", "ADMIN")
.antMatchers("/user-registry/**")
.hasAnyRole("SYSTEM", "ADMIN")
.antMatchers("/AdminTools/**", "/api-docs")
.hasAnyRole("ADMIN")
.antMatchers("/sdoc.jsp", "o2c.html")
.denyAll()
.antMatchers("/**")
.hasAnyRole("SYSTEM", "ENGINEERING", "CUSTOMER", "EXECUTIVE", "ADMIN").and().formLogin()
.loginPage("/authfallback/login").defaultSuccessUrl("/index.html", false)
.permitAll().and().logout()
.invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessHandler(wamLogoutHandler).and()
.exceptionHandling().accessDeniedPage("/auth/authorizationrequest").and().csrf().disable();
// @formatter:on
}
将以下属性添加到zuul:
zuul.sensitiveHeaders:
将以下属性添加到zuul:
zuul.sensitiveHeaders: