Spring网关和Auth0:IllegalArgumentException:找不到名为TokenRelay的GatewayFilterFactory

Spring网关和Auth0:IllegalArgumentException:找不到名为TokenRelay的GatewayFilterFactory,spring,auth0,spring-cloud-gateway,Spring,Auth0,Spring Cloud Gateway,我正在尝试构建一个spring网关,它正在获取JWT并将令牌发送到所有底层服务。为此,我使用以下依赖项: <!-- Spring Boot Dependencies --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dep

我正在尝试构建一个spring网关,它正在获取JWT并将令牌发送到所有底层服务。为此,我使用以下依赖项:

<!-- Spring Boot Dependencies -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<!-- Spring Boot Dependencies -->

<!-- Spring Cloud Dependencies -->
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<!-- Spring Cloud Dependencies -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
我实现了观众验证程序和jwt解码器,如下所述:


我确实找不到任何关于如何修复此问题的资源。

您需要org.springframework.boot:spring-boot-starter-oauth2-client,如前所述。
但我不认为您在使用资源服务器时就需要它。Gateway将在不进行任何配置的情况下将您的头转发到下游,因此您将能够在那里找到授权头。

以Eduard Khachirov所说的为例:

依赖项:

<!-- Spring Boot Dependencies -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<!-- Spring Boot Dependencies -->

<!-- Spring Cloud Dependencies -->
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<!-- Spring Cloud Dependencies -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-jose</artifactId>
</dependency>

我也遇到了同样的问题,我需要一个OAuth2使用者作为客户端,将传入的令牌转发给传出的资源请求

当我使用SpringCloudGateway嵌入的反向代理时,我可以要求它将OAuth2访问令牌转发到其代理的服务下游。因此,上面的SSO应用程序可以像这样简单地增强(使用令牌中继过滤器):

要为SpringCloudGateway启用此功能,请添加以下依赖项

  • org.springframework.boot:spring-boot-starter-oauth2-client
  • org.springframework.cloud:springcloudstartersecurity
我有这个pom.xml配置:

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-core</artifactId>
            <version>${springdoc.openapi.webflux}</version>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-ui</artifactId>
            <version>${springdoc.openapi.webflux}</version>
        </dependency>
    </dependencies>

org.springframework.boot
spring-boot-starter-oauth2-client
org.springframework.cloud
SpringCloudStarter安全
org.springframework.cloud
SpringCloudStarter网关
org.springdoc
springdoc openapi webflux核心
${springdoc.openapi.webflux}
org.springdoc
springdoc openapi webflux用户界面
${springdoc.openapi.webflux}

Hi。谢谢你的答复。您能简单解释一下“一旦使用资源服务器”是什么意思吗?我认为,如果您的应用程序的目标是检查传入的jwt和路由请求,那么将资源服务器置于spring网关之上就足够了。SpringGateway保留传入的头文件(包括jwt),以便它们在下游可用。当您将应用程序与auth server集成时,TokenRelay与oauth客户端一起使用(据我所知)
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://<AUTH0_DOMAIN>/

auth0:
  audience: <AUTH0_API_AUDIENCE>

@Configuration
@EnableWebSecurity
public class Oauth2ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Value("${auth0.audience}")
    private String audience;

    @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
    private String issuer;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .oauth2ResourceServer()
                .jwt();
    }

    @Bean
    public JwtDecoder jwtDecoder() {
        final NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.fromOidcIssuerLocation(issuer);

        jwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator<>(
                JwtValidators.createDefaultWithIssuer(issuer),
                new AudienceValidator(audience)));

        return jwtDecoder;
    }

    static class AudienceValidator implements OAuth2TokenValidator<Jwt> {
        private final String audience;

        public AudienceValidator(final String audience) {
            this.audience = audience;
        }

        public OAuth2TokenValidatorResult validate(final Jwt jwt) {
            if (jwt.getAudience().contains(audience)) {
                return OAuth2TokenValidatorResult.success();
            }

            return OAuth2TokenValidatorResult.failure(new OAuth2Error("invalid_token", "The required audience is missing", null));
        }
    }
}
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://<AUTH0_DOMAIN>/
  cloud:
    gateway:
      routes:
        - id: my-service
          uri: lb://MY-SERVICE
          predicates:
            - Path=/api
    loadbalancer:
      ribbon:
        enabled: false
@Configuration
@EnableWebFluxSecurity
public class Oauth2ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .oauth2ResourceServer()
                .jwt();
    }
}
spring:
  cloud:
    gateway:
      routes:
      - id: resource
        uri: http://localhost:9000
        predicates:
        - Path=/resource
        filters:
        - TokenRelay=
<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-core</artifactId>
            <version>${springdoc.openapi.webflux}</version>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-ui</artifactId>
            <version>${springdoc.openapi.webflux}</version>
        </dependency>
    </dependencies>