Implementing authentication and authorization using Zuul Proxy, Oauth2 on REST Microservices
I am trying to implement the above architecture in the workflow with Spring Boot.
- Web client makes a request to Resource Server (Microservices Endpoints)
-
Unfortunately, I don't have complete answer, only some parts:
Once JWT token is available to the zuul proxy then every microservice can authorize requests by configuring its resource server, e.g.
@Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests().anyRequest().access("#oauth2.hasScope('microserviceA.read')").and() .csrf().disable() .httpBasic().disable(); }Scopes could be managed by the oauth microservice with a database - basing on the client credentials it will take the scopes info and encode into JWT token.
What I don't know at the moment - how to make the zuul proxy to use "web client" credentials to authorize itself by the oauth - I don't want to hard-code zuul proxy credentials because then the web-client creds won't be used.
I've just posted similar question on this topic: Authorizing requests through spring gateway with zool via oauth server
update: I've found article describing almost this configuration (without eureka, but it doesn't that add much complexity from my experience): https://www.baeldung.com/spring-security-zuul-oauth-jwt, there is github project with source code. The source code is unfortunately not polished as it's being used by the author for his commercial courses. But I've managed to build from his examples working set.
Summary: in the described architecture every resource server (microservice A, B, ..) receive JWT token forwarded by the zuul proxy/gateway from the requesting client. The token is forwarded in a request header. If there is no valid token provided then the gateway will redirect the request to authorization page. Also every resource server can check the token with the oauth service and if required do scope checking as I wrote above.
加载中...
- 热议问题