Spring Cloud Gateway and TokenRelay Filter

问题

I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config:

spring:
  cloud:
    gateway:
      default-filters:
        - TokenRelay
      discovery:
        locator:
          enabled: true
          lower-case-service-id: true
          route-id-prefix: /services/
      httpclient:
        pool:
          max-connections: 1000

The problem I’m experiencing is the access token is not sending an Authorization header to the downstream services.

Here's how things were configured with Zuul in my application.yml:

zuul: # those values must be configured depending on the application specific needs
  sensitive-headers: Cookie,Set-Cookie #see https://github.com/spring-cloud/spring-cloud-netflix/issues/3126
  host:
    max-total-connections: 1000
    max-per-route-connections: 100
  prefix: /services
  semaphore:
    max-semaphores: 500

I created a pull request to show what's changed after integrating Spring Cloud Gateway.

https://github.com/mraible/jhipster-reactive-microservices-oauth2/pull/4

Steps to reproduce the issue:

git clone -b reactive git@github.com:mraible/jhipster-reactive-microservices-oauth2.git

Start JHipster Registry, Keycloak, and the gateway app:

cd jhipster-reactive-microservices-oauth2/gateway
docker-compose -f src/main/docker/jhipster-registry.yml up -d
docker-compose -f src/main/docker/keycloak.yml up -d
./mvnw

Start MongoDB and the blog app:

cd ../blog
docker-compose -f src/main/docker/mongodb.yml up -d
./mvnw

Navigate to http://localhost:8080 in your browser, log in with admin/admin, and try to go to Entities > Blog. You will get a 403 access denied error. If you look in Chrome Developer Tools at the network traffic, you'll see the access token isn't included in any headers.

回答1:

I was able to solve this using this answer.

spring:
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true
          predicates:
            - name: Path
              args:
                pattern: "'/services/'+serviceId.toLowerCase()+'/**'"
          filters:
            - name: RewritePath
              args:
                regexp: "'/services/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
                replacement: "'/${remaining}'"

I also had to add .pathMatchers("/services/**").authenticated() to my security config, which wasn't needed for Zuul. You can see my commit here.

来源：https://stackoverflow.com/questions/60251863/spring-cloud-gateway-and-tokenrelay-filter