All geek questions in one place

Spring Oauth2 SSO Security with Zuul Proxy

I am modifying the oauth2-vanilla sample from Springs's superior security guides . Oauth2-vanilla combines Zuul Proxy and the user interface in one application. I would like to separate the Zuul proxy and the user interface. (Zuul Proxy should act as an API gateway and reverse proxy for multiple user interfaces).

When accessing the user interface through the zuul proxy server, it should be able to perform Oauth2 single sign-on between the user interface and the internal resource.

Oauth2-vanilla looks like this

Where I want to go to something like this:

I removed part of the interface from the gateway and added the zuul route for the interface

zuul: routes: resource: url: http://localhost:9000 user: url: http://localhost:9999/uaa/user ui: url: http://localhost:8080

I created a new user interface web application containing a user interface (Angular stuff) with @EnableOAuth2Sso annotation.

So, I get access to the interface through http: // localhost: 8888 (through the zuul proxy). After authenticating and executing the UI thread, I can access the / user endpoint, which returns the user to me. (During debugging, I see that when I access the / user endpoint, I have an HTTP session with OAuth2Authentication.

However, when I access the / resource endpoint, the HttpSessionSecurityContextRepository cannot find the session and cannot create the context using OAuth2Authentication.

I created a git repository with a modified sample.

I assume something is wrong with the gateway configuration. I tried to change the paths to cookies, change the HttpSecurity rules in the proxy, but I can not get it to work.

What I don’t understand is why the user interface, when accessing through a proxy server, is able to allow the exact endpoint /user (with an HTTP session and OAuth2Authentication), but cannot access the endpoint /resource .

Also, since the user interface now works in the /ui context, it seems to me that I need the following code in the gateway so that it can load angular css / js files.

 .antMatchers("/ui/index.html", "/ui/home.html", "ui/css/**", "/ui/js/**").permitAll().anyRequest().authenticated();

It also seems wrong that I need to add a prefix to the zuul ui route.

Any help would be appreciated.

+5
source share
1 answer

I could never get @EnableOauthSso to work. Instead, I am annotated as @EnableResourceServer and created a security configuration for Zuul.

 @Configuration @EnableResourceServer public class JwtSecurityConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/oauth/**").permitAll() .antMatchers("/**").hasAuthority("ROLE_API") .and() .csrf().disable(); } }
0
source

Source: https://habr.com/ru/post/1245376/

More articles:


All Articles