Spring OAuth Authorization Server behind Spring Cloud Zuul Proxy

Question

I am currently developing a application based on a micro service architecture. We use a API-Gateway implemented using Spring Cloud Netfix\'s Zuul Server to route the request

Answer 1

Update: POC can be found here https://github.com/kakawait/uaa-behind-zuul-sample

---

Did you try following setup (on zuul server):

zuul:
  routes:
    uaa-service:
      path: /uaa/**
      stripPrefix: false

security:
  # Disable Spring Boot basic authentication
  basic:
    enabled: false
  oauth2:
    sso:
      loginPath: /login
    client:
      accessTokenUri: https:///uaa/oauth/token
      userAuthorizationUri: https:///uaa/oauth/authorize
      ...

Basically it works on my project only thing I have to do is to disable CSRF protection on /uaa/oauth/token route.

Auth server should be on

server:
  # Use different context-path to avoid session cookie overlapping
  context-path: /uaa

Tested using Spring-Cloud.Brixton.M3

---

Thank to @thomas-letsch, you should tweak you security like following (sample)

public void configure(HttpSecurity http) throws Exception { 
    http.logout().and()
        .antMatcher("/**").authorizeRequests() 
        .antMatchers("/index.html", "/home.html", "/", "/uaa/oauth/**").permitAll() 
        .anyRequest().authenticated().and() 
        .csrf().csrfTokenRepository(getCSRFTokenRepository()).ignoringAntMatchers("/uaa/‌​oauth/token").and() 
        .addFilterAfter(createCSRFHeaderFilter(), CsrfFilter.class); 
}