问题
I am investigating microservice architecture. I chose the spring cloud framework.
My application shema looks like this:
Also I have discovery server eureka but I decided to skip on the picture to simplify it.
Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud
Problem explanation:
hello world service:
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
hello service:
@GetMapping("/hello")
public String hello(@RequestParam("name") String name) throws UnknownHostException, InterruptedException {
return "Hello " + name + "!";
}
When I started the hello service and try to access localhost:8082/h/hello?name=Vasya (/h - context path) - request happens successfully and I see Hello Vasya mesage in the response. I need to say that authentication is disabled for that service.
hello world service has index.html page and when I try to acces it - auth flow happens successfully and eventually this application log in successfully. Then I try to execute method /hello from the hello world service and I see response:
{"timestamp":"2018-05-17T08:53:04.623+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/hw/helloWorld"}
Oauth2 configuration:
hello world service
@SpringBootApplication
@EnableEurekaClient
@RibbonClient(name = "say-hello")
@EnableAutoConfiguration
@EnableOAuth2Sso
public class HelloWorldStarter {
public static void main(String[] args) {
SpringApplication.run(HelloWorldStarter.class, args);
}
@RestController
@EnableDiscoveryClient
@EnableCircuitBreaker
public static class HelloWorldController {
@Autowired
private RestTemplate restTemplate;
@Autowired
private DiscoveryClient discoveryClient;
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
public String reliable() {
return "Could not get response from service";
}
}
@org.springframework.context.annotation.Configuration
public static class Configuration {
@Bean
@LoadBalanced
RestTemplate restTemplate() {
return new RestTemplate();
}
}
}
application.yml:
spring:
application:
name: hello-world-service
server:
port: 8081
servlet:
context-path: /hw
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka
instance:
preferIpAddress: true
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
logging:
level:
org.springframework.security: DEBUG
org.springframework.web: DEBUG
Questions
- How can I fix this problem?
- After previous point fix I want to know how to execute authorized request to that service. In other words I want to enable oauth 2 authorization on hello service and have possibility to make request from the
hello world service
回答1:
I think you use very strange approach to solve your problem.
I suggest you the following solution:
- Create FeignClient service.
@FeignClient(name = "hello-service", url = "http://hello-service")
public interface HelloService {
@RequestMapping(method = RequestMethod.GET, value = "/hello")
String hello(@PathVariable("name") String name);
}- Add oauth2FeignRequestInterceptor into SpringBoot Application class
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor() {
return new RequestInterceptor() {
@Override
public void apply(RequestTemplate requestTemplate) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails();
requestTemplate.header("Authorization", "bearer " + details.getTokenValue());
}
};
}- Add several annotation into your SpringBoot Application class
@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableFeignClients
public class HelloWorldStarterThat's all hope it helps.
来源:https://stackoverflow.com/questions/50387947/inter-micro-service-request-responds-with-forbidden-status-in-spring-cloud-appli