问题
In our project JWT token validation and other authorization related logics are done in ZUUL gateway. If zuul succesfully validated the token it will proceed the request to the corresponding microservice
In that case, How can i send Principal to other microservices, when JWT authorization has been done from ZUUl gateway .
I can of course fetch the token using @RequestHeader(value="Authorization")in controllers of other services.
But in order to use @Preauthorize(id,principal) kind offunctionality, i need principal in other microservices where the actual authentication has not been taken place.
is it possible to do this?
回答1:
Yeah it's possible.
Whenever creating or generating new Jwt token add your ( user details or any useful information that need to be consumed in downstream microservices ) in the Jwt token claims.
Whenever routing happens in Zuul API gateway it will pass the current request to your downstream microservices. In that incoming request you can get your Jwt token from the request header.
Steps to access the User details or any information using Jwt token from any microservice :
- Get the token from the request header.
- Parse the token with correct signing key and get the user details from the token claims.
For your reference : https://medium.com/@Baimurzin/how-to-get-the-current-user-in-spring-cloud-microservices-c876e1c6fc65
来源:https://stackoverflow.com/questions/57867056/access-spring-security-principal-in-microservies-when-actual-authentication-has