gpt4 book ai didi

spring-boot - 如何在 Spring Boot SSO + zuul 中从 OAuth token 中检索范围

转载 作者:行者123 更新时间:2023-12-04 03:24:57 24 4
gpt4 key购买 nike

我正在尝试使用 Spring boot SSO + Zuul 制作一个简单的 API 网关。我需要将 OAuth 范围转换为 header ,其他一些后端服务将进一步使用这些 header 来基于 header 执行 RBAC。

我正在使用这个 CustomOAuth2TokenRelayFilter ,它基本上会在发送到后端之前设置标题。我的问题是如何从当前 token 中获取范围。 OAuth2AuthenticationDetails 类确实提供了 token 值,但它不提供范围。

我不确定如何获得其中的范围。

下面是自定义 Zuul 过滤器,主要取自
https://github.com/spring-cloud/spring-cloud-security/blob/master/spring-cloud-security/src/main/java/org/springframework/cloud/security/oauth2/proxy/OAuth2TokenRelayFilter.java

    import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.stereotype.Component;

@Component
public class CustomOAuth2TokenRelayFilter extends ZuulFilter {

private static Logger LOGGER = LoggerFactory.getLogger(CustomOAuth2TokenRelayFilter.class);

private static final String ACCESS_TOKEN = "ACCESS_TOKEN";
private static final String TOKEN_TYPE = "TOKEN_TYPE";

private OAuth2RestOperations restTemplate;


public void setRestTemplate(OAuth2RestOperations restTemplate) {
this.restTemplate = restTemplate;
}


@Override
public int filterOrder() {
return 1;
}

@Override
public String filterType() {
return "pre";
}

@Override
public boolean shouldFilter() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();

if (auth instanceof OAuth2Authentication) {
Object details = auth.getDetails();
if (details instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails oauth = (OAuth2AuthenticationDetails) details;
RequestContext ctx = RequestContext.getCurrentContext();

LOGGER.debug ("role " + auth.getAuthorities());

LOGGER.debug("scope", ctx.get("scope")); // How do I obtain the scope ??


ctx.set(ACCESS_TOKEN, oauth.getTokenValue());
ctx.set(TOKEN_TYPE, oauth.getTokenType()==null ? "Bearer" : oauth.getTokenType());
return true;
}
}
return false;
}

@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
ctx.addZuulRequestHeader("x-pp-user", ctx.get(TOKEN_TYPE) + " " + getAccessToken(ctx));
return null;
}

private String getAccessToken(RequestContext ctx) {
String value = (String) ctx.get(ACCESS_TOKEN);
if (restTemplate != null) {
// In case it needs to be refreshed
OAuth2Authentication auth = (OAuth2Authentication) SecurityContextHolder
.getContext().getAuthentication();
if (restTemplate.getResource().getClientId()
.equals(auth.getOAuth2Request().getClientId())) {
try {
value = restTemplate.getAccessToken().getValue();
}
catch (Exception e) {
// Quite possibly a UserRedirectRequiredException, but the caller
// probably doesn't know how to handle it, otherwise they wouldn't be
// using this filter, so we rethrow as an authentication exception
throw new BadCredentialsException("Cannot obtain valid access token");
}
}
}
return value;
}

}

最佳答案

您可以使用 SecurityContextHolder 从 OAuth2 token 中检索范围和 OAuth2Authentication

private static Set<String> getOAuthTokenScopes() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
OAuth2Authentication oAuth2Authentication;

if (authentication instanceof OAuth2Authentication) {
oAuth2Authentication = (OAuth2Authentication) authentication;
} else {
throw new IllegalStateException("Authentication not supported!");
}

return oAuth2Authentication.getOAuth2Request().getScope();
}

关于spring-boot - 如何在 Spring Boot SSO + zuul 中从 OAuth token 中检索范围,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37402510/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com