问题:
Spring云网关调用Spring oauth2授权服务器时卡顿
相旭
我试图在spring cloud gateway(spring-cloud-gateway 2.0.0.M5)后面运行一个oauth2授权服务器(spring-security-oauth2 2.2.1.Release),这两个服务器都带有spring boot 2.0.0.RC1。如果我直接调用授权服务器,它可以正常工作,但如果我通过网关(使用curl或浏览器)调用它,调用将保持不变,没有应答。我在Windows10和Mac上都检查了这一点,因为这两个应用程序都运行在Java9上。
如果使用调试日志级别运行应用程序,则在运行curl client:secret@localhost:8080-d grant_type=password=password-d username=username-v时得到以下输出:
在授权服务器上,我只得到以下日志:
2018-02-08 17:17:41.816 DEBUG 132 --- [8081-Acceptor-0] o.apache.tomcat.util.threads.LimitLatch : Counting up[http-nio-8081-Acceptor-0] latch=1
在大门上我得到:
2018-02-08 17:19:06.170 DEBUG 18856 --- [ctor-http-nio-1] r.ipc.netty.http.server.HttpServer : [id: 0x1ad52031, L:/0:0:0:0:0:0:0:0:8080] READ: [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564]
2018-02-08 17:19:06.171 DEBUG 18856 --- [ctor-http-nio-1] r.ipc.netty.http.server.HttpServer : [id: 0x1ad52031, L:/0:0:0:0:0:0:0:0:8080] READ COMPLETE
2018-02-08 17:19:06.171 DEBUG 18856 --- [ctor-http-nio-4] r.i.n.http.server.HttpServerOperations : New http connection, requesting read
2018-02-08 17:19:06.171 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.channel.ContextHandler : After pipeline DefaultChannelPipeline{(reactor.left.loggingHandler = io.netty.handler.logging.LoggingHandler), (ServerContextHandler#0 = reactor.ipc.netty.channel.ServerContextHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.httpServerHandler = reactor.ipc.netty.http.server.HttpServerHandler), (reactor.right.reactiveBridge = reactor.ipc.netty.channel.ChannelOperationsHandler)}
2018-02-08 17:19:06.171 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.http.server.HttpServer : [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] REGISTERED
2018-02-08 17:19:06.171 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.http.server.HttpServer : [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] ACTIVE
2018-02-08 17:19:06.172 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.http.server.HttpServer : [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] READ: 246B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 50 4f 53 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d |POST / HTTP/1.1.|
|00000010| 0a 48 6f 73 74 3a 20 6c 6f 63 61 6c 68 6f 73 74 |.Host: localhost|
|00000020| 3a 38 30 38 30 0d 0a 41 75 74 68 6f 72 69 7a 61 |:8080..Authoriza|
|00000030| 74 69 6f 6e 3a 20 42 61 73 69 63 20 59 32 78 70 |tion: Basic Y2xp|
|00000040| 5a 57 35 30 4f 6e 4e 6c 59 33 4a 6c 64 41 3d 3d |ZW50OnNlY3JldA==|
|00000050| 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 75 |..User-Agent: cu|
|00000060| 72 6c 2f 37 2e 34 37 2e 30 0d 0a 41 63 63 65 70 |rl/7.47.0..Accep|
|00000070| 74 3a 20 2a 2f 2a 0d 0a 43 6f 6e 74 65 6e 74 2d |t: */*..Content-|
|00000080| 4c 65 6e 67 74 68 3a 20 35 35 0d 0a 43 6f 6e 74 |Length: 55..Cont|
|00000090| 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 |ent-Type: applic|
|000000a0| 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d |ation/x-www-form|
|000000b0| 2d 75 72 6c 65 6e 63 6f 64 65 64 0d 0a 0d 0a 67 |-urlencoded....g|
|000000c0| 72 61 6e 74 5f 74 79 70 65 3d 70 61 73 73 77 6f |rant_type=passwo|
|000000d0| 72 64 26 70 61 73 73 77 6f 72 64 3d 70 61 73 73 |rd&password=pass|
|000000e0| 77 6f 72 64 26 75 73 65 72 6e 61 6d 65 3d 75 73 |word&username=us|
|000000f0| 65 72 6e 61 6d 65 |ername |
+--------+-------------------------------------------------+----------------+
2018-02-08 17:19:06.172 DEBUG 18856 --- [ctor-http-nio-4] r.i.n.http.server.HttpServerOperations : Increasing pending responses, now 1
2018-02-08 17:19:06.172 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.http.server.HttpServer : [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] READ COMPLETE
2018-02-08 17:19:06.172 DEBUG 18856 --- [ctor-http-nio-4] r.ipc.netty.channel.ChannelOperations : [HttpServer] [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@2adaf15
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] o.s.web.reactive.DispatcherHandler : Processing POST request for [http://localhost:8080/]
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] s.w.r.r.m.a.RequestMappingHandlerMapping : Looking up handler method for path /
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] s.w.r.r.m.a.RequestMappingHandlerMapping : Did not find handler method for [/]
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] o.s.c.g.h.RoutePredicateHandlerMapping : RouteDefinition matched: 306be04f-f762-488a-b24d-47be9748ad34
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] o.s.c.g.h.RoutePredicateHandlerMapping : Mapping [Exchange: POST http://localhost:8080/] to Route{id='306be04f-f762-488a-b24d-47be9748ad34', uri=http://localhost:8081/oauth/token, order=0, predicate=org.springframework.cloud.gateway.handler.predicate.PathRoutePredicateFactory$$Lambda$295/218688965@63309ea4, gatewayFilters=[]}
2018-02-08 17:19:06.173 DEBUG 18856 --- [ctor-http-nio-4] o.s.c.g.handler.FilteringWebHandler : Sorted gatewayFilterFactories: [OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter@b0a1231}, order=-1}, OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter@4833eff3}, order=10000}, OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter@2676dc05}, order=2147483647}, OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter@4694f434}, order=2147483647}, OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter@56928e17}, order=2147483647}]
2018-02-08 17:19:06.174 DEBUG 18856 --- [ctor-http-nio-4] r.i.n.c.PooledClientContextHandler : Acquiring existing channel from pool: DefaultPromise@395fcfef(incomplete) SimpleChannelPool{activeConnections=0}
2018-02-08 17:19:06.174 DEBUG 18856 --- [ctor-http-nio-6] r.i.n.resources.DefaultPoolResources : Created [id: 0xb483ea9b], now 1 active connections
2018-02-08 17:19:06.174 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.channel.ContextHandler : After pipeline DefaultChannelPipeline{(reactor.left.loggingHandler = io.netty.handler.logging.LoggingHandler), (SimpleChannelPool$1#0 = io.netty.channel.pool.SimpleChannelPool$1), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (reactor.right.reactiveBridge = reactor.ipc.netty.channel.ChannelOperationsHandler)}
2018-02-08 17:19:06.174 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.http.client.HttpClient : [id: 0xb483ea9b] REGISTERED
2018-02-08 17:19:06.174 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.http.client.HttpClient : [id: 0xb483ea9b] CONNECT: localhost/127.0.0.1:8081
2018-02-08 17:19:06.175 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.http.client.HttpClient : [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081] ACTIVE
2018-02-08 17:19:06.175 DEBUG 18856 --- [ctor-http-nio-6] r.i.n.c.PooledClientContextHandler : Acquired active channel: [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081]
2018-02-08 17:19:06.175 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.channel.ChannelOperations : [HttpClient] [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081] handler is being applied: HttpClientHandler{startURI=http://localhost:8081/oauth/token, method=POST, handler=org.springframework.cloud.gateway.filter.NettyRoutingFilter$$Lambda$443/633701416@335243d7}
2018-02-08 17:19:06.176 DEBUG 18856 --- [ctor-http-nio-6] r.ipc.netty.http.client.HttpClient : [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081] USER_EVENT: reactor.ipc.netty.NettyPipeline$SendOptionsChangeEvent@31db44d0
2018-02-08 17:19:06.176 DEBUG 18856 --- [ctor-http-nio-6] r.i.n.channel.ChannelOperationsHandler : [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081] New sending options
2018-02-08 17:19:06.176 DEBUG 18856 --- [ctor-http-nio-4] reactor.ipc.netty.channel.FluxReceive : [id: 0x6d119e6b, L:/127.0.0.1:8080 - R:/127.0.0.1:52564] Subscribing inbound receiver [pending: 1, cancelled:false, inboundDone: true]
2018-02-08 17:19:06.177 DEBUG 18856 --- [ctor-http-nio-6] reactor.ipc.netty.ReactorNetty : Added encoder [reactor.left.chunkedWriter] at the beginning of the user pipeline, full pipeline: [reactor.left.loggingHandler, reactor.left.httpCodec, reactor.left.chunkedWriter, reactor.right.reactiveBridge, DefaultChannelPipeline$TailContext#0]
2018-02-08 17:19:06.177 DEBUG 18856 --- [ctor-http-nio-6] r.i.n.channel.ChannelOperationsHandler : [id: 0xb483ea9b, L:/127.0.0.1:52565 - R:localhost/127.0.0.1:8081] Writing object io.netty.handler.codec.http.multipart.HttpPostRequestEncoder$WrappedFullHttpRequest@6235dbbf
curl输出这个并被卡住:
* Rebuilt URL to: client:secret@localhost:8080/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'client'
> POST / HTTP/1.1
> Host: localhost:8080
> Authorization: Basic Y2xpZW50OnNlY3JldA==
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 55
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 55 out of 55 bytes
@Configuration
public class GatewayConfiguration {
@Bean
public RouteLocator routes(RouteLocatorBuilder builder) {
return builder.routes().route(spec -> spec.path("/").uri("http://localhost:8081/oauth/token")).build();
}
}
@Configuration
@EnableAuthorizationServer
public class AuthorizationConfiguration extends AuthorizationServerConfigurerAdapter {
private final AuthorizationServerTokenServices tokenServices;
private final AuthenticationManager authenticationManager;
@Autowired
public AuthorizationConfiguration(AuthorizationServerTokenServices tokenServices,
AuthenticationManager authenticationManager) {
super();
this.tokenServices = Objects.requireNonNull(tokenServices);
this.authenticationManager = Objects.requireNonNull(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer.inMemory().withClient("client").secret("secret").authorizedGrantTypes("password", "refresh_token")
.scopes("read");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(this.tokenServices).authenticationManager(this.authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.passwordEncoder(NoOpPasswordEncoder.getInstance());
}
}
还有这个:
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().httpBasic().and().csrf()
.disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("username").password("password").authorities("ROLE_USER").and()
.passwordEncoder(NoOpPasswordEncoder.getInstance());
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setAccessTokenValiditySeconds(5000);
defaultTokenServices.setRefreshTokenValiditySeconds(5000);
return defaultTokenServices;
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
带有gradle依赖项的完整代码在这个存储库中(https://gitlab.com/kenzow/spring-gateway-test)。我不知道我是应该在spring存储库中打开一个问题,还是只是我的配置出现了问题。我有其他微服务(以及授权服务器上的其他工作endpoint)在同一个网关后面运行,其他微服务没有任何问题。
共有1个答案
万俟均
今天我将spring-cloud-gateway更新到了新的2.0.0.M6,现在一切都很好。
类似资料:
-
尝试使用 Spring 授权服务器实现 OAuth2 协议。使用以下配置创建了一个简单的应用程序。 调用以下endpoint时: 我得到这些: 我正在尝试通过身份验证并尝试遵循此文档。我尝试了多个电话,其中之一是: 我大部分时间都是带着不同的信息返回401。我真的想不出在哪里可以找到一些带有示例的文档,因为我能够找到的示例对我的用例没有什么帮助。我不完全理解如果客户端是前端应用程序,我将如何验证和
-
我有一个使用SpringCloud配置的Spring Boot应用程序,我正在尝试从Bitbucket获取应用程序的配置文件。前一段时间我可以获取配置文件,但现在我在尝试通过配置服务器url访问时出错。 应用yml: 当我试图访问网址的应用程序显示一个错误-未授权: 有人知道发生了什么吗?我已经检查了bitbucket上的所有凭据和url。
-
我在下面设置Spring配置: 和Maven设置如下:
-
我一直在试图找到一个与eureka服务器集成的spring cloud gateway的运行示例,以及一些Hystrix示例,但到目前为止我还没有找到。有什么地方可以找到它吗?我真的很想看到spring cloud gateway投入使用,取代我目前的Zuul API服务。 谢谢!
-
Java 14 版本: 版本: 现在我想将安全性集成到我的网关和所有下游微服务中。最终,我决定使用Firebase作为身份提供商(IDP)。我的Angular应用程序将从Firebase获得JWT令牌,并在每个请求中发送到云网关。因此,网关将开始只充当资源服务器,仅此而已。 下面是我如何尝试的。设置和同时充当资源服务器。在这里很好地解释了Spring安全文档。 下面是我的配置 和applicati
-
我不熟悉spring微服务世界。由于我处于学习阶段,我尝试并实施了以下内容。 > 路由(能够使用Spring云网关进行路由) 负载平衡(Netflix Eureka) 限速和断路器 我只需要一些澄清和建议,说明在这些情况下该怎么做: 因为我已经创建了身份验证/授权作为一个单独的微服务集中。现在我如何实现这样的每个请求必须包含jwt令牌和通过API网关调用其他微服务也应该检查哪个用户有权限访问其他微