如何通过虚拟客户端使用受基本身份验证保护的 Restful Web 服务

问题描述 投票:0回答:3

谢谢你的时间。 为简单起见,我创建了一个示例服务,如下所示:

@RestController
@RequestMapping("/")
public class ComputeController {

    @GetMapping("/add")
    public int add(@RequestParam("left") int left, @RequestParam("right") int right) {
        return left + right;
    }
}

为了保护这个 url,我像这样配置 spring-security:

management.security.enabled=true
security.user.name=admin
security.user.password=admin

当我启动此服务并像这样访问时:

GET /add?left=100&right=11 HTTP/1.1
Authorization: ***** Hidden credentials *****
Host: localhost:7777
Connection: close

一切顺利。

在其他节点,我通过netflix feign创建了一个“service-comsumer”。这是一个 Java 接口。

@FeignClient(name = "API-GATEWAY", path = "/compute-service", fallback = ComputeServiceCircuitBreaker.class)
public interface ComputeServiceClient {

    @RequestMapping(path = "/add", method = RequestMethod.GET)
    public Integer add(@RequestParam("left") Integer left, @RequestParam("right") Integer right);
}

但我不知道如何配置请求标头“授权”。

有什么想法吗?再次感谢。

spring-security spring-cloud spring-cloud-netflix
3个回答
48
投票

需要创建一个FeignClient配置类,例如

import feign.auth.BasicAuthRequestInterceptor;

@Configuration
public class FeignClientConfiguration {
    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
         return new BasicAuthRequestInterceptor("admin", "admin");
    }
}

然后在您的 

@FeignClient
注释中使用此配置文件:

@FeignClient(name="service", configuration = FeignClientConfiguration.class)
11
投票

截至 2020 年 10 月,这有效:

public class FeignClientConfiguration {

    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
        return new BasicAuthRequestInterceptor("asdf", "asdf");
    }
}


@FeignClient(name = "thirdPartyClient", url = "ceva.com",
        configuration = FeignClientConfiguration.class)
public interface ThirdPartyClient {

    @GetMapping
    Response get();
}

注意,我们不使用 @Configuration 注释配置,以便不将其应用于所有请求。

0
投票

像这样创建标题并传递给你的假客户

private HttpHeaders getHeaders(final HttpServletRequest httpServletRequest) {
        final HttpHeaders headers = new HttpHeaders();
        headers.add("authorization", httpServletRequest.getHeader("authorization"));
        return headers;

例一

或者很简单的添加拦截器

@Component
public class AuthFeignInterceptor implements RequestInterceptor {

    @Override
    public void apply(RequestTemplate template) {
        final RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes != null) {
            final HttpServletRequest httpServletRequest = ((ServletRequestAttributes) requestAttributes).getRequest();
            template.header(HttpHeaders.AUTHORIZATION, httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION));
        }
    }
}

示例 2

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.