JDK 1.8
Spring Boot 2.0.5
Spring Security OAuth 2.1.5
Spring Cloud Dependencies Finchley.SR4
Googled so far:
https://cloud.spring.io/spring-cloud-netflix/multi/multi__router_and_filter_zuul.html
https://stackoverflow.com/questions/31099368/netflixoss-zuul-filter-for-rejecting-requests
https://stackoverflow.com/questions/38444304/how-to-retrieve-json-error-from-zuul-filter
Problem:
Want to have a proper JSON response if endpoint doesn't contain valid token or token itself. Something like below:
{
statusCode: 403,
statusMsg: "Not Authorised to perform this request",
result: ""
}
We have 17 micro-services behind Zuul proxy. There are certain endpoints which are public and majority requires an OAuth Token before they can have the response.
To achieve this, we have implemented OAuth in Zuul itself to check header for token. If token is not found or invalid, it should throw a 403 forbidden ErrorCode along with a customised StatusMessage for Angular to handle it properly.
Below is endpoint filter to allow only public endpoints without authentication:
@Configuration
@EnableResourceServer
public class TokenService extends ResourceServerConfigurerAdapter {
@Override
public void configure(final HttpSecurity http) throws Exception {
try {
http.authorizeRequests()
.antMatchers("/auth/**",
"/main/user/login",
"/main/user/basicUserCreation",
"/main/user/create",
"/main/user/forgetPass",
"/main/user/recoverPass",
"/order/market/all",
"/wallet/withdraw/fee")
.permitAll()
.antMatchers("/**")
.authenticated().and().csrf().disable();
} catch (Exception e){
log.error(e.getMessage(), e.getCause());
throw new Exception(e.getMessage(), e.getCause());
}
}
}
Above code filters properly. But I want to tweak the 403 response. For that, I have created another Service OverRiding ZuulFilter as below:
@Slf4j
@Service
public class FilterService extends ZuulFilter {
@Autowired
private ProxyRequestHelper helper;
RequestContext context;
@Override
public boolean shouldFilter() {
RequestContext ctx = RequestContext.getCurrentContext();
return !ctx.containsKey(FORWARD_TO_KEY) // a filter has already forwarded
&& !ctx.containsKey(SERVICE_ID_KEY);
}
@SneakyThrows
@Override
public Object run(){
context=RequestContext.getCurrentContext();
ZuulResponseDTO zuulResponseDTO=new ZuulResponseDTO();
JSONObject response= new JSONObject();
if (context.getResponseBody() == null) {
context.setResponseBody("You are not authorized to access this section without Login");
context.setResponseStatusCode(403);
context.setSendZuulResponse(false);
zuulResponseDTO.setResult(null);
zuulResponseDTO.setStatusCode(403);
zuulResponseDTO.setStatusMsg(context.getResponseBody());
zuulResponseDTO.setResult("null");
response.put("statusCode", zuulResponseDTO.getStatusCode());
response.put("statusMsg", zuulResponseDTO.getStatusMsg());
response.put("result", zuulResponseDTO.getResult());
}
log.info("Returning Error >>>>>>>> " + response);
return response;
}
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public int filterOrder() {
return 0;
}
}
The problem is that it doesn't send the response as JSON object, instead it just sends as plain text without statusCode or Result values. Below is the screenshot for the same:
Comment From: OlgaMaciaszek
Hello, @kunalbarchha, Zuul is no longer supported. The Finchley release train has not been supported for years now. We recommend you switch to the 2020.x release train (or wait for the GA release later this month to switch to the 2021.x release train). And migrate from Zuul to Spring Cloud Gateway.
Comment From: kunalbarchha
@OlgaMaciaszek Yes, I do understand the support is revoked, but I guess there should be some sort of guidance mechanism in place to people like me who are managing legacy code. There are 17 micro-services and code base is huge. We do plan to migrate from Zuul to native Spring libraries. But as you may already know, it cannot be done instantly. We recently completed migrating from Spring 1.5.X to 2.1.5, and that was a pain :-)
By the way, is it straight forward to just remove Zuul from dependency and integrating Spring Cloud Gateway ?