In my application, I am enabling security using authentication server. Once oauth2 token is validated , I generate a jwt token which is sent back to Gateway by Auth server. Now , before forwarding the actual request to respective microservice , I need to add this jwt token in as authorization bearer token to my original request . I tried using HttpServletRequestWrapper by overriding the getHeader(String) method but get null whenever I do getHeader() in the microservice. Looking for a way to achieve this.
Comment From: ryanjbaxter
Are you trying to do this using Zuul?
Comment From: grovermanas
Yes, trying to do it using zuul.
Comment From: spencergibb
Where are you trying to use HttpServletRequestWrapper?
Comment From: grovermanas
I have written a ZuulFilter to pass on the oauth2 token to auth service check_token endpoint for validation, and on successful validation generate a JWT at auth service which contains the permission details for the user/microservice and returns that back to ZuulFilter in the gateway. Now, I need to set this jwt in the Authentication header as a Bearer token . Below is the Filter code I have written.
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity;
import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import com.netflix.zuul.http.HttpServletRequestWrapper;
public class AuthorizationFilter extends ZuulFilter { private static Logger log = LoggerFactory.getLogger(AuthorizationFilter.class); @Autowired private AuthenticationServiceClient authenticationServiceClient;
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 0;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
String header = request.getHeader("Authorization");
if (header == null || header.isEmpty() || !header.startsWith("Bearer ")) {
ctx.setResponseStatusCode(401);
ctx.setSendZuulResponse(false);
} else {
header = header.replace("Bearer ", "");
log.info("Token is '" + header + "'");
ResponseEntity<String> responseToken = authenticationServiceClient.validateToken(header);
String jwtToken = responseToken.getBody();
//request.setAttribute("jwt", jwtToken);
HttpServletRequestWrapper wrappedRequest = modifyRequest(request, jwtToken);
/*wrappedRequest.setAttribute("jwt", jwtToken);*/
ctx.setRequest(wrappedRequest);
if (responseToken == null) {
ctx.setResponseStatusCode(500);
ctx.setResponseBody("AuthenticationService Not Available");
ctx.setSendZuulResponse(false);
} else {
log.info(responseToken.getStatusCode().name());
log.info(responseToken.getBody().toString());
}
}
log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
return null;
}
private HttpServletRequestWrapper modifyRequest(HttpServletRequest request, String jwt) {
return new HttpServletRequestWrapper(request) {
@Override
public String getContentType() {
return "application/json";
}
@Override
public String getHeader(String name){
//if(name.equalsIgnoreCase("Authorization")){
return "Bearer " + jwt;
//}
//return super.getHeader(name);
}
};
}
}
Now , when the request is passed to the actual microservice I see the bearer token in the x-forwarded-prefix header in the following manner: "Bearer token/content" where content is the request path for the microservice but not able to set it in the Authorization header.
Comment From: spencergibb
Instead of using a request wrapper use RequestContext.addZuulRequestHeader.
Comment From: VNAPNIC
zuul: sensitive-headers: Cookie,Set-Cookie
Comment From: AaronMaru
Hello grovermanas, Your prefilter will check if the request header has bearer. What should I do if my behind service has one endpoint that I allow permitAll?