來自另一個線程的feign + hystrix + oauth2調(diào)用不傳播安全性

問題出現(xiàn)條件:
使用現(xiàn)在最新版本

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.2.RELEASE</version>
</parent>
<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-dependencies</artifactId>
            <version>Dalston.SR1</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

問題:

  • feign接口如何訪問oauth2保護的資源服務(wù)器
  • hystrix不傳播安全性或者說Hystrix shareSecurityContext不工作

解決:

  • feign接口如何訪問oauth2保護的資源服務(wù)器
    1、編寫文件屬性類
package com.yp.demo.config;

import org.springframework.boot.context.properties.ConfigurationProperties;

/**
 * Created by CrazyMouse on 2017/7/20.
 */
@ConfigurationProperties(prefix = "security.oauth2.client")
public class OAuth2Properties {
    private String clientId;
    private String clientSecret;
    private String accessTokenUri;
    private String userAuthorizationUri;
    private String clientAuthenticationScheme;

    public String getClientId() {
        return clientId;
    }

    public void setClientId(String clientId) {
        this.clientId = clientId;
    }

    public String getClientSecret() {
        return clientSecret;
    }

    public void setClientSecret(String clientSecret) {
        this.clientSecret = clientSecret;
    }

    public String getAccessTokenUri() {
        return accessTokenUri;
    }

    public void setAccessTokenUri(String accessTokenUri) {
        this.accessTokenUri = accessTokenUri;
    }

    public String getUserAuthorizationUri() {
        return userAuthorizationUri;
    }

    public void setUserAuthorizationUri(String userAuthorizationUri) {
        this.userAuthorizationUri = userAuthorizationUri;
    }

    public String getClientAuthenticationScheme() {
        return clientAuthenticationScheme;
    }

    public void setClientAuthenticationScheme(String clientAuthenticationScheme) {
        this.clientAuthenticationScheme = clientAuthenticationScheme;
    }
}

2、編寫OAuth2FeignResourceDetails類

package com.yp.demo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;

import java.util.List;

/**
 * Created by CrazyMouse on 2017/7/20.
 */
@EnableConfigurationProperties(OAuth2Properties.class)
public class OAuth2FeignResourceDetails implements OAuth2ProtectedResourceDetails {

    @Autowired
    private OAuth2Properties properties;

    @Override
    public String getId() {
        return null;
    }

    @Override
   public String getClientId() {
        return null;
    }

    @Override
    public String getAccessTokenUri() {
        return properties.getAccessTokenUri();
    }

    @Override
    public boolean isScoped() {
        return false;
    }

    @Override
    public List<String> getScope() {
        return null;
    }

    @Override
    public boolean isAuthenticationRequired() {
        return false;
    }

    @Override
    public String getClientSecret() {
        return properties.getClientSecret();
    }

    @Override
    public AuthenticationScheme getClientAuthenticationScheme() {
        return AuthenticationScheme.valueOf(properties.getClientAuthenticationScheme());
    }

    @Override
    public String getGrantType() {
        return null;
    }

    @Override
    public AuthenticationScheme getAuthenticationScheme() {
        return null;
    }

    @Override
    public String getTokenName() {
        return null;
    }

    @Override
    public boolean isClientOnly() {
        return false;
    }
}

3、編寫OAuth2FeignConguration類

package com.yp.demo.config;

import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;

import java.util.Optional;

/**
 * Created by CrazyMouse on 2017/7/20.
 */
@Configuration
public class OAuth2FeignConguration {

    @Bean("oAuth2ClientContext")
    public OAuth2ClientContext oAuth2ClientContext() {
        return new DefaultOAuth2ClientContext() {
            @Override
            public OAuth2AccessToken getAccessToken() {
                return Optional.ofNullable(super.getAccessToken())
                        .orElse(new DefaultOAuth2AccessToken(
                                ((OAuth2AuthenticationDetails) SecurityContextHolder
                                        .getContext().getAuthentication().getDetails())
                                        .getTokenValue()));
            }
        };
    }

    @Bean
    public OAuth2FeignRequestInterceptor requestInterceptor(@Qualifier("oAuth2ClientContext") OAuth2ClientContext oAuth2ClientContext) {
        return new OAuth2FeignRequestInterceptor(oAuth2ClientContext, new OAuth2FeignResourceDetails());
    }
}

4、配置feign接口

package com.yp.demo.feign;

import com.yp.demo.config.OAuth2FeignConguration;
import feign.hystrix.FallbackFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.netflix.feign.FeignClient;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import java.util.HashMap;

/**
 * Created by CrazyMouse on 2017/7/20.
 */
@FeignClient(name = "microservice-resource",
    configuration = {OAuth2FeignConguration.class}, fallbackFactory =   UserFeign.UserFeignFallbackFactory.class)
public interface UserFeign {

@RequestMapping(value = "/user", method = RequestMethod.GET)
Object getUser();

    @Component
    class UserFeignFallbackFactory implements FallbackFactory<UserFeign> {

        private static final Logger LOGGER = LoggerFactory.getLogger(UserFeignFallbackFactory.class);

        @Override
        public UserFeign create(Throwable throwable) {
            return () -> {
                LOGGER.info("fallback reason was: ", throwable);
                HashMap<String, Object> json = new HashMap<>();
                json.put("code", 0);
                json.put("message", "資源服務(wù)器宕機");
                return json;
            };
        }
    }
}
  • hystrix不傳播安全性或者說Hystrix shareSecurityContext不工作
    1、在application.yml中加入
hystrix:
  shareSecurityContext: true

2、在上面的OAuth2FeignConguration中已經(jīng)配置了,就是下面的代碼

@Bean("oAuth2ClientContext")
public OAuth2ClientContext oAuth2ClientContext() {
    return new DefaultOAuth2ClientContext() {
        @Override
        public OAuth2AccessToken getAccessToken() {
            return Optional.ofNullable(super.getAccessToken())
                    .orElse(new DefaultOAuth2AccessToken(
                            ((OAuth2AuthenticationDetails) SecurityContextHolder
                                    .getContext().getAuthentication().getDetails())
                                    .getTokenValue()));
        }
    };
}

可以參考下面資料
https://github.com/spring-cloud/spring-cloud-netflix/issues/1330
https://github.com/spring-cloud/spring-cloud-netflix/issues/1336
demo項目地址
https://git.oschina.net/dream-maker/spring-cloud-sso-plus

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,533評論 19 139
  • 1 為什么需要服務(wù)發(fā)現(xiàn) 簡單來說,服務(wù)化的核心就是將傳統(tǒng)的一站式應(yīng)用根據(jù)業(yè)務(wù)拆分成一個一個的服務(wù),而微服務(wù)在這個基...
    謙小易閱讀 25,316評論 4 93
  • Spring Cloud 代碼地址:https://github.com/jedyang/springCloud ...
    運維開發(fā)筆記閱讀 819評論 0 5
  • (git上的源碼:https://gitee.com/rain7564/spring_microservices_...
    sprainkle閱讀 9,542評論 13 33
  • 獨自在雨里走了三公里,特意,因為想在雨里跟天地親近,那些天上飄的的云朵兒,只有這樣才會來到我的身邊。 雨在傘上蹦跳...
    夕媛閱讀 364評論 0 7

友情鏈接更多精彩內(nèi)容