oauth2.0 在traefik中使用auth forward时如何转发url查询参数访问令牌

yzxexxkh  于 2023-10-15  发布在  其他
关注(0)|答案(1)|浏览(194)

我使用traefik auth forward来做一些授权,这是中间件配置的样子:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: jwt-token-auth
  namespace: reddwarf-pro
spec:
  forwardAuth:
    address: >-
      http://dolphin-post-service.reddwarf-pro.svc.cluster.local:11014/post/auth/access_token/verify

一切正常,但现在我发现auth forward没有转发查询参数,因为当我连接WebSocket时,我把token放在查询参数中。sse连接也是如此(sse https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events/Using_server-sent_events不支持自定义头来放置访问令牌)。但我无法从验证函数中的参数获取访问令牌。这就是我如何定义验证函数:

@GetMapping("/access_token/verify")
ResponseEntity verifyAccessToken(@RequestParam(value = "access_token",required = false) String accessToken, @RequestHeader(value = "Authorization",required = false) String authorizationHeader);

我应该怎么做才能让traefik auth转发来传递访问令牌?有什么建议吗?这是我在url中传递访问令牌的方式:

curl https://tex.demo.top/tex/project/compile/log/stream\?project_id\=287ea73d1c78463298e9e5b267cab87f\&file_name\=main.tex\&version_no\=c880ee90933b46d19b16bef9f7736658\&qid\=350\&access_token\=eyJhbGciOiJIUzUxMiJ9.eyJ1c2VySWQiOjEwMywiZGV2aWNlSWQiOiiuwIyOTQ1ZGUwN2NkM2I1N2FkNmNkNTk4YjdhZTFjZTlmdoMCIsImFwcElkIjoibjI5UGEyOVdTMSIsImx0IjoxLCJldCI6MCwicGlkIjoxMywiZXhwIjoxNjk1Mzc2Mzkyf.WA8_XuKDd9927_j8bgjKNem7Z0WuS323DTz0DPlX_TurkZm4m7CKaerFAfN8jyM5t86MMHdtXp9N8P4ChmpQ
6pp0gazn

6pp0gazn1#

第一步在traefik(2.10.x)中间件中启用trustForwardHeader:

trustForwardHeader: true

然后像这样获取服务器端的uri验证方法(Java Sping Boot ):

String uri = request.getHeader("X-Forwarded-Uri");

相关问题