Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to modify authorization header of a request before forwarding to microservice from gateway. #1392

Closed
grovermanas opened this issue Oct 12, 2016 · 7 comments
Closed

How to modify authorization header of a request before forwarding to microservice from gateway. #1392

grovermanas opened this issue Oct 12, 2016 · 7 comments
Labels
question

Comments

@grovermanas
Copy link

grovermanas commented Oct 12, 2016
edited

In my application, I am enabling security using authentication server. Once oauth2 token is validated , I generate a jwt token which is sent back to Gateway by Auth server. Now , before forwarding the actual request to respective microservice , I need to add this jwt token in as authorization bearer token to my original request . I tried using HttpServletRequestWrapper by overriding the getHeader(String) method but get null whenever I do getHeader() in the microservice. Looking for a way to achieve this.
@ryanjbaxter
Copy link
Contributor

Are you trying to do this using Zuul?

@grovermanas
Copy link
Author

Yes, trying to do it using zuul.

@spencergibb
Copy link
Member

Where are you trying to use HttpServletRequestWrapper?

@grovermanas
Copy link
Author

grovermanas commented Oct 12, 2016
edited

I have written a ZuulFilter to pass on the oauth2 token to auth service check_token endpoint for validation, and on successful validation generate a JWT at auth service which contains the permission details for the user/microservice and returns that back to ZuulFilter in the gateway. Now, I need to set this jwt in the Authentication header as a Bearer token . Below is the Filter code I have written.

import javax.servlet.http.HttpServletRequest;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.http.HttpServletRequestWrapper;

public class AuthorizationFilter extends ZuulFilter {
private static Logger log = LoggerFactory.getLogger(AuthorizationFilter.class);
@Autowired
private AuthenticationServiceClient authenticationServiceClient;

@Override
public String filterType() {
    return "pre";
}

@Override
public int filterOrder() {
    return 0;
}

@Override
public boolean shouldFilter() {
    return true;
}

@Override
public Object run() {
    RequestContext ctx = RequestContext.getCurrentContext();
    HttpServletRequest request = ctx.getRequest();

    String header = request.getHeader("Authorization");
    if (header == null || header.isEmpty() || !header.startsWith("Bearer ")) {
        ctx.setResponseStatusCode(401);
        ctx.setSendZuulResponse(false);
    } else {
        header = header.replace("Bearer ", "");
        log.info("Token is '" + header + "'");
        ResponseEntity<String> responseToken = authenticationServiceClient.validateToken(header);
        String jwtToken = responseToken.getBody();

        //request.setAttribute("jwt", jwtToken);
        HttpServletRequestWrapper wrappedRequest = modifyRequest(request, jwtToken);
        /*wrappedRequest.setAttribute("jwt", jwtToken);*/
        ctx.setRequest(wrappedRequest);

        if (responseToken == null) {
            ctx.setResponseStatusCode(500);
            ctx.setResponseBody("AuthenticationService Not Available");
            ctx.setSendZuulResponse(false);
        } else {
            log.info(responseToken.getStatusCode().name());
            log.info(responseToken.getBody().toString());
        }
    }
    log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
    return null;
}

private HttpServletRequestWrapper modifyRequest(HttpServletRequest request, String jwt) {
    return new HttpServletRequestWrapper(request) {

        @Override
        public String getContentType() {
            return "application/json";
        }

        @Override
        public String getHeader(String name){
            //if(name.equalsIgnoreCase("Authorization")){
            return "Bearer " + jwt;
            //}
            //return super.getHeader(name);         
        }
    };
}

}

Now , when the request is passed to the actual microservice I see the bearer token in the x-forwarded-prefix header in the following manner: "Bearer token/content" where content is the request path for the microservice but not able to set it in the Authorization header.

@spencergibb
Copy link
Member

Instead of using a request wrapper use RequestContext.addZuulRequestHeader.

@VNAPNIC
Copy link

VNAPNIC commented May 24, 2021

zuul:
sensitive-headers: Cookie,Set-Cookie

@AaronMaru
Copy link

Hello grovermanas,
Your prefilter will check if the request header has bearer.
What should I do if my behind service has one endpoint that I allow permitAll?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryanjbaxter @spencergibb @VNAPNIC @AaronMaru @grovermanas