弹簧云有保护的网关比率不允许许可证URL
我试图在通过OAuth2和KeyCloak固定的弹簧云网关上应用速率限制。网关位于3个微服务的前面。每个微服务都揭示OpenAPI3配置。在网关和微服务中,将URL作为公共openapi3配置。但是,当我遵循指示使用REDIS限制速率时,公共URL不再公开了,被禁止403。
网关安全 - >
@Configuration
@EnableWebFluxSecurity
public class WebFluxSecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
serverHttpSecurity.authorizeExchange(exchange -> exchange
.pathMatchers("/v3/api-docs/**",
"/employee/v3/api-docs/**",
"/department/v3/api-docs/**",
"/organization/v3/api-docs/**",
"/webjars/swagger-ui/**",
"/swagger-ui/**", "/swagger-ui.html").permitAll()
.anyExchange().authenticated())
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt);
serverHttpSecurity.csrf().disable();
serverHttpSecurity.formLogin().disable();
serverHttpSecurity.httpBasic().disable();
return serverHttpSecurity.build();
}
}
费率限制配置 - >
@Configuration
public class RateLimitingConfig {
/*
* NOTE: this stops all unauthenticated access :(
* need a way to allow public permitted urls from this. but how!
*/
@Bean
KeyResolver userKeyResolver() {
return exchange -> ReactiveSecurityContextHolder.getContext()
.map(ctx -> ctx.getAuthentication().getPrincipal().toString());
}
}
微服务安全配置 - >
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//NOTE: this is to configure authorization
http.authorizeRequests(authorize -> authorize
.antMatchers("/v3/api-docs/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
http.csrf().disable();
http.formLogin().disable();
http.httpBasic().disable();
}
}
速率限制正适当地适用于身份验证的用户,但我的许可证不再允许网关允许所有方法。
我如何对私人URL强制限制利率,并将公共URL暴露于未经身份验证的用户?
这是完整的代码库 - https://github.com/tareqmy/tareqmy/springcloudcloudexexamples
I was trying to apply rate limiting on my spring cloud gateway which is secured through oauth2 and keycloak. the gateway sits in front of 3 microservices. each microservice exposes openapi3 config. in both gateway and microservices made the url to openapi3 config as public. but when i followed instruction to apply rate limiting using redis the public urls are not public anymore and getting 403 forbidden.
gateway security -->
@Configuration
@EnableWebFluxSecurity
public class WebFluxSecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
serverHttpSecurity.authorizeExchange(exchange -> exchange
.pathMatchers("/v3/api-docs/**",
"/employee/v3/api-docs/**",
"/department/v3/api-docs/**",
"/organization/v3/api-docs/**",
"/webjars/swagger-ui/**",
"/swagger-ui/**", "/swagger-ui.html").permitAll()
.anyExchange().authenticated())
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt);
serverHttpSecurity.csrf().disable();
serverHttpSecurity.formLogin().disable();
serverHttpSecurity.httpBasic().disable();
return serverHttpSecurity.build();
}
}
Rate limiting config -->
@Configuration
public class RateLimitingConfig {
/*
* NOTE: this stops all unauthenticated access :(
* need a way to allow public permitted urls from this. but how!
*/
@Bean
KeyResolver userKeyResolver() {
return exchange -> ReactiveSecurityContextHolder.getContext()
.map(ctx -> ctx.getAuthentication().getPrincipal().toString());
}
}
microservice security config -->
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//NOTE: this is to configure authorization
http.authorizeRequests(authorize -> authorize
.antMatchers("/v3/api-docs/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
http.csrf().disable();
http.formLogin().disable();
http.httpBasic().disable();
}
}
the rate limiting is working properly for authenticated user but my permit all methods are not permitted by the gateway anymore.
how can i enforce rate limiting for private urls and also expose public urls to unauthenticated users?
here is the full code base -
https://github.com/tareqmy/springcloudexamples
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论