Zuul proxy oAuth2 Unauthorized in Spring Boot

Question

I have a microservice that is protected using oAuth2 called country-service. When I directly send a request to this service including my JWT bearer token everything works:

server:
  port: 8081

spring:
  database:
    driverClassName: org.postgresql.Driver
  datasource:
    url: jdbc:postgresql://localhost:5432/vue-boot-country
    username: postgres
    password: postgres
  jpa:
    hibernate:
      ddl-auto: validate
    database-platform: org.hibernate.dialect.PostgreSQLDialect

eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/

I also have an api-gateway (Zuul proxy):

@SpringBootApplication
@EnableEurekaClient
@EnableZuulProxy
public class VueBootApiGatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(VueBootApiGatewayApplication.class, args);
    }
}

No other files than these two

server:
  port: 8765

eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/

zuul:
  routes:
    vue-boot-country-service: /api/country/**
  add-proxy-headers: true

I am unable to send successful request to the proxy, I keep getting an "Unauthorized" error:

NOTE: When I remove the oAuth2 security from the resource server the Zuul proxy seems to work.

Does someone know what I am doing wrong here?

Answer 1

This has to do with zuuls so called "sensitive" headers, like "Authorization". These are filtered for all request passed to the inside...

I don't know, if setting up headers is already working just with this configuration:

zuul:
  ignoredHeaders:
    - authorization

if not, you can define a Zuul filter bean to manage this manually:

@Component
public class RelayTokenFilter extends ZuulFilter{
    @Override
    public String filterType() {
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 10000;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() {
        RequestContext context = RequestContext.getCurrentContext();

        @SuppressWarnings("unchecked") Set<String> ignoredHeaders = (Set<String>) context.get("ignoredHeaders");
        ignoredHeaders.remove("authorization");

        return null;
    }
}

Answer 2

I had the same sort of problem. where the token doesn't pass to the microservice through Zuul. So I added

zuul: sensitiveHeaders: Cookie,Set-Cookie

hope it may found useful to someone