In switching from Spring Cloud
Brixton.M5
Brixton.RC1
Authorization
Authorization: Bearer {JWT}
@EnableOAuth2SSO
@EnableZuulProxy
@EnableAuthorizationServer
@EnableResourceServer
Update: Fixed in https://github.com/spring-cloud/spring-cloud-netflix/pull/963/files
Sensitive headers can also be set globally setting
zuul.sensitiveHeaders
. IfsensitiveHeaders
is set on a route, this will override the globalsensitiveHeaders
setting.
So use:
# Pass Authorization header downstream
zuul:
sensitive-headers: Cookie,Set-Cookie
So pending a fix for https://github.com/spring-cloud/spring-cloud-netflix/issues/944, jebeaudet was kind enough to provide a workaround:
@Component
public class RelayTokenFilter extends ZuulFilter {
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
// Alter ignored headers as per: https://gitter.im/spring-cloud/spring-cloud?at=56fea31f11ea211749c3ed22
Set<String> headers = (Set<String>) ctx.get("ignoredHeaders");
// We need our JWT tokens relayed to resource servers
headers.remove("authorization");
return null;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 10000;
}
}