I'm trying to understand spring gateway. I found your demos at spring.io/blog and I should say they are pretty good. But this last about securing services with oauth2 got me confused.
I have worked in your project the last few days, changing things a bit to understand how all this works together. My first intention was to add a new /resource2 method to secured-service controller and then modify SecurityConfig to avoid asking for credentials when requesting this new path. But no mather how I configured its SecurityWebFilterChain, I could not do it.
Later I found that if I remove all the security components from secured-service, it keeps working normally. Sure you can't have jwt in the controller, but the uaa is called and you can access /resource the same way.
I'm still trying to figure out how to properly set which services need oauth2 and which don't. After looking at some other sources about this very aspect of gateways and oauth I'm still confused. It probably needs to be declared in gateway but I'm not sure how.
I'm trying to understand spring gateway. I found your demos at spring.io/blog and I should say they are pretty good. But this last about securing services with oauth2 got me confused.
I have worked in your project the last few days, changing things a bit to understand how all this works together. My first intention was to add a new
/resource2method to secured-service controller and then modifySecurityConfigto avoid asking for credentials when requesting this new path. But no mather how I configured itsSecurityWebFilterChain, I could not do it.Later I found that if I remove all the security components from
secured-service, it keeps working normally. Sure you can't have jwt in the controller, but the uaa is called and you can access/resourcethe same way.I'm still trying to figure out how to properly set which services need oauth2 and which don't. After looking at some other sources about this very aspect of gateways and oauth I'm still confused. It probably needs to be declared in gateway but I'm not sure how.
Thanks for your demos.