isSkip() method in AuthFilter.java, url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT)) is equal to url.replace("/**", ""), which is to remove /** in defaultSkipUrl then determines whether the path contains one of the URLs.
Note that contains is used, that is, path::contains, which means that as long as the incoming path contains the URL in /token or defaultSkipUrl, authorization can be bypassed.
You can use the URL parsing feature to add ;%2ftoken after the request to be considered that the Url contains the /token, and the route can be correctly resolved by the gateway, resulting in unauthorized access.
The origin without Blade-Auth is blocked.
http://localhost/blade-gateway/discovery/instances
Add %2ftoken to the end of the URL to bypass authorization.
http://localhost/blade-gateway/discovery/instances;%2ftoken
src/main/java/org/springblade/gateway/filter/AuthFilter.java
isSkip()method inAuthFilter.java,url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT))is equal tourl.replace("/**", ""), which is to remove/**indefaultSkipUrlthen determines whether the path contains one of the URLs.Note that contains is used, that is,
path::contains, which means that as long as the incoming path contains the URL in/tokenordefaultSkipUrl, authorization can be bypassed.You can use the URL parsing feature to add
;%2ftokenafter the request to be considered that the Url contains the/token, and the route can be correctly resolved by the gateway, resulting in unauthorized access.The origin without Blade-Auth is blocked.
http://localhost/blade-gateway/discovery/instancesAdd
%2ftokento the end of the URL to bypass authorization.http://localhost/blade-gateway/discovery/instances;%2ftoken