search

colinin / abp-next-admin

这是基于vue-vben-admin 模板适用于abp Vnext的前端管理项目
MIT License
830 stars 259 forks source link

internal-gateway处理授权异常,把需要用户授权的接口都以不需要授权方式进行请求转发,导致下游返回401 #967

Closed ksdaylight closed 3 months ago

ksdaylight commented 3 months ago

一个日志示例:

2024-06-06 11:15:43 [DBG] [Ocelot.Errors.Middleware.ExceptionHandlerMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: ocelot pipeline started
2024-06-06 11:15:43 [DBG] [Ocelot.DownstreamRouteFinder.Middleware.DownstreamRouteFinderMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: Upstream url path is /api/saas/editions
2024-06-06 11:15:43 [DBG] [Ocelot.DownstreamRouteFinder.Middleware.DownstreamRouteFinderMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: downstream templates are /api/saas/{everything}
2024-06-06 11:15:43 [INF] [Ocelot.Authentication.Middleware.AuthenticationMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: No authentication needed for /api/saas/editions
2024-06-06 11:15:43 [INF] [Ocelot.Authorization.Middleware.AuthorizationMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: /api/saas/{everything} route does not require user to be authorized
2024-06-06 11:15:43 [DBG] [Ocelot.DownstreamUrlCreator.Middleware.DownstreamUrlCreatorMiddleware] [63740] [54] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: Downstream url is http://127.0.0.1:30010/api/saas/editions?SkipCount=0&MaxResultCount=10&_t=1717643689846
2024-06-06 11:15:43 [WRN] [Ocelot.Requester.Middleware.HttpRequesterMiddleware] [63740] [64] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: 401 (Unauthorized) status code, request uri: http://127.0.0.1:30010/api/saas/editions?SkipCount=0&MaxResultCount=10&_t=1717643689846
2024-06-06 11:15:43 [DBG] [Ocelot.Requester.Middleware.HttpRequesterMiddleware] [63740] [64] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: setting http response message
2024-06-06 11:15:43 [DBG] [Ocelot.Responder.Middleware.ResponderMiddleware] [63740] [64] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: no pipeline errors, setting and returning completed response
2024-06-06 11:15:43 [DBG] [Ocelot.Errors.Middleware.ExceptionHandlerMiddleware] [63740] [64] - requestId: 0HN45OU2MVPL0:00000001, previousRequestId: no previous request id, message: ocelot pipeline finished

我登录默认用户admin,点击一些菜单,发出请求后直接返回401,导致强制登出。 我找了找原因,发现如标题所说的情况

colinin commented 3 months ago

并不是网关问题,而是你下游服务的AuthServer配置项的问题,网关会完全转发所有Http请求头