Modify request header in zuul filter

httprequest netflix-zuul spring-cloud-netflix

10,848

if you are asking about how to add headers to Zuul request, your code is correct but you should verify the Filter type (Pre, Route, Post, ...) and the ORDER of your filter.

Check this thread : Adding Headers to Zuul when re-directing

And maybe this can helps too : How to select route based on header in Zuul

If you need to pass authorization through Zuul to backend service, you can check sensitiveHeaders property. Something like :

zuul.routes.YOURSERVICE.sensitiveHeaders=Cookie,Set-Cookie

10,848

Author by

user09

Updated on June 06, 2022

Comments

user09 about 2 years

I have a backend service which accepts Authorization header to validate access. I created a Gateway service with Spring cloud zuul and routed requests to backend service.

Gateway service itself is protected with OAuth2 and accepts a Authorization header to validate access. Now once the request authorizes to gateway service, Gateway service act as a client to send an updated Access token in the header by using it's clientid,secret and backend service resource ID. As it has to send Authorization header, I was trying to update the Authorization header in the request but it is taking for below two ways.

ctx = RequestContext.getCurrentContext();
ctx.addZuulRequestHeader("Authorization", accessToken);

With the above code it is adding Authorization header but it is adding it to zuul headers which the backend service is not identiyfying.

I have created a wrapper to modify the request object but it is not working

public class RequestWrapper extends HttpServletRequestWrapper
{
    private final Map<String, String[]> modifiableParameters;
    private Map<String, String[]> allParameters = null;

    public RequestWrapper(final HttpServletRequest request, 
                                                    final Map<String, String[]> additionalParams)
    {
        super(request);
        modifiableParameters = new TreeMap<String, String[]>();
        modifiableParameters.putAll(additionalParams);
    }

    @Override
    public String getParameter(final String name)
    {
        String[] strings = getParameterMap().get(name);
        if (strings != null)
        {
            return strings[0];
        }
        return super.getParameter(name);
    }

    @Override
    public Map<String, String[]> getParameterMap()
    {
        if (allParameters == null)
        {
            allParameters = new TreeMap<String, String[]>();
            allParameters.putAll(super.getParameterMap());
            allParameters.putAll(modifiableParameters);
        }

        return Collections.unmodifiableMap(allParameters);
    }

    @Override
    public Enumeration<String> getParameterNames()
    {
        return Collections.enumeration(getParameterMap().keySet());
    }

    @Override
    public String[] getParameterValues(final String name)
    {
        return getParameterMap().get(name);
    }
}

Above wrapper is found from http://www.ocpsoft.org/opensource/how-to-safely-add-modify-servlet-request-parameter-values/ and called it in the zuul filter

    authToken = getAuthToken();     
    String accessToken = "Bearer " + authToken;
    Map<String,String[]> additionalParams = new HashMap<>();

    additionalParams.put("Authorization", new String[] {accessToken});     
   ctx.setRequest(new RequestWrapper(request, additionalParams));

What am I doing wrong or any other way of modifying request header?