I have a Netflix Zuul server receiving all HTTP requests and forwarding them to my microservice.
The underlying microservice authenticates users through Facebook oauth API. I receive the user data from Facebook API and I authenticate the user programmatically:
public Authentication login(String username, String password) {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
Authentication result = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(result);
return result;
}
With Zuul in front this doesn't work. I think it sets up the session in the microservice environment, but never extends it to Zuul. It works fine when requests go straight to microservice.
What I've done:
I cleared the sensitiveHeaders property in my application.properties:
zuul.routes.[SERVICE_NAME].sensitiveHeaders=, but it's meant to work the other way around I think.
How do I setup a session with Zuul?
Edit:
My Zuul configuration:
# Zuul proxy
zuul.add-host-header=true
zuul.routes.httpbin.path=/**
zuul.routes.httpbin.serviceId=httpbin
zuul.routes.httbin.sensitiveHeaders=
httpbin.ribbon.listOfServers=http://localhost:8090
ribbon.eureka.enabled=false