spring-security spring-cloud netflix-zuul

Basic Authentication service called By Zuul

I'm Zuul as edge server. so all request pass by this edge server. I have a micro-service A. all web services of A are protected by Basic Authentication. How can we call the services of A b passing by Zuul proxy? Should I add header for messages?

Solution

Ideally the requester would have the token in the request.
If you want to have Zuul add the authentication token then you can create a ZuulFilter and use:

context.addZuulRequestHeader("Authorization", "base64encodedTokenHere");

Doing this would give open access to the services - which may not be wise.

Request Matcher not working to permit allowed path
Spring Security 6 - how to handle InvalidBearerTokenExeption
problems with custom authentication provider in spring boot 3.3.0
Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
Add JSF Message From Spring Bean
Handling Internal Server Error When OAuth Issuer Is Not Available in WebFluxSecurity
How to remove usage of http.apply(new OAuth2AuthorizationServerConfigurer())?
With deprecation of the `SecurityContextRepository.loadContext(HttpRequestResponseHolder)` method, how do we add `Set-Cookie` to the response?
Spring Boot + Security + Thymeleaf and CSRF token not injected automatically
Using two or more SecurityFilterChains with Spring Security 6 does not work properly, only one chain is invoked
CSRF token requirement if implemented JWT
Spring Security - Multiple OAuth2 Identity providers (github and google) work with only one Bean with @Prirmary?
bean of type 'org.springframework.security.crypto.password.PasswordEncoder' that could not be found
Spring SecurityContext not available when using parallelStream
Disabling Basic Auth in Spring Boot 3
Implement Spring Security with multiple overlapping AuthenticationProvider
SpringSecurity CSRF protection
ProviderSettings class not found it says Cannot resolve symbol ProviderSettings
Why is CSRF protection needed for connecting to websockets if Spring Security implements Same Origin Policy at server level?
How can I verify a claim from my JWT token with reactive spring security?
Spring Boot auto login Bad Credentials
How to bypass keycloak login page and provide client suggested idp with spring security
How to configure Spring Security to allow GET method for everyone and restrict other methods to specific roles without much boilerplate?
Migrate org.springframework.security.jwt.Jwt
Spring Security + Keycloak (with self signed certs) - How do you disable hostname verification?
Security config error while upgrading version of spring boot application from 2.x.x to 3.3.0
Access denied even with the AnonymousAuthenticationFilter
permit for mvc controller in spring security
Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
Spring security 6 - authorization not working