Zuul reverse proxy with Keycloak server
Recently I've had the same problem. I've solved it by:
Add to application.properties in Zuul
zuul.sensitive-headers=Cookie,Set-Cookie
Introduce KeycloakFilterRoute in Zuul
class KeycloakFilterRoute extends ZuulFilter { private static final String AUTHORIZATION_HEADER = "authorization"; @Override public String filterType() { return "route"; } @Override public int filterOrder() { return 0; } @Override public boolean shouldFilter() { return true; } @Override public Object run() { RequestContext ctx = RequestContext.getCurrentContext(); if (ctx.getRequest().getHeader(AUTHORIZATION_HEADER) == null) { addKeycloakTokenToHeader(ctx); } return null; } private void addKeycloakTokenToHeader(RequestContext ctx) { RefreshableKeycloakSecurityContext securityContext = getRefreshableKeycloakSecurityContext(ctx); if (securityContext != null) { ctx.addZuulRequestHeader(AUTHORIZATION_HEADER, buildBearerToken(securityContext)); } } private RefreshableKeycloakSecurityContext getRefreshableKeycloakSecurityContext(RequestContext ctx) { if (ctx.getRequest().getUserPrincipal() instanceof KeycloakAuthenticationToken) { KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) ctx.getRequest().getUserPrincipal(); return (RefreshableKeycloakSecurityContext) token.getCredentials(); } return null; } private String buildBearerToken(RefreshableKeycloakSecurityContext securityContext) { return "Bearer " + securityContext.getTokenString(); }
}