microservices - jhipster 注册中心/控制中心向网关应用程序发送管理请求导致 401 未授权

Question

我正在使用 jhipster registry 7.0 和 jhipster control center 0.5.0。当我尝试从网关应用程序加载指标时，它返回 401 错误

{
  "type" : "https://www.jhipster.tech/problem/problem-with-message",
  "title" : "Unauthorized",
  "status" : 401,
  "detail" : "Not Authenticated",
  "path" : "/gateway/gateway/gateway:6e8d8c54b762e50205faa6dca02213ca/management/threaddump/",
  "message" : "error.http.401"
}

标题：

Request URL: http://localhost:7419/gateway/gateway/gateway:6e8d8c54b762e50205faa6dca02213ca/management/threaddump/
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: [::1]:7419
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
content-length: 278
Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com data:
Content-Type: application/problem+json
Expires: 0
Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1 ; mode=block
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6
Connection: keep-alive
Cookie: _ga=GA1.1.1680963143.1631567542; XSRF-TOKEN=c7425837-cc9c-4519-bd39-6584b780bfbc; JSESSIONID_REGISTRY=x23a17ZO6a3vskPnrQZhbPefUa4_1rbqY5HQurA7
Host: localhost:7419
Referer: http://localhost:7419/applications/metric
sec-ch-ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
X-XSRF-TOKEN: c7425837-cc9c-4519-bd39-6584b780bfbc

但是当我尝试从其他微服务中检索指标时，它使用 http 200。

Request URL: http://localhost:7419/gateway/store/store:587204be75fccf5e675e1ad6e8c28786/management/threaddump/
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:7419
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Content-Type: application/json
Date: Sat, 13 Nov 2021 01:06:01 GMT
Expires: 0
Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6
Connection: keep-alive
Cookie: _ga=GA1.1.1680963143.1631567542; XSRF-TOKEN=c7425837-cc9c-4519-bd39-6584b780bfbc; JSESSIONID_REGISTRY=x23a17ZO6a3vskPnrQZhbPefUa4_1rbqY5HQurA7; SESSION=814ef679-7514-42df-8693-a3f35daa6317
Host: localhost:7419
Referer: http://localhost:7419/applications/metric
sec-ch-ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
X-XSRF-TOKEN: c7425837-cc9c-4519-bd39-6584b780bfbc

我可以告诉这两个请求之间的唯一区别是 Cookie 字段的会话：

Failed: Cookie: _ga=GA1.1.1680963143.1631567542; XSRF-TOKEN=c7425837-cc9c-4519-bd39-6584b780bfbc; JSESSIONID_REGISTRY=x23a17ZO6a3vskPnrQZhbPefUa4_1rbqY5HQurA7

Succeed: Cookie: _ga=GA1.1.1680963143.1631567542; XSRF-TOKEN=c7425837-cc9c-4519-bd39-6584b780bfbc; JSESSIONID_REGISTRY=x23a17ZO6a3vskPnrQZhbPefUa4_1rbqY5HQurA7; SESSION=814ef679-7514-42df-8693-a3f35daa6317

有人能指出解决这个问题的好方法吗？

顺便说一句，我正在将 docker 用于 jhipster 注册表和控制中心。使用 localhost 进行网关和微服务的开发和调试