I'm Zuul as edge server. so all request pass by this edge server. I have a micro-service A. all web services of A are protected by Basic Authentication. How can we call the services of A b passing by Zuul proxy? Should I add header for messages?

Ideally the requester would have the token in the request.
If you want to have Zuul add the authentication token then you can create a ZuulFilter and use:

context.addZuulRequestHeader("Authorization", "base64encodedTokenHere");

Doing this would give open access to the services - which may not be wise.

This is my Zuul filter:

public class BasicAuthorizationHeaderFilter extends ZuulFilter {


@Override
public String filterType() {
    return "pre";
}

@Override
public int filterOrder() {
    return 10;
}

@Override
public boolean shouldFilter() {
    return true;
}

@Override
public Object run() {

    RequestContext ctx = RequestContext.getCurrentContext();
    ctx.getRequest().getRequestURL();
    ctx.addZuulRequestHeader("Authorization", "Basic " + Utils.getBase64Credentials("user", "Token"));
    return null;
}

}

Ideally the requester would have the token in the request.
If you want to have Zuul add the authentication token then you can create a ZuulFilter and use:

context.addZuulRequestHeader("Authorization", "base64encodedTokenHere");

Doing this would give open access to the services - which may not be wise.

@Component
public class PreFilter extends ZuulFilter {
private static final Logger LOG = LoggerFactory.getLogger(PreFilter.class);

@Override
public String filterType() {
    return "pre";
}

@Override
public int filterOrder() {
    return 1;
}

@Override
public boolean shouldFilter() {
    return true;
}

@Override
public Object run() {
    RequestContext ctx = RequestContext.getCurrentContext();
    HttpServletRequest request = ctx.getRequest();
    ctx.addZuulRequestHeader("Authorization", request.getHeader("Authorization"));

    LOG.info("Parametres : {}", request.getParameterMap()
            .entrySet()
            .stream()
            .map(e -> e.getKey() + "=" + Stream.of(e.getValue()).collect(Collectors.toList()))
            .collect(Collectors.toList()));
    LOG.info("Headers : {}", "Authorization" + "=" + request.getHeader("Authorization"));
    LOG.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
    return null;
    }
}

You can call (through Zuul) your service A like this :

https://login:[email protected]/serviceA

but firslty allow AUTHORIZATION header through Zuul for this specific service (route) with the property sensitiveHeaders in your properties file :

zuul.routes.serviceA.sensitiveHeaders=Cookie,Set-Cookie

or let it empty if you want to pass the Cookie headers too.

Here more informations about headers through Zuul

Use zuul's sensitive header property with the blank value,

zuul.sensitiveHeaders=

Above property will do the trick but if you want to have filters for Cookie headers you can use that property with values,

zuul.sensitiveHeaders=Cookie,Set-Cookie

This change is little tricky.

@Override
public int filterOrder() {
    return 1; // change the return value to more than 5 the above code will work.
}

try with the final code below:

@Component
public class PreFilter extends ZuulFilter {
    private static final Logger LOG = LoggerFactory.getLogger(PreFilter.class);

    @Override
    public String filterType() {
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 10;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();
        ctx.addZuulRequestHeader("Authorization", request.getHeader("Authorization"));
        return null;
    }
}