eureka server 开启 spring security 安全认证

之前就搭建过spring cloud 框架:SpringBoot + SpringCloud Feign 多模块 框架搭建案例 ,上一篇文章又解决了微服务集群的安全验证:spring cloud oauth2 微服务 统一认证授权 框架搭建 。不仅解决了,调用微服务的接口需要token,而且解决了 两个微服务直接feign调接口不需要人为验证,实现真正安全无感开发。

但我还是觉得不够,因为 eureka server 并没有安全保护,可以直接访问注册中心地址http://127.0.0.1:8000/eureka/,而不需要任何验证。这个解决也很简单。

1.eureka-server 注册中心 配置

1.1 pom (添加spring-boot-starter-security)


    <dependencies>
	    <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

    </dependencies>



    <repositories>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
        </repository>
    </repositories>

 

1.2 application.properties 配置密码

配置密码后,eureka.client.service-url.defaultZone路径也要加上用户密码

server.port=8000

spring.application.name=eureka-server

eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false

spring.security.user.name=admin
spring.security.user.password=123456

eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/

 

1.3 EnableWebSecurity 禁用 csrf

添加一个配置类 WebSecurityConfigurer 继承 WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic().and().csrf().disable();
    }

}

 

1.4 启动注册中心测试

启动后访问注册中心需要密码

输入上面配置的密码 就可以访问到了

注册中心现在要密码才能访问了,那么 其他服务 按照之前的方式是注册不进来的,下面看 其他微服务的配置

 

2.客户端微服务配置

只需要把 service-url 修改成带用户名密码的链接就可以了

eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/

详细配置:

application.properties

spring.application.name=service-other
server.port=8100

eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/

pom

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
		<dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-openfeign</artifactId>
        </dependency>
		<dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>
	<dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Hoxton.RC1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>

        </dependencies>
    </dependencyManagement>


    <repositories>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
        </repository>
    </repositories>

启动类

@SpringBootApplication
@EnableEurekaClient
public class ServiceAuthApplication {

    public static void main(String[] args) {
        SpringApplication.run(ServiceAuthApplication.class, args);
    }

}

 

完毕!

其实很简单,关键是配置eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/,和禁用 csrf。

 

登录后即可回复 登录 | 注册
    
关注编程学问公众号