之前就搭建过spring cloud 框架:SpringBoot + SpringCloud Feign 多模块 框架搭建案例 ,上一篇文章又解决了微服务集群的安全验证:spring cloud oauth2 微服务 统一认证授权 框架搭建 。不仅解决了,调用微服务的接口需要token,而且解决了 两个微服务直接feign调接口不需要人为验证,实现真正安全无感开发。
但我还是觉得不够,因为 eureka server 并没有安全保护,可以直接访问注册中心地址http://127.0.0.1:8000/eureka/,而不需要任何验证。这个解决也很简单。
1.eureka-server 注册中心 配置
1.1 pom (添加spring-boot-starter-security)
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
1.2 application.properties 配置密码
配置密码后,eureka.client.service-url.defaultZone路径也要加上用户密码
server.port=8000
spring.application.name=eureka-server
eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
spring.security.user.name=admin
spring.security.user.password=123456
eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/
1.3 EnableWebSecurity 禁用 csrf
添加一个配置类 WebSecurityConfigurer 继承 WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().httpBasic().and().csrf().disable();
}
}
1.4 启动注册中心测试
启动后访问注册中心需要密码
输入上面配置的密码 就可以访问到了
注册中心现在要密码才能访问了,那么 其他服务 按照之前的方式是注册不进来的,下面看 其他微服务的配置
2.客户端微服务配置
只需要把 service-url 修改成带用户名密码的链接就可以了
eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/
详细配置:
application.properties
spring.application.name=service-other
server.port=8100
eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/
pom
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.RC1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
启动类
@SpringBootApplication
@EnableEurekaClient
public class ServiceAuthApplication {
public static void main(String[] args) {
SpringApplication.run(ServiceAuthApplication.class, args);
}
}
完毕!
其实很简单,关键是配置eureka.client.service-url.defaultZone=http://admin:123456@127.0.0.1:8000/eureka/,和禁用 csrf。
