一、问题描述:
0,前提,spring boot的2.1.3.RELEASE版本。
1,在服务端配置了如下用户名和密码
spring.security.user.name=user001
spring.security.user.password=pwd001
当然,也添加了依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2,按以往,在Eureka客户端配置
eureka.client.service-url.defaultZone=http://user001:pwd001@localhost:8761/eureka/
这种带账号密码的形式就可以正常连接Eureka服务端了,
但是,在spring boot的2.1.3.RELEASE版本是有问题的。
这个问题在于Eureka服务端的配置
二、解决方法:
【再次强调,不要忘记上面说的添加依赖和配置用户名密码】
在Eureka服务端的启动类里面添加:
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
完整举例如下:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
@EnableEurekaServer
@SpringBootApplication
public class EmEurekaServerApplication {
public static void main(String[] args) {
SpringApplication.run(EmEurekaServerApplication.class, args);
}
@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//Howard 2019-03-20,错误的做法:
//http.csrf().disable();//这样会直接取消验证账号密码了
//Howard 2019-03-20,注意 正确的做法是这样:
http.csrf().disable().authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
}
三、具体原因和解决方法出处,请参考这里:https://github.com/yinjihuan/spring-cloud/issues/1
感谢github用户