SpringCloud 注册中心Eureka在实际使用中,经常会发生开发环境的服务注册到测试环境或生产环境的注册中心上去。对测试环境和生产环境造成非常大的影响,故需要限制非法IP的服务注册到注册中心。
本设置SpringBoot 版本为 :2.1.11.RELEASE,SpringCloud版本为:Greenwich.SR4
添加如下配置信息:
一、自定义CustomInstanceRegistry
package com.jc.eureka.config;
import java.util.List;
import com.netflix.eureka.lease.Lease;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.cloud.netflix.eureka.server.event.EurekaInstanceCanceledEvent;
import org.springframework.cloud.netflix.eureka.server.event.EurekaInstanceRegisteredEvent;
import org.springframework.cloud.netflix.eureka.server.event.EurekaInstanceRenewedEvent;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import com.netflix.appinfo.ApplicationInfoManager;
import com.netflix.appinfo.InstanceInfo;
import com.netflix.discovery.EurekaClient;
import com.netflix.discovery.EurekaClientConfig;
import com.netflix.discovery.shared.Application;
import com.netflix.eureka.EurekaServerConfig;
import com.netflix.eureka.registry.PeerAwareInstanceRegistryImpl;
import com.netflix.eureka.resources.ServerCodecs;
import org.springframework.context.ApplicationEvent;
/**
* author:
* description: 覆盖InstanceRegistryBean,
* 设置只允许哪些IP地址注册到Eureka服务里面来
* @return
*/
public class CustomInstanceRegistry extends PeerAwareInstanceRegistryImpl
implements ApplicationContextAware {
private ApplicationContext ctxt;
private int defaultOpenForTrafficCount;
private List<String> allowedRegisteredIpAddress;
Logger log = LoggerFactory.getLogger(CustomInstanceRegistry.class);
public CustomInstanceRegistry(EurekaServerConfig serverConfig,
EurekaClientConfig clientConfig, ServerCodecs serverCodecs,
EurekaClient eurekaClient, int expectedNumberOfRenewsPerMin,
int defaultOpenForTrafficCount,
List<String> allowedRegisteredIpAddress) {
super(serverConfig, clientConfig, serverCodecs, eurekaClient);
//this.expectedNumberOfRenewsPerMin = expectedNumberOfRenewsPerMin;
this.defaultOpenForTrafficCount = defaultOpenForTrafficCount;
this.allowedRegisteredIpAddress = allowedRegisteredIpAddress;
}
@Override
public void setApplicationContext(ApplicationContext context) throws BeansException {
this.ctxt = context;
}
@Override
public void openForTraffic(ApplicationInfoManager applicationInfoManager, int count) {
super.openForTraffic(applicationInfoManager,
count == 0 ? this.defaultOpenForTrafficCount : count);
}
@Override
public void register(InstanceInfo info, int leaseDuration, boolean isReplication) {
handleRegistration(info, leaseDuration, isReplication);
//不允许注册的IP地址
if (!CollectionUtils.isEmpty(allowedRegisteredIpAddress) &&
!allowedRegisteredIpAddress.contains(info.getIPAddr())) {
log.warn("IP 地址被禁止注册到Eureka实例中:{}", info.getIPAddr());
return;
}
super.register(info, leaseDuration, isReplication);
}
@Override
public void register(final InstanceInfo info, final boolean isReplication) {
handleRegistration(info, resolveInstanceLeaseDuration(info), isReplication);
//不允许注册的IP地址
if (!CollectionUtils.isEmpty(allowedRegisteredIpAddress) &&
!allowedRegisteredIpAddress.contains(info.getIPAddr())) {
log.warn("IP 地址被禁止注册到Eureka实例中:{}", info.getIPAddr());
return;
}
super.register(info, isReplication);
}
@Override
public boolean cancel(String appName, String serverId, boolean isReplication) {
handleCancelation(appName, serverId, isReplication);
return super.cancel(appName, serverId, isReplication);
}
@Override
public boolean renew(final String appName, final String serverId,
boolean isReplication) {
log("renew " + appName + " serverId " + serverId + ", isReplication {}"
+ isReplication);
List<Application> applications = getSortedApplications();
for (Application input : applications) {
if (input.getName().equals(appName)) {
InstanceInfo instance = null;
for (InstanceInfo info : input.getInstances()) {
if (info.getId().equals(serverId)) {
instance = info;
break;
}
}
publishEvent(new EurekaInstanceRenewedEvent(this, appName, serverId,
instance, isReplication));
break;
}
}
return super.renew(appName, serverId, isReplication);
}
@Override
protected boolean internalCancel(String appName, String id, boolean isReplication) {
handleCancelation(appName, id, isReplication);
return super.internalCancel(appName, id, isReplication);
}
private void handleCancelation(String appName, String id, boolean isReplication) {
log("cancel " + appName + ", serverId " + id + ", isReplication " + isReplication);
publishEvent(new EurekaInstanceCanceledEvent(this, appName, id, isReplication));
}
private void handleRegistration(InstanceInfo info, int leaseDuration,
boolean isReplication) {
log("register " + info.getAppName() + ", vip " + info.getVIPAddress()
+ ", leaseDuration " + leaseDuration + ", isReplication "
+ isReplication);
publishEvent(new EurekaInstanceRegisteredEvent(this, info, leaseDuration,
isReplication));
}
private void log(String message) {
if (log.isDebugEnabled()) {
log.debug(message);
}
}
private void publishEvent(ApplicationEvent applicationEvent) {
this.ctxt.publishEvent(applicationEvent);
}
private int resolveInstanceLeaseDuration(final InstanceInfo info) {
int leaseDuration = Lease.DEFAULT_DURATION_IN_SECS;
if (info.getLeaseInfo() != null && info.getLeaseInfo().getDurationInSecs() > 0) {
leaseDuration = info.getLeaseInfo().getDurationInSecs();
}
return leaseDuration;
}
}
二、配置 RegisterConfig
package com.jc.eureka.config;
import com.netflix.discovery.EurekaClient;
import com.netflix.discovery.EurekaClientConfig;
import com.netflix.eureka.EurekaServerConfig;
import com.netflix.eureka.registry.PeerAwareInstanceRegistry;
import com.netflix.eureka.resources.ServerCodecs;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import java.util.Arrays;
@Configuration
public class RegisterConfig {
@Autowired
private EurekaServerConfig eurekaServerConfig;
@Autowired
private EurekaClientConfig eurekaClientConfig;
@Autowired
@Qualifier(value = "eurekaClient")
private EurekaClient eurekaClient;
@Value("${eureka.server.expectedNumberOfRenewsPerMin:1}")
private int expectedNumberOfRenewsPerMin;
@Value("${eureka.server.defaultOpenForTrafficCount:1}")
private int defaultOpenForTrafficCount;
@Value("${eureka.server.allowed.address:''}")
private String[] allowedAddress;
@Primary
@Bean(name = "mypeerAwareInstanceRegistry")
public PeerAwareInstanceRegistry peerAwareInstanceRegistry(
ServerCodecs serverCodecs) {
this.eurekaClient.getApplications();
return new CustomInstanceRegistry(
this.eurekaServerConfig,
this.eurekaClientConfig,
serverCodecs,
this.eurekaClient,
this.expectedNumberOfRenewsPerMin,
this.defaultOpenForTrafficCount,
Arrays.asList(allowedAddress)
);
}
}
三、配置properties 文件
#允许注册服务的IP白名单127.0.0.1,127.0.0.2,127.0.0.3
eureka.server.allowed.address=127.0.0.1,127.0.0.2,127.0.0.3
四、参考:
https://www.cnblogs.com/java-spring/p/13168872.html
https://www.jianshu.com/p/c9a8775d07fb