搭建好了spring-cloud整套服务后,开始优化时发现,需要在访问服务发现中心时添加登录功能,以保障安全,于是参考了spring-cloud官网的配置方法,配置后果然需要通过登录才可以访问注册中心,但是此时所有的微服务都无法注册到注册中心上,尝试各种方式去配置就是不行,最后发现问题出在了版本上,网上搜到的以及spring官网提供的文档并没有提及到security在新版本中添加了csrf过滤,csrf将微服务的注册也给过滤了,所以在微服务客户端注册启动时控制台报错:
Cannot execute request on any known server
此时只需要在eureka发现中心手动关闭csrf即可正常完成服务注册,且不影响登录注册中心.
package com.bootdo.clouddoserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();//关闭csrf
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
}
最后说一下,我用的spring-boot版本是:
2.0.4.RELEASE
spring-cloud版本是:
Finchley.SR1
以下记录一下能够入坑的正确配置配置步骤:
- pom文件中引入
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
- idea 刷新pom依赖包,如果maven仓库(本地或远程)没有此jar包,请自行clean
- 项目application.yml添加
server:
port: 8001
spring:
security:
basic:
enabled: true
user:
name: user
password: password123
eureka:
instance:
hostname: localhost
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: http://user:password123@${eureka.instance.hostname}:${server.port}/eureka/
- 重点来了,继承WebSecurityConfigurerAdapter ,并且关闭csrf,否则客户端注册会报错
Cannot execute request on any known server
package com.bootdo.clouddoserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();//关闭csrf
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
}
修改客户端: application.yml,里面的defaultZone的地址:
eureka:
client:
serviceUrl:
defaultZone: http://user:password123@localhost:8001/eureka/
server:
port: 8002
spring:
application:
name: zuul
servlet:
multipart:
max-file-size: 100Mb
max-request-size: 100Mb
ribbon:
ReadTimeout: 60000
ConnectTimeout: 60000
security:
oauth2:
client:
access-token-uri: http://localhost:8005/oauth/token
user-authorization-uri: http://localhost:8005/oauth/authorize
client-id: app
resource:
user-info-uri: http://localhost:8005/user
prefer-token-info: false
搞定!!!!,如果想要关闭身份认证,则优雅的在启动类加上
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
package com.bootdo.clouddoserver;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
@EnableEurekaServer
@SpringBootApplication
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
public class ClouddoServerApplication {
public static void main(String[] args) {
SpringApplication.run(ClouddoServerApplication.class, args);
}
}