使用Nginx和Spring Gateway为SkyWalking的增加登录认证功能


SkyWalking的可视化后台是没有用户认证功能的,默认下所有知道地址的用户都能访问,官网是建议通过网关增加认证。
本文介绍通过Nginx和Spring Gateway两种方式

1、使用Nginx增加认证。

生成密钥

yum install -y httpd-tools
htpasswd -cb nginx/htpasswd skywalking rtgdbhyffddu#

配置nginx

worker_processes 1;
error_log stderr notice;
events {
    worker_connections 1024;
}
http {
    variables_hash_max_size 1024;
    access_log off;
    #ireal_ip_header X-Real-IP;
    charset utf-8;
    server {
        listen 8081;
        #auth_basic "Please enter the user name and password"; #这里是验证时的提示信息
        #auth_basic_user_file /data/skywalking/nginx/htpasswd;
        index  index.html;
        location / {
            root   html;
			index  index.html index.htm;
            #auth_basic on;
			auth_basic "Please enter the user name and password"; #这里是验证时的提示信息
            auth_basic_user_file /etc/nginx/htpasswd;
            proxy_pass http://172.17.0.9:8080;
            # WebSocket 穿透
            #proxy_set_header Origin "";
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection "upgrade";
        }
    }
}

密码配置:/etc/nginx/htpasswd

skywalking:$apr1$FVaUB8RE$.brXLk5N.IsNRqm3.Vy2n1

在这里插入图片描述
在这里插入图片描述

2、使用Spring Gateway增加认证

主要是使用Spring Gateway和Spring Security的基础认证formLogin实现,
pom.xml使用的依赖包

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.penngo.web.gateway</groupId>
    <artifactId>web_gateway</artifactId>
    <version>1.0.0</version>
    <properties>
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-loadbalancer</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-bootstrap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>2022.0.4</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>3.1.0</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <mainClass>com.penngo.web.gateway.WebGatewayMain</mainClass>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>
    
</project>

WebGatewayMain.java

package com.penngo.web.gateway;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class WebGatewayMain {
    public static void main(String[] args) {
        SpringApplication.run(WebGatewayMain.class, args);
    }
}

SecurityConfiguration.java配置

package com.penngo.web.gateway;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

@EnableWebFluxSecurity
@Configuration
public class SecurityConfiguration {

    @Bean
    SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
        http
                .authorizeExchange((authorize) -> authorize
                        .anyExchange().authenticated()
                )
                .cors(cors->cors.disable())
                .csrf(csrf->csrf.disable())
                .formLogin(withDefaults());

        return http.build();
    }

    /**
     * 可以在代码中配置密码,也可以在application.xml中配置密码
     * @return
     */
//    @Bean
//    MapReactiveUserDetailsService userDetailsService() {
//
//        UserDetails user = User.withDefaultPasswordEncoder()
//                .username("admin")
//                .password("123456")
//                .roles("USER")
//                .build();
//        return new MapReactiveUserDetailsService(user);
//    }
}

application.yml

server:
  port: 8081
  servlet:
    encoding:
      force: true
      charset: UTF-8
      enabled: true
spring:
  application:
    name: gatewayapp
  security:
    user:
      name: admin2
      password: 123456

bootstrap.yml

spring:
  cloud:
    gateway:
      routes:
        - id: skywalking
          uri: http://localhost:8080/
          # 绑定ip白名单
          predicates:
            - RemoteAddr=127.0.0.1/32,192.168.245.65/32

运行效果
在这里插入图片描述
在这里插入图片描述

  • 1
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

penngo

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值