本来研究 springcloud 还是很美好的,后来为了安全引入了security,然后出现了各种问题,首先是服务没法注册(解决方案:引入 security 后服务无法注册到 eureka),后来是服务没法调用,
报错日志如下:
feign.FeignException$Unauthorized: [401] during [GET] to [http://eureka-client/client/test] [ClientService#getClientService()]: [{"timestamp":"2021-07-08T09:01:18.940+00:00","status":401,"error":"Unauthorized","message":"","path":"/client/test"}]
看报错也好理解:调用没经过认证,这个认证是 security 内置的,网上倒是有一些方法,但是比较乱,好多不生效,所以建议还是把 security 内置的调用认证关了(调用认证那边再加逻辑保证安全)
在服务端加上配置文件:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
}
可能因为版本的问题,有时候还需要在启动文件加上额外的注解:
@SpringBootApplication(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})
亲测有效。