注册中心的管理界面以及服务注册时,没有任何认证机制,安全性比较差,如果其它服务恶意注册一个同名服务,但是实现不同,可能就有风险了,可以参考下面的配置改进
首先在添加springsecurity依赖
<dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-eureka-server</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> </project> |
然后修改server的配置文件
security: basic: enabled: true user: name: username //此处为用户名 password: 123456 //此处为密码 server: port: 8051 eureka: instance: hostname: localhost client: register-with-eureka: false fetch-registry: false service-url: defaultZone: http://username:123456@${eureka.instance.hostname}:${server.port}/eureka/ |
之后修改Eureka连接的配置文件
spring: application: name: order-service eureka: client: service-url: defaultZone: http://username:123456@@localhost:8051/eureka instance: instance-id: ${spring.application.name}:${spring.cloud.client.ipAddress}:${spring.application.instance_id:${server.port}} server: port: 9090 |
这样每一个链接都必须提供账户密码。