本文介绍如何使用SpringSecurity为SpringCloud EurekaServer添加安全认证,包括配置依赖、禁用部分CSRF保护、修改配置文件及客户端配置,确保微服务注册与通信的安全。
一、概述
Eureka本身不具备安全认证的能力,Spring Cloud使用Spring Security为Eureka Server进行了增强。
1.1 加依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!--<parent>
<artifactId>cloud-study</artifactId>
<groupId>com.qhr.cloud</groupId>
<version>1.0-SNAPSHOT</version>
</parent>-->
<groupId>com.qhr.cloud</groupId>
<version>1.0-SNAPSHOT</version>
<modelVersion>4.0.0</modelVersion>
<artifactId>microservice-discovery-eureka-authenticating</artifactId>
<packaging>jar</packaging>
<!-- 引入spring boot的依赖 -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<!-- 引入spring cloud的依赖 -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Finchley.SR1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<!-- 添加spring-boot的maven插件 -->
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>1.2 添加WebSecurityConfig类用于限制Spring Security的部分CSRF保护功能,否则应用无法正常注册!
package com.qhr.cloud.study;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @Author : qhr
* @Description :pring Cloud Finchley及更高版本,必须添加如下代码,部分关闭掉Spring Security
* 的CSRF保护功能,否则应用无法正常注册!
* @Date : Created in 18:35 2020/7/6
* @Modified By :
*/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/eureka/**");
super.configure(http);
}
}
1.3 修改配置文件application.yml
server:
port: 8761
eureka:
client:
# 是否要注册到其他Eureka Server实例
register-with-eureka: false
# 是否要从其他Eureka Server实例获取数据
fetch-registry: false
service-url:
defaultZone: http://user:password123@localhost:8761/eureka/
spring:
security:
user:
name: user # 配置登录的账号是user
password: password123 # 配置登录的密码是password123
1.4 添加启动类
package com.qhr.cloud.study;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
/**
* @Author : qhr
* @Description :
* @Date : Created in 18:34 2020/7/6
* @Modified By :
*/
@SpringBootApplication
@EnableEurekaServer
public class EurekaApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaApplication.class, args);
}
}
1.5 项目目录结构
二、Eureka Client 客户端配置
在microservice-provider-user微服务中,修改配置文件application.yml
eureka:
client:
service-url:
# 指定eureka server通信地址,注意/eureka/小尾巴不能少
defaultZone: http://user:password123@localhost:8761/eureka/三、服务启动
3.1 访问:http://localhost:8761/
输入用户:user,密码:password123,就可正常访问Eureka Server首页。
3.2 启动微服务microservice-provider-user
可以发现微服务microservice-provider-user已经注册到Eureka的服务器上了。
扫一扫
2716
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
