eureka server中httpBasic与oauth2混合使用

santiani

已于 2023-08-09 17:06:47 修改

阅读量96

点赞数

文章标签： eureka spring cloud

于 2023-08-09 17:04:21 首次发布

本文链接：https://blog.csdn.net/qq_42607344/article/details/132191932

版权

文章讲述了如何在SpringBoot项目中将Eureka的/eureka/路径设置为HTTPBasic认证，同时与Keycloak集成，确保其他路径通过OAuth2授权。展示了相关的依赖配置和SpringSecurity的配置代码。

摘要由CSDN通过智能技术生成

因为项目的原因，需要将eureka的认证登录功能与keyclock集成，所以研究了一下。eureka开启验证时，只需要将/eureka/**路径还原成httpBasic认证方式就能让service正常在eureka server上注册，其他路径的访问则会跳转到keyclock进行认证。

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.7.14</version>
        <relativePath/>
    </parent>
    <groupId>com.example</groupId>
    <artifactId>eureka-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>eureka-server</name>
    <description>eureka-server</description>

    <properties>
        <java.version>1.8</java.version>
        <spring-cloud.version>2021.0.8</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

application.yml

server:
  port: 8761

eureka:
  client:
    register-with-eureka: false
    fetch-registry: false
    service-url:
      defaultZone: http://admin:admin@localhost:8761/eureka/

spring:
  application:
    name: eureka-server
  security:
    user:
      name: admin
      password: admin
      roles: admin
    oauth2:
      client:
        provider:
          keyclock:
            issuer-uri: http://localhost:8080/realms/master
        registration:
          keyclock:
            provider: keyclock
            client-id: test
            client-secret: 507db393-xxxx-xxxx-xxxx-0805a2d11fe1
            scope: openid
            authorization-grant-type: authorization_code

logging:
  level:
    root: INFO
    org.springframework.web: INFO
    org.springframework.security: INFO
    org.springframework.security.oauth2: INFO

SpringSecurityConfig.java

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig {

    @Value("${spring.security.user.name}")
    private String name;
    @Value("${spring.security.user.password}")
    private String password;
    @Value("${spring.security.user.roles}")
    private String[] roles;

    @Bean
    public SecurityFilterChain securityFilterChainHttpBasic(HttpSecurity http) throws Exception {

        http
                .antMatcher("/eureka/**")
                .userDetailsService(userDetailsService())
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic()
                .and()
                .csrf()
                .disable();

        return http.build();
    }

    private UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
        inMemoryUserDetailsManager.createUser(User.withUsername(name).password("{noop}" + password).roles(roles).build());
        return inMemoryUserDetailsManager;
    }

    @Bean
    public SecurityFilterChain securityFilterChainOauth2(HttpSecurity http) throws Exception {

        http
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .csrf()
                .disable();
        http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS);

        http.oauth2Login();

        return http.build();
    }
}