![043fe6cfe9f37b6e9857dd39552b7ad3.png](https://i-blog.csdnimg.cn/blog_migrate/0c291a2881bb1572b6487e4028f9dfac.jpeg)
前言
前面两章介绍了将生产者和消费者微服务注册到Eureka Server上,但是为了增加安全性需要在Eureka上增加白名单,进行注册权限控制。本章将介绍Spring Cloud集成Security进行简单认证功能。
Eureka Server集成Security
![f469062b2ba4443cbc6f126cacc31b54.png](https://i-blog.csdnimg.cn/blog_migrate/bc08b73352236442bff5d14606c7b758.jpeg)
这是官网上介绍使用Eureka服务器进行身份验证,如果尝试过的话会发现并没有什么卵用,还需要添加其他的配置才行。
这里复制一份microservice-discovery-eureka 微服务代码,修改为microservice-discovery-eureka-security。
第一步:增加依赖
pom.xml增加依赖如下
org.springframework.boot spring-boot-starter-securityorg.springframework.boot spring-boot-starter-actuator
第二步:增加配置
spring: security: user: name: user password: 123456
修改defaultZone
# defaultZone: http://127.0.0.1:8761/eureka/ defaultZone: http://user:123456@127.0.0.1:8761/eureka/
备注:name和password可以随意修改。
第三步:启动测试
输入地址:http://127.0.0.1:8761/,如下图所示:
![e2de1bad5b869fadfa6bb1adf00fd2cd.png](https://i-blog.csdnimg.cn/blog_migrate/53bddaaa93d062f99c3c309f279af661.jpeg)
会跳转的login页面,需要输入配置的user和password才能正常使用eureka控制台。
将生产者微服务注册到Eureka Server
复制一份商品微服务(microservice-consumer-goods)代码,修改名称为microservice-consumer-goods-security。
第一步:增加依赖
org.springframework.boot spring-boot-starter-actuator
第二步:增加配置
spring: application: # 指定注册到eureka server上的服务名称 name: microservice-consumer-goods-security security: user: name: user password: 123456
修改defaultZone
# eureka server的通讯地址,注意路径 # defaultZone: http://127.0.0.1:8761/eureka/ defaultZone: http://user:123456@127.0.0.1:8761/eureka/
第三步:启动测试
启动出现Cannot execute request on any known server错误
--- [nfoReplicator-0] c.n.d.s.t.d.RetryableEurekaHttpClient : Request execution failure with status code 401; retrying on another server if available2019-01-06 21:31:46.160 WARN 3456 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_UNKNOWN/192.168.0.104:8090 - registration failed Cannot execute request on any known servercom.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:112) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:829) ~[eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121) [eureka-client-1.9.3.jar:1.9.3] at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101) [eureka-client-1.9.3.jar:1.9.3] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_181] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_181] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_181] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]......省略更多
原因:
引入spring-boot-starter-security做安全校验后,自动开启CSRF安全认证,任何一次服务请求默认都需要CSRF 的token(自行补脑Spring的CSRF验证),而Eureka-client不会生成该token,故启动时会报如上错误。
解决方案
microservice-discovery-eureka-security 中MicroserviceDiscoveryEurekaSecurityApplication启动类增加如下配置:
@EnableWebSecurity static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().ignoringAntMatchers("/eureka/**"); super.configure(http); } }
配套代码
主代码库:https://github.com/yundianzixun/spring-cloud-study
Eureka Service 集成Security:https://github.com/yundianzixun/spring-cloud-study/tree/master/microservice-discovery-eureka-security
生产者微服务集成Security:https://github.com/yundianzixun/spring-cloud-study/tree/master/microservice-consumer-goods-security
![ca983eaf0f0975edaf42a900aa64964f.png](https://i-blog.csdnimg.cn/blog_migrate/e2ecddac9c9f5fff8cf0817b9e5134ed.jpeg)