1、服务端设置了安全配置Spring-security
package com.zemel.security.config;
import javax.annotation.Resource;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.ignoring().antMatchers("/hystrix.stream", "turbine.stream");
// spring.secruity.ignored:
// /hystrix.stream
// /turbine.stream
}
@Resource
public void configGloabl(AuthenticationManagerBuilder auth)throws Exception{
auth.inMemoryAuthentication().withUser("wendy").password("wendy").roles("USER")
.and().withUser("admin").password("hello").roles("USER", "ADMIN");
}
/*security:
sessions: stateless
basic:
enabled: true #启用SpringSecurity的安全配置
user:
name: zemel #认证用户名
password: 123456 # 认证密码
role: # 授权角色
- USER */
@Override
protected void configure(HttpSecurity http) throws Exception {
// 表示所有的访问都必须认证,认证处理后才可以正常进行
http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated();
// 所有的rest服务一定要设置为无状态,以提升操作效率和性能
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
2、zuul的药代理这种服务的情况,必须要在头部访问之前设置用户名密码,
而需要设置必须通过Filter来设置
package com.zemel.zuul.filter;
import java.nio.charset.Charset;
import java.util.Base64;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
public class AuthorizedRequestFilter extends ZuulFilter {
@Override
public Object run() { // 表示具体的过滤执行操作
RequestContext curContext = RequestContext.getCurrentContext();
// 进行一个Http头信息配置
// HttpHeaders headers = new HttpHeaders();
String auth = "wendy:wendy";
byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(Charset.forName("US-ASCII")));
// 加密字符串要有空格
String authHeader = "Basic " + new String(encodedAuth);
curContext.addZuulRequestHeader("Authorization", authHeader);
// headers.set("Authorization", authHeader);
return null;
}
@Override
public boolean shouldFilter() { // 该filter是否要执行
return true;
}
@Override
public int filterOrder() {
return 0; // 设置优先级,数值越大优先级越高
}
@Override
public String filterType() {
// 在进行Zuul过滤的时候可以设置其他过滤执行的位置,那么此时有如下几种类型
// pre:请求前设置
// route 请求的时候
// post :发送的
// error: 出错之后
return "pre";
}
}
3、zuul的application.yml的配置
server:
port: 9501
eureka:
client:
serviceUrl:
defaultZone: http://admin:admin@eurekaserver-7001.com:7001/eureka,http://admin:admin@eurekaserver-7002.com:7002/eureka,http://admin:admin@eurekaserver-7003.com:7003/eureka
instance:
prefer-ip-address: true #访问地址显示
# 不建议修改以下两项
# lease-expiration-duration-in-seconds: 2 #心跳间隔时间(默认30s)
# lease-renewal-interval-in-seconds: 5 #如果现在超过了5s间隔(默认是90秒)
info:
app.name: geteway
company.name: www.zemel.cn
build.artifactId: $project.artifactId$
build.version: $project.version$
spring:
application:
name: zuul-gateway
zuul:
AuthorizedRequestFilter:
pre:
disable: false# 过滤器将被禁止使用
prefix: /me # 路由前缀
# ignored-services: provider-company # 方法一:忽略服务名称访问
ignored-services: "*" # 方法二:如果微服务比较多,则采用通配符的方式配置,进行忽略
routes:
#provider-company: /company-proxy/** # 写法一: 左边服务名称、右边服务代理名称
dept-8001: /dept-proxy/**
4、访问结果如下: