登陆

Spring Cloud(Greenwich版)-04-Spring Cloud集成Security

admin 2019-08-23 245人围观 ,发现0个评论

前语

前面两章介绍了将生产者和顾客微服务注册到Eureka Server上,可是为了添加安全性需求在Eureka上添加白名单,进行注册权限操控。本章将介绍Spring Cloud集成Security进行简略认证功用。

Eureka Server集成Security

这是官网上介绍运用Eureka服务器进行身份验证,假如尝试过的话会发现并没有什么卵用,还需求添加其他的装备才行。

这儿仿制一份microservice-discovery-eureka 微服务代码,修正为microservice-discovery-eurekSpring Cloud(Greenwich版)-04-Spring Cloud集成Securitya-security。

第一步:添加依靠

pom.xml添加依靠如下


org.springframework.boot
spring-boot-starter-security


org.springframework.boot
spring-boot-starter-acSpring Cloud(Greenwich版)-04-Spring Cloud集成Securitytuator

第二步:添加装备

spring:
security:
user:
name: user
password: 123456

修正defaultZone

# defaultZone: http://127.0.0.1:8761/eureka/
defaultZone: http://user:123456@127.0.0.1:8761/eureka/

补白:name和password能够随意修正。

第三步:发动测验

输入地址:http://127.0.0.1:8761/,如下图所示:

会跳转的login页面,需求输入装备的user和password才干正常运用eureka操控台。

将生产者微服务注册到Eureka Server

仿制一份产品微服务(microservice-consumer-goods)代码,修正称号为microservice-consumer-goods-security。

第一步:添加依靠

org.springframework.boot
spring-boot-starter-actuator

第二步:添加装备

spring:
application:
# 指定注册到eureka server上的服务称号
name: microservice-consumer-goods-security
security:
user:
name: user
password: 123456

修正defaultZone

# eureka server的通讯地址,留意途径
# defaultZone: http://127.0.0.1:8761/eureka/
defaultZone: http://user:123456@127.0.0.1:8761/eureka/

第三步:发动测验

发动呈现Cannot execute request on any known server过错

--- [nfoReplicator-0] c.n.d.s.t.d.RetryableEurekaHttpClient : Request execution failure with status code 401; retrying on another server if available
2019-01-06 21:31:46.160 WARN 3456 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_UNKNOWN/192.168.0.104:8090 - registration failed Cannot executeSpring Cloud(Greenwich版)-04-Spring Cloud集成Security request on any known server
com.netflix.discovery.shared.transport.TransportException: Cannot exSpring Cloud(Greenwich版)-04-Spring Cloud集成Securityecute request on any known server
at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:112) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.shared.transport.decorator.SessionedERichtofenurekaHttpClient.execute(SessionedEurekaHttpClient.java:77) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:829) ~[eureka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121) [eureSpring Cloud(Greenwich版)-04-Spring Cloud集成Securityka-client-1.9.3.jar:1.9.3]
at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101) [eureka-client-1.9.3.jar:1.9.3]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_181]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at java.lang.Thread.run(Thread.java:74Spring Cloud(Greenwich版)-04-Spring Cloud集成Security8) [na:1.8.0_181]
......省掉更多

原因:

引进spring-boot-starter-security做安全校验后,主动敞开CSRF安全认证,任何一次服务恳求默许都需求CSRF 的token(自行补脑Spring的CSRF验证),而Eureka-client不会生成该token,故发动时会报如上过错。

解决方案

microservice-discovery-eureka-security 中MicroserviceDiscoveryEurekaSecurityApplication发动类添加如下装备:

@EnableWebSecurity
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/eureka/**");
super.configure(http);
}
}

配套代码

主代码库:https://github.com/yundianzixun/spring-cloud-study

Eureka Service 集成Security:https://github.com/yundianzixun/spring-cloud-study/tree/master/microservice-discovery-eureka-security

生产者微服务集成Security:https://github.com/yundianzixun/spring-cloud-study/tree/master/microservice-consumer-goods-security

请关注微信公众号
微信二维码
不容错过
Powered By Z-BlogPHP