其他分享
首页 > 其他分享> > 如何使用基本身份验证来保证spring cloud eureka服务?

如何使用基本身份验证来保证spring cloud eureka服务?

作者:互联网

我在同一主机上设置了多个eureka服务器实例.他们使用主机名eureka-primary,secondary和tertiary,它们被定义为hosts文件中的localhost别名,一切正常 – 它们都是可见的,并且可以作为不同的实例彼此使用.

当我尝试使用基本身份验证来保护eureka实例时,问题就出现了.这个想法是添加spring安全依赖项,在eureka服务器上指定安全用户和密码,并将这些凭据放在defaultZone网址中(配置在下面),但这似乎不起作用.

Eureka实例甚至无法相互注册,当我尝试访问eureka门户网站时,我会通过登录表单提示,然后重定向到仪表板.所有仪表板都运行正常,需要访问凭据.

我使用spring spring Finchley.RC1和spring boot 2.0.1.RELEASE以及相同版本的spring-boot-starter-security和spring-cloud-starter-netflix-eureka-server.

Eureka服务器pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>rs.microservices</groupId>
    <artifactId>eurekaServer</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>eurekaServer</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.1.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.RC1</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    <repositories>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </repository>
    </repositories>
</project>

Eureka服务器application.yml

---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: primary
  application:
    name: eureka-server-clustered   
server:
  port: 8011  
eureka:
  instance:
    hostname: eureka-primary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-secondary:8012/eureka/,http://admin:admin@eureka-tertiary:8013/eureka/

---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: secondary
  application:
    name: eureka-server-clustered      
server:
  port: 8012
eureka:
  instance:
    hostname: eureka-secondary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8013/eureka/,http://admin:admin@eureka-tertiary:8011/eureka/

---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: tertiary
  application:
    name: eureka-server-clustered      
server:
  port: 8013
eureka:
  instance:
    hostname: eureka-tertiary       
  client:
    registerWithEureka: true
    fetchRegistry: true    
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8011/eureka/,http://admin:admin@eureka-secondary:8012/eureka/   

微服务bootstrap.yml

spring:
  application:
    name: someService
server:
  port: 0 
eureka:  
  client:
    registerWithEureka: true
    fetchRegistry: true
    service-url:
      defaultZone: http://admin:admin@localhost:8011/eureka/,http://admin:admin@localhost:8012/eureka/,http://admin:admin@localhost:8013/eureka/

我究竟做错了什么?

*编辑

我已经找到了多个这样的解决方案,例如Securing Eureka in Spring cloud,但它们都没有真正解决我的问题 – 因为你可以看到我们的配置是相同的.

解决方法:

解决了!

TL; DR
问题是CSRF,由于某种原因,spring无法验证application.yml中配置的用户

所以我不得不从WebSecurityConfigurerAdapter覆盖configure方法来禁用csrf并创建inMemory用户.还从application.yml中删除了spring.security.user属性.

Eureka服务器application.yml现在看起来像:

---
spring:
  profiles: primary
  application:
    name: eureka-server-clustered   
server:
  port: 8011  
eureka:
  instance:
    hostname: eureka-primary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-secondary:8012/eureka,http://admin:admin@eureka-tertiary:8013/eureka
---
spring:
  profiles: secondary
  application:
    name: eureka-server-clustered      
server:
  port: 8012
eureka:
  instance:
    hostname: eureka-secondary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8013/eureka,http://admin:admin@eureka-tertiary:8011/eureka

---
spring:
  profiles: tertiary
  application:
    name: eureka-server-clustered     
server:
  port: 8013
eureka:
  instance:
    hostname: eureka-tertiary       
  client:
    registerWithEureka: true
    fetchRegistry: true    
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8011/eureka,http://admin:admin@eureka-secondary:8012/eureka  

新创建的WebSecurityConfig类:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
        .passwordEncoder(NoOpPasswordEncoder.getInstance())
        .withUser("admin").password("admin")
        .authorities("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
              .anyRequest().authenticated()
              .and()
              .httpBasic();
    }
}

标签:netflix-eureka,spring,spring-boot,spring-security,spring-cloud
来源: https://codeday.me/bug/20190910/1801023.html