个人中心
gpt4 book ai didi

spring - 如何使用基本身份验证保护 spring cloud eureka 服务?

转载 作者:行者123 更新时间:2023-12-03 13:57:43 26 4
gpt4 key购买 nike

我在同一台主机上设置了多个 eureka 服务器实例。他们使用主机名 eureka-primary、secondary 和third,它们被定义为主机文件中的本地主机别名,一切正常——它们都是可见的,并且作为不同的实例彼此可用。

当我尝试使用 basic auth 保护 Eureka 实例时,问题就开始了。和这个。这个想法是添加 spring 安全依赖,在 eureka 服务器上指定安全用户和密码,并将这些凭据放在 defaultZone 中。 urls(配置如下),但这似乎不起作用。

Eureka 实例甚至无法相互注册,当我尝试访问 Eureka 门户网站时,系统会提示我输入登录表单,然后重定向到仪表板。所有仪表板都运行良好,需要访问凭据。

我正在使用 Spring Cloud Finchley.RC1带 Spring Boot 2.0.1.RELEASEspring-boot-starter-security 的相同版本和 spring-cloud-starter-netflix-eureka-server .

Eureka 服务器 pom.xml 

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>rs.microservices</groupId>
    <artifactId>eurekaServer</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>eurekaServer</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.1.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.RC1</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    <repositories>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </repository>
    </repositories>
</project>

Eureka 服务器应用程序.yml 
---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: primary
  application:
    name: eureka-server-clustered   
server:
  port: 8011  
eureka:
  instance:
    hostname: eureka-primary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-secondary:8012/eureka/,http://admin:admin@eureka-tertiary:8013/eureka/

---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: secondary
  application:
    name: eureka-server-clustered      
server:
  port: 8012
eureka:
  instance:
    hostname: eureka-secondary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8013/eureka/,http://admin:admin@eureka-tertiary:8011/eureka/

---
spring:
  security:
    user:
      name: admin
      password: admin
  profiles: tertiary
  application:
    name: eureka-server-clustered      
server:
  port: 8013
eureka:
  instance:
    hostname: eureka-tertiary       
  client:
    registerWithEureka: true
    fetchRegistry: true    
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8011/eureka/,http://admin:admin@eureka-secondary:8012/eureka/

微服务 bootstrap.yml 
spring:
  application:
    name: someService
server:
  port: 0 
eureka:  
  client:
    registerWithEureka: true
    fetchRegistry: true
    service-url:
      defaultZone: http://admin:admin@localhost:8011/eureka/,http://admin:admin@localhost:8012/eureka/,http://admin:admin@localhost:8013/eureka/

我究竟做错了什么?

*编辑

我已经找到了多个这样的解决方案 Securing Eureka in Spring cloud ,但它们都没有真正解决我的问题 - 正如您所看到的,我们的配置是相同的。

最佳答案

解决了!

TL;博士
问题是 CSRF并且由于某种原因 spring 无法验证在 application.yml 中配置的用户

所以我不得不覆盖来自 WebSecurityConfigurerAdapter 的配置方法禁用 csrf 并创建 inMemory 用户。还从 application.yml 中删除了 spring.security.user 属性。

Eureka 服务器 application.yml现在看起来像:

---
spring:
  profiles: primary
  application:
    name: eureka-server-clustered   
server:
  port: 8011  
eureka:
  instance:
    hostname: eureka-primary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-secondary:8012/eureka,http://admin:admin@eureka-tertiary:8013/eureka
---
spring:
  profiles: secondary
  application:
    name: eureka-server-clustered      
server:
  port: 8012
eureka:
  instance:
    hostname: eureka-secondary       
  client:
    registerWithEureka: true
    fetchRegistry: true        
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8013/eureka,http://admin:admin@eureka-tertiary:8011/eureka

---
spring:
  profiles: tertiary
  application:
    name: eureka-server-clustered     
server:
  port: 8013
eureka:
  instance:
    hostname: eureka-tertiary       
  client:
    registerWithEureka: true
    fetchRegistry: true    
    serviceUrl:
      defaultZone: http://admin:admin@eureka-primary:8011/eureka,http://admin:admin@eureka-secondary:8012/eureka

新建WebSecurityConfig类(class): 
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
        .passwordEncoder(NoOpPasswordEncoder.getInstance())
        .withUser("admin").password("admin")
        .authorities("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
              .anyRequest().authenticated()
              .and()
              .httpBasic();
    }
}

关于spring - 如何使用基本身份验证保护 spring cloud eureka 服务?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50971891/

26 4 0
文章推荐: .net - .NET 中的字符串序列化
文章推荐: .net - MEF是否可以替代System.Addin?
文章推荐: language-agnostic - 如何找到多个地理区域的中心?
文章推荐: android - 为什么我在 Xamarin Forms for Android 中出现 'AnimationViewRenderer doesn' t 存在于上下文中的错误?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com