zoukankan      html  css  js  c++  java
  • Eureka Server增加Spring Security后的服务端和客户端配置

      直接上代码吧,Eureka Server端主要依赖的版本:

            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
                <version>2.2.3.RELEASE</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
                <version>2.3.1.RELEASE</version>
            </dependency>

      Eureka Server端的application.yml配置

    server:
      port: 8761
    eureka:
      server: 
    #  这里只是为了测试方便才修改的无效服务剔除时间间隔,生产环境尽量不要改 eviction-interval-timer-in-ms: 3000 client: register-with-eureka: false fetch-registry: false service-url: defaultZone: http://user:pwd123@localhost:8761/eureka/ spring: application: name: discovery-eureka-auth cloud: loadbalancer: ribbon: enabled: false inetutils: # preferred-networks: # - 192.168.0 ignored-interfaces: - VM.* security: user: name: user password: pwd123

      对于现在较新的版本的Spring Security的security.basic.enabled配置项已经不可用了,要配置该属性可以通过继承并重写 WebSecurityConfigurerAdapter :

    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .httpBasic()
                    .and()
                    .csrf().ignoringAntMatchers("/eureka/**");
        }
    }

      引入新版的Spring Security后会自动开启CSRF安全验证,默认所有请求都要求提供CSRF的token,这就导致Eureka Client启动后向Eureka Server进行服务注册时也被要求提供CSRF的token,但是Eureka Client并不会生成CSRF要的token,目前也没看到手工让Eureka Client携带token的机制,

    最终导致Eureka Client向Eureka Server服务注册失败,出现类似下面的异常

    2020-07-10 22:32:43.561 ERROR 21416 --- [tbeatExecutor-0] c.n.d.s.t.d.RedirectingEurekaHttpClient  : Request execution error. endpoint=DefaultEndpoint{ serviceUrl='http://user:pwd123@localhost:8761/eureka/}

      解决该异常的方法就是重写 WebSecurityConfigurerAdapter时,设置CSRF忽略掉与eureka相关的路径(上文代码中的.csrf().ignoringAntMatchers("/eureka/**")),当然也可以直接禁用掉CSRF,但不建议这么做:

    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .httpBasic()
                    .and()
                    .csrf().disable();//不建议完全禁用掉csrf
        }
    }

      Eureka Client端只要修改一下eureka.client.service-url.defaultZone就可以了:

    eureka:
      instance:
    #  这里只是为了测试方便修改的服务租期相关时间,生产环境不要改 lease-expiration-duration-in-seconds: 10 lease-renewal-interval-in-seconds: 5 prefer-ip-address: true client: service-url: defaultZone: http://user:pwd123@localhost:8761/eureka/
  • 相关阅读:
    GCD 信号量使用记录
    使用AFNetWorking 上传文件/图片
    iOS 13 使用LaunchScreen.storyboard设置启动图注意事项
    clipsToBounds和masksToBounds的区别?
    react-native 单页面界面横屏(带导航栏的V5.0不支持,V4.0,V3.0支持)
    react-native 5.0导航栏配置
    使用SSZipArchive 注意事项
    iOS 相册照片heic (实况)
    react-native 集成Code-Push的常用命令
    Java基础知识学习02-运算符、循环语句、break、continue
  • 原文地址:https://www.cnblogs.com/xuruiming/p/13281925.html
Copyright © 2011-2022 走看看