搭建好了spring-cloud整套服務後,開始優化時發現,需要在訪問服務發現中心時添加登錄功能,以保障安全,於是參考了spring-cloud官網的配置方法,配置後果然需要通過登錄纔可以訪問註冊中心,但是此時所有的微服務都無法註冊到註冊中心上,嘗試各種方式去配置就是不行,最後發現問題出在了版本上,網上搜到的以及spring官網提供的文檔並沒有提及到security在新版本中添加了csrf過濾,csrf將微服務的註冊也給過濾了,所以在微服務客戶端註冊啓動時控制檯報錯:
Cannot execute request on any known server
此時只需要在eureka發現中心手動關閉csrf即可正常完成服務註冊,且不影響登錄註冊中心.
package com.bootdo.clouddoserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();//關閉csrf
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
}
最後說一下,我用的spring-boot版本是:
2.0.4.RELEASE
spring-cloud版本是:
Finchley.SR1
以下記錄一下能夠入坑的正確配置配置步驟:
- pom文件中引入
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
- idea 刷新pom依賴包,如果maven倉庫(本地或遠程)沒有此jar包,請自行clean
- 項目application.yml添加
server:
port: 8001
spring:
security:
basic:
enabled: true
user:
name: user
password: password123
eureka:
instance:
hostname: localhost
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: http://user:password123@${eureka.instance.hostname}:${server.port}/eureka/
- 重點來了,繼承WebSecurityConfigurerAdapter ,並且關閉csrf,否則客戶端註冊會報錯
Cannot execute request on any known server
package com.bootdo.clouddoserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();//關閉csrf
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
}
修改客戶端: application.yml,裏面的defaultZone的地址:
eureka:
client:
serviceUrl:
defaultZone: http://user:password123@localhost:8001/eureka/
server:
port: 8002
spring:
application:
name: zuul
servlet:
multipart:
max-file-size: 100Mb
max-request-size: 100Mb
ribbon:
ReadTimeout: 60000
ConnectTimeout: 60000
security:
oauth2:
client:
access-token-uri: http://localhost:8005/oauth/token
user-authorization-uri: http://localhost:8005/oauth/authorize
client-id: app
resource:
user-info-uri: http://localhost:8005/user
prefer-token-info: false
搞定!!!!,如果想要關閉身份認證,則優雅的在啓動類加上
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
package com.bootdo.clouddoserver;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
@EnableEurekaServer
@SpringBootApplication
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
public class ClouddoServerApplication {
public static void main(String[] args) {
SpringApplication.run(ClouddoServerApplication.class, args);
}
}