Eureka Server增加Spring Security后的服务端和客户端配置
2021-04-21 09:27
标签:start ring ice 直接 code 继承 extends 不可用 mat 直接上代码吧,Eureka Server端的主要依赖的版本: Eureka Server端的application.yml配置 对于现在较新的版本的Spring Security的security.basic.enabled配置项已经不可用了,要配置该属性可以通过继承并重写 WebSecurityConfigurerAdapter : 引入新版的Spring Security后会自动开启CSRF安全验证,默认所有请求都要求提供CSRF的token,这就导致Eureka Client启动后向Eureka Server进行服务注册时也被要求提供CSRF的token,但是Eureka Client并不会生成CSRF要的token,目前也没看到手工让Eureka Client携带token的机制, 最终导致Eureka Client向Eureka Server服务注册失败,出现类似下面的异常: 解决该异常的方法就是重写 WebSecurityConfigurerAdapter时,设置CSRF忽略掉与eureka相关的路径(上文代码中的.csrf().ignoringAntMatchers("/eureka/**")),当然也可以直接禁用掉CSRF,但不建议这么做: Eureka Client端只要修改一下eureka.client.service-url.defaultZone就可以了: Eureka Server增加Spring Security后的服务端和客户端配置 标签:start ring ice 直接 code 继承 extends 不可用 mat 原文地址:https://www.cnblogs.com/xuruiming/p/13281925.html dependency>
groupId>org.springframework.cloudgroupId>
artifactId>spring-cloud-starter-netflix-eureka-serverartifactId>
version>2.2.3.RELEASEversion>
dependency>
dependency>
groupId>org.springframework.bootgroupId>
artifactId>spring-boot-starter-securityartifactId>
version>2.3.1.RELEASEversion>
dependency>
server:
port: 8761
eureka:
server:
# 这里只是为了测试方便才修改的无效服务剔除时间间隔,生产环境尽量不要改
eviction-interval-timer-in-ms: 3000
client:
register-with-eureka: false
fetch-registry: false
service-url:
defaultZone: http://user:pwd123@localhost:8761/eureka/
spring:
application:
name: discovery-eureka-auth
cloud:
loadbalancer:
ribbon:
enabled: false
inetutils:
# preferred-networks:
# - 192.168.0
ignored-interfaces:
- VM.*
security:
user:
name: user
password: pwd123import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().ignoringAntMatchers("/eureka/**");
}
}
2020-07-10 22:32:43.561 ERROR 21416 --- [tbeatExecutor-0] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution error. endpoint=DefaultEndpoint{ serviceUrl=‘http://user:pwd123@localhost:8761/eureka/}
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();//不建议完全禁用掉csrf
}
}
eureka:
instance:
# 这里只是为了测试方便修改的服务租期相关时间,生产环境不要改
lease-expiration-duration-in-seconds: 10
lease-renewal-interval-in-seconds: 5
prefer-ip-address: true
client:
service-url:
defaultZone: http://user:pwd123@localhost:8761/eureka/
文章标题:Eureka Server增加Spring Security后的服务端和客户端配置
文章链接:http://soscw.com/essay/77542.html