前言
Eureka本身不具备安全认证的能力,Spring Cloud使用Spring Security为Eureka Server进行了增强。
Eureka Server端
- pom.xml增加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>- application.yml增加配置
- 配置中如果不设置这段内容,账号默认是user,密码是一个随机值,该值会在启动时打印出来。
- 将Eureka Server中的 eureka.client.service-url.defaultZone 修改为为http://{user}:{password}@EUREKA_HOST:EUREKA_PORT/eureka/ 的形式。
spring:
security:
user:
name: admin # 配置登录的账号是admin
password: 123456 # 配置登录的密码是123456
eureka:
client:
service-url:
defaultZone: http://admin:123456@peer1:8761/eureka/, http://admin:123456@peer2:8762/eureka/- 新增WebSecurityConfig.java
package com.dream.shop.security;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* Spring Cloud Finchley及更高版本,必须添加如下代码,部分关闭掉Spring Security
* 的CSRF保护功能,否则应用无法正常注册!
* ref: http://cloud.spring.io/spring-cloud-netflix/single/spring-cloud-netflix.html#_securing_the_eureka_server
*/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/eureka/**");
super.configure(http);
}
}
- 登陆测试
http://localhost:8761/login
Eureka Client端
eureka:
client:
serviceUrl:
defaultZone: http://admin:123456@peer1:8761/eureka/,http://admin:123456@peer2:8761/eureka/
测试
http://localhost:8761
http://localhost:8762
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。