Spring Cloud服务间调用鉴权
学习使用Spring Cloud 微服务间的调用都是RestFul风格,如何保证调用之间的安全性,这是一个很重要的问题。
通过查阅资料http://wiselyman.iteye.com/blog/2379419 查看了github上提供的例子https://github.com/wiselyman/uaa-zuul
1.引入
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
2.添加配置类
package com.rraj.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import javax.servlet.http.HttpServletResponse; /** * Created by hqm */ @Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http .csrf().disable() .exceptionHandling() .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)) .and() .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); } }
3启动的Application中添加注解
@EnableGlobalMethodSecurity(prePostEnabled = true)
4.application.properties中添加
#安全认证 security.oauth2.resource.id=feign-consumer security.oauth2.resource.user-info-uri=http://localhost:8702 security.oauth2.resource.prefer-token-info=false
以上几步可以完成服务之间调用的安全性,欢迎指正错误的问题和评论
雪人正在努力……
posted on 2017-11-16 10:56 Snowman-Nunu 阅读(1453) 评论(0) 编辑 收藏 举报