使用SpringSecurity保护你的Eureka.

因为注册中心基本上都是自己的应用在使用,应用不是特别多,可以写死,如果应用很多,那么就写入数据库把

pom

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>

WebSecurityConfigurerAdapter ,注意为了可以使用 http://pc:123456@localhost:8000/eureka/ 这种方式登录,所以必须是httpBasic,如果是form方式,不能使用url格式登录

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${users.admin.name}")
    private String admin_name;
    @Value("${users.admin.password}")
    private String admin_password;
    @Value("${users.admin.roles}")
    private String [] admin_roles;

    @Value("${users.pc.name}")
    private String pc_name;
    @Value("${users.pc.password}")
    private String pc_password;
    @Value("${users.pc.roles}")
    private String [] pc_roles;

    @Value("${users.app.name}")
    private String app_name;
    @Value("${users.app.password}")
    private String app_password;
    @Value("${users.app.roles}")
    private String [] app_roles;

    @Value("${users.apiuser.name}")
    private String apiuser_name;
    @Value("${users.apiuser.password}")
    private String apiuser_password;
    @Value("${users.apiuser.roles}")
    private String [] apiuser_roles;

    @Value("${users.zuul.name}")
    private String zuul_name;
    @Value("${users.zuul.password}")
    private String zuul_password;
    @Value("${users.zuul-router.roles}")
    private String [] zuul_roles;



    @Override
    public void configure(WebSecurity web) throws Exception {
    //这里忽略app调用的接口服务,让接口服务的Oauth去验证
        web.ignoring().antMatchers("/app-server/api/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.authorizeRequests().anyRequest().fullyAuthenticated().antMatchers("/app-server/pc/**").hasRole("PCSERVER");
//        .antMatchers("/app-server/api/**").hasRole("APIUSER");
        http.csrf().disable();
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
    }




    @Override
    protected void configure(AuthenticationManagerBuilder auth)throws Exception{
        auth.inMemoryAuthentication().withUser(admin_name).password(admin_password).roles(admin_roles)
                .and().withUser(pc_name).password(pc_password).roles(pc_roles)//PC 服务
                .and().withUser(app_name).password(app_password).roles(app_roles)//APP 服务
                .and().withUser(zuul_name).password(zuul_password).roles(zuul_roles) //路由
                .and().withUser(apiuser_name).password(apiuser_password).roles(apiuser_roles);//接口调用者
    }

}

 

application.yml

server:
  port: 8000
  max-threads: 2000
  max-connections: 2000

eureka:
  instance:
    hostname: localhost
    appname: eureka
  client:
    register-with-eureka: false
    fetch-registry: false
    service-url:
      defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/

users:
  admin:
    name: admin
    password: admin
    roles: ADMIN,PC,APIUSER
  pc:
    name: pc
    password: 123456
    roles: PCSERVER
  app:
    name: app
    password: 123456
    roles: app
  apiuser:
    name: apiuser
    password: 123456
    roles: APIUSER
  zuul:
    name: zuul
    password: 123456
    roles: ZUUL

其他服务连接eureka

http://pc:123456@localhost:8000/eureka/