Shulou(Shulou.com)06/02 Report--

Brief introduction

In the network world, any service in the network is not secure. In order to make our Eureka service more secure, we can add a variety of authentication methods so that the client can register in Eureka only after providing the corresponding proof. This time we will add the most basic Http Basic authentication to Eureka. HTTP Basic is a simple user name and password authentication. When the client sends a registration request, it will send the user name and password to Eureka Server together. This kind of transmission method also belongs to non-× × complete.

Project source code

Gitee Code Cloud

Configure Eureka Server

Open the eureka-server.yml file in the remote git repository and add the following configuration:

-spring: profiles: peer1 security: user: name: test password: 123456 roles: USERserver: port: 8761eureka: instance: hostname: peer1 client: register-with-eureka: false fetch-registry: false # serviceUrl: # defaultZone: http://peer2:8762/eureka

To simplify service registration, we only used peer1 as the profile for this test, and set register-with-eureka and fetch-registry to false to close self-registration. Then we configure security.user.name,password and roles under spring to specify the user name, password, and user group that can be logged in, respectively.

Create a Java class cn.zxuqian.configurations.WebSecurityConfig in our registry project and add the following code:

@ Configuration@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {private static Logger log = LoggerFactory.getLogger (WebSecurityConfig.class); @ Override protected void configure (HttpSecurity http) throws Exception {http.csrf () .disable () .httpBasic ();} @ Bean public UserDetailsService userDetailsService () {User.UserBuilder builder = User.withDefaultPasswordEncoder (); InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager () Manager.createUser (builder.username ("test"). Password ("123456"). Roles ("USER"). Build (); return manager;}}

The configure () method in WebSecurityConfigurerAdapter is overridden to disable CSRF protection, because our Eureka Server uses peer as the hostname, while the product-service tested later uses localhost, which prevents access to Eureka resources. Then a test user is added to the userDetailsService () method for authentication.

Product-service

Open the product-service.yml file in the remote git repository and add the following configuration:

Eureka: client: serviceUrl: defaultZone: http://test:123456@peer1:8761/eureka/

Here, an address in the form of [username]: [password] @ host:port/eureka/ is added to the Url specified by defaultZone, which is how curl sends the user name and password.

test

First run Config Server, then run Eureka Server using mvn spring-boot:run-Dspring-boot.run.profiles=peer1, and finally run product-service. After a while, you will see that product-service has been registered successfully, and the following words will appear in the log of Eureka Server (you need to set log level to debug):

2018-05-19 18 w.c.HttpSessionSecurityContextRepository 1615 45.278 DEBUG 19055-[nio-8761-exec-9] w.c.HttpSessionSecurityContextRepository: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@442bd3dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442bd3dc: Principal: org.springframework.security.core.userdetails.User@364492: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED] Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_USER'

Welcome to my blog: http://zxuqian.cn/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.