如何将apollo配置中心的eureka添加登录验证
高版本2.1.0及以上版本
在apollo-configservice模块resources路径下的application.yml中添加如下配置
apollo:
eureka:
server:
security:
username: demo1
password: pwd1
enabled: true
修改eureka.client.serviceUrl.defaultZone
eureka:
instance:
hostname: ${hostname:localhost}
preferIpAddress: true
status-page-url-path: /info
health-check-url-path: /health
server:
peerEurekaNodesUpdateIntervalMs: 60000
enableSelfPreservation: false
client:
serviceUrl:
# This setting will be overridden by eureka.service.url setting from ApolloConfigDB.ServerConfig or System Property
# see com.ctrip.framework.apollo.biz.eureka.ApolloEurekaClientConfig
# 修改:defaultZone: http://${eureka.instance.hostname}:8080/eureka/
defaultZone: http://${apollo.eureka.server.security.username}:${apollo.eureka.server.security.password}@${eureka.instance.hostname}:8080/eureka/
healthcheck:
enabled: true
eurekaServiceUrlPollIntervalSeconds: 60
fetch-registry: false
registerWithEureka: false
图1.png
参考:如图2, apollo
图2.png
低版本
低版本时,需要在apollo-configservice模块,修改ConfigServerEurekaServerConfigure
同样需要在apollo-configservice模块resources路径下的application.yml中添加上述高版本的配置
package com.ctrip.framework.apollo.configservice;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableEurekaServer
@ConditionalOnProperty(name = "apollo.eureka.server.enabled", havingValue = "true", matchIfMissing = true)
public class ConfigServerEurekaServerConfigure {
@Order(99)
@Configuration
static class EurekaServerSecurityConfigurer extends WebSecurityConfigurerAdapter {
private static final String EUREKA_ROLE = "EUREKA";
@Value("${apollo.eureka.server.security.enabled:false}")
private boolean eurekaSecurityEnabled;
@Value("${apollo.eureka.server.security.username:}")
private String username;
@Value("${apollo.eureka.server.security.password:}")
private String password;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.httpBasic();
if (eurekaSecurityEnabled) {
http.authorizeRequests()
// 如果匹配为:/,/eureka/apps/**,/eureka/instances/**,/eureka/peerreplication/**,则需要认证
.antMatchers(
"/",
"/eureka/apps/**",
"/eureka/instances/**",
"/eureka/peerreplication/**")
.hasRole(EUREKA_ROLE)
// 如果匹配为 /eureka/**,则允许所有请求
.antMatchers("/eureka/**")
.permitAll();
}
}
@Autowired
public void configureEurekaUser(AuthenticationManagerBuilder auth) throws Exception {
if (!eurekaSecurityEnabled) {
return;
}
InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> configurer = auth
.getConfigurer(InMemoryUserDetailsManagerConfigurer.class);
if (configurer == null) {
configurer = auth.inMemoryAuthentication();
}
configurer.withUser(username).password(password).roles(EUREKA_ROLE);
}
}
}
效果如图3
图3.png
输入配置的用户名,密码,登录之后如图4
图4.png
