如何将apollo配置中心的eureka添加登录验证

高版本2.1.0及以上版本

在apollo-configservice模块resources路径下的application.yml中添加如下配置

apollo:
  eureka:
    server:
      security:
        username: demo1
        password: pwd1
        enabled: true

修改eureka.client.serviceUrl.defaultZone

eureka:
  instance:
    hostname: ${hostname:localhost}
    preferIpAddress: true
    status-page-url-path: /info
    health-check-url-path: /health
  server:
    peerEurekaNodesUpdateIntervalMs: 60000
    enableSelfPreservation: false
  client:
    serviceUrl:
      # This setting will be overridden by eureka.service.url setting from ApolloConfigDB.ServerConfig or System Property
      # see com.ctrip.framework.apollo.biz.eureka.ApolloEurekaClientConfig
      # 修改:defaultZone: http://${eureka.instance.hostname}:8080/eureka/
      defaultZone: http://${apollo.eureka.server.security.username}:${apollo.eureka.server.security.password}@${eureka.instance.hostname}:8080/eureka/
    healthcheck:
      enabled: true
    eurekaServiceUrlPollIntervalSeconds: 60
    fetch-registry: false
    registerWithEureka: false

图1.png

参考:如图2, apollo

图2.png

低版本

低版本时,需要在apollo-configservice模块,修改ConfigServerEurekaServerConfigure
同样需要在apollo-configservice模块resources路径下的application.yml中添加上述高版本的配置

package com.ctrip.framework.apollo.configservice;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableEurekaServer
@ConditionalOnProperty(name = "apollo.eureka.server.enabled", havingValue = "true", matchIfMissing = true)
public class ConfigServerEurekaServerConfigure {

  @Order(99)
  @Configuration
  static class EurekaServerSecurityConfigurer extends WebSecurityConfigurerAdapter {

    private static final String EUREKA_ROLE = "EUREKA";

    @Value("${apollo.eureka.server.security.enabled:false}")
    private boolean eurekaSecurityEnabled;
    @Value("${apollo.eureka.server.security.username:}")
    private String username;
    @Value("${apollo.eureka.server.security.password:}")
    private String password;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable();
      http.httpBasic();
      if (eurekaSecurityEnabled) {
        http.authorizeRequests()
            // 如果匹配为:/,/eureka/apps/**,/eureka/instances/**,/eureka/peerreplication/**，则需要认证
            .antMatchers(
                "/",
                "/eureka/apps/**",
                "/eureka/instances/**",
                "/eureka/peerreplication/**")
            .hasRole(EUREKA_ROLE)
            // 如果匹配为 /eureka/**，则允许所有请求
            .antMatchers("/eureka/**")
            .permitAll();
      }
    }

    @Autowired
    public void configureEurekaUser(AuthenticationManagerBuilder auth) throws Exception {
      if (!eurekaSecurityEnabled) {
        return;
      }
      InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> configurer = auth
          .getConfigurer(InMemoryUserDetailsManagerConfigurer.class);
      if (configurer == null) {
        configurer = auth.inMemoryAuthentication();
      }
      configurer.withUser(username).password(password).roles(EUREKA_ROLE);
    }
  }
}

效果如图3

图3.png

输入配置的用户名,密码,登录之后如图4

图4.png