微服务5:Eureka清单获取与Security安全验证

Logic2021
19 阅读1分钟

1.客户端获取Eureka服务清单列表:

  1. 在客户端主启动类添加@EnableDiscoveryClient(很常用)
  2. 在需要调用的类中导入类
    1. 注意:导入类的jar包是import org.springframework.cloud.client.discovery.DiscoveryClient ;
    2. 编写相应代码(更多方法案例查阅源码)
    @Resource
    private DiscoveryClient discoveryClient;


    @ApiOperation("服务列表测试")
    @GetMapping("discoveryClientTest")
    public Result discoveryClienttest(){
            //获取服务名称
        List<String> services = discoveryClient.getServices();

        for (String service : services) {
            log.info("微服务:" + service);
        }

        List<ServiceInstance> instances = discoveryClient.getInstances("PAYMENTMODULESERVICE");
        for (ServiceInstance instance : instances) {
            log.info("PAYMENTMODULESERVICE的微服务集群信息:");
            log.info(instance.getServiceId()+"\t"+instance.getHost()+"\t"+instance.getPort()+"\t"+instance.getUri());
        }
        return Result.success();
    }

2.使用Spring Security进行保护验证:

官方文档说明:

操作步骤:

  1. Eureka服务端pom依赖添加Security依赖(单机/集群皆如此)
<!-- spring-boot-starter-security:鉴权认证框架 -->
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
  <version>2.6.2</version>
</dependency>
  1. Eureka服务端yml设置添加Security用户密码参数(单机/集群皆如此)
#Security验证保护
spring:
  security:
    user:
      name: admin
      password: admin
  1. Eureka服务端yml更改defaultZone注册地址在其中加入Security登录信息,如是集群服务端相互守望则在己方配置的注册地址中添加对方的用户密码
      defaultZone: http://admin:admin@eureka7002.com:7002/eureka/

      defaultZone: http://admin:admin@eureka7001.com:7001/eureka/
  1. Eureka服务端添加官方文档中说明的配置类从而处理CSRF跨域问题,两种方式任选其一,不进行此操作,客户端无法注册报错:Cannot execute request on any known server
@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //方式一:忽略/eureka/** 所有请求
        //http.csrf().ignoringAntMatchers("/eureka/**");
        //方式二:关闭CSRF跨域脚本攻击
        super.configure(http);
    }
}
  1. Eureka客户端yml更改defaultZone注册地址在其中加入Security登录信息,集群客户端以逗号隔开
      defaultZone: http://admin:admin@192.168.2.135:7001/eureka/,http://admin:admin@192.168.2.135:7002/eureka/

      defaultZone: http://admin:admin@192.168.2.135:7001/eureka/,http://admin:admin@192.168.2.135:7002/eureka/

      defaultZone: http://admin:admin@192.168.2.135:7001/eureka/,http://admin:admin@192.168.2.135:7002/eureka/

avatar
文章
阅读
粉丝