Fatal编程技术网
  • spring-security/
  • Spring security Spring云安全-允许无身份验证的请求

Spring security Spring云安全-允许无身份验证的请求

spring-security spring-cloud

Spring security Spring云安全-允许无身份验证的请求,spring-security,spring-cloud,spring-cloud-security,Spring Security,Spring Cloud,Spring Cloud Security,我有一个允许用户注册帐户的应用程序。我们的身份验证和用户服务是UAA,所以我需要能够在没有用户在场的情况下与其安全端点通信 我如何设置SpringCloudSecurity以允许从一个微服务调用另一个微服务,然后与UAA通信以创建用户 因此,有两个主要的微服务正在发挥作用。第一个托管web应用程序,并将与Zuul的调用转发给第二个微服务。该微服务与UAA通信并处理任何其他特定于应用程序的用户请求 我在第一个微服务(登录页)上有这个WebSecurity配置适配器 在第二个微服务(用户信息)中:

我有一个允许用户注册帐户的应用程序。我们的身份验证和用户服务是UAA,所以我需要能够在没有用户在场的情况下与其安全端点通信

我如何设置SpringCloudSecurity以允许从一个微服务调用另一个微服务,然后与UAA通信以创建用户

因此,有两个主要的微服务正在发挥作用。第一个托管web应用程序,并将与Zuul的调用转发给第二个微服务。该微服务与UAA通信并处理任何其他特定于应用程序的用户请求

我在第一个微服务(登录页)上有这个WebSecurity配置适配器

在第二个微服务(用户信息)中:

不幸的是,我很难在第一个微服务上访问REST端点,也无法将任何内容转发到第二个。我通常会收到401响应码。它们各自的application.yaml文件被设置为作为客户端和资源服务器与UAA通信

LandingPage应用程序.yaml

spring:
  application:
    name: Landing Page
  aop:
    proxy-target-class: true

security:
  oauth2:
    client:
      accessTokenUri: http://localhost:8080/uaa/oauth/token
      userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize
      clientId: landing-page
      clientSecret: landing-page-secret
      scope: openid,uaa.admin,uaa.user
    resource:
      userInfoUri: http://localhost:8080/uaa/userinfo

zuul:
  routes:
    users:
      serviceId: USER-INFO-SERVICE
      path: /users/**

server:
  port: 8081

eureka:
  instance:
    hostname: 127.0.0.1
    nonSecurePort: ${server.port}
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
      instanceId: ${spring.application.name}:${server.port}
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
    region: default
    registryFetchIntervalSeconds: 5

server:
  port: 0

security:
  oauth2:
    client:
      clientId: user-info-service
      clientSecret: app-secret
    resource:
      jwt:
        keyUri: http://localhost:8080/uaa/token_key


spring:
  application:
    name: user-info-service
  profiles: development,default
  datasource:
    url: jdbc:h2:mem:AZ;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
    driverClassName: org.h2.Driver
    username: sa
    password:
    database-platform: org.hibernate.dialect.H2Dialect


eureka:
  instance:
    hostname: 127.0.0.1
    nonSecurePort: ${server.port}
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
      instanceId: ${spring.application.name}:${server.port}
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
    region: default
    registryFetchIntervalSeconds: 5
以及UserInfoSerevice Application.yaml

spring:
  application:
    name: Landing Page
  aop:
    proxy-target-class: true

security:
  oauth2:
    client:
      accessTokenUri: http://localhost:8080/uaa/oauth/token
      userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize
      clientId: landing-page
      clientSecret: landing-page-secret
      scope: openid,uaa.admin,uaa.user
    resource:
      userInfoUri: http://localhost:8080/uaa/userinfo

zuul:
  routes:
    users:
      serviceId: USER-INFO-SERVICE
      path: /users/**

server:
  port: 8081

eureka:
  instance:
    hostname: 127.0.0.1
    nonSecurePort: ${server.port}
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
      instanceId: ${spring.application.name}:${server.port}
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
    region: default
    registryFetchIntervalSeconds: 5

server:
  port: 0

security:
  oauth2:
    client:
      clientId: user-info-service
      clientSecret: app-secret
    resource:
      jwt:
        keyUri: http://localhost:8080/uaa/token_key


spring:
  application:
    name: user-info-service
  profiles: development,default
  datasource:
    url: jdbc:h2:mem:AZ;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
    driverClassName: org.h2.Driver
    username: sa
    password:
    database-platform: org.hibernate.dialect.H2Dialect


eureka:
  instance:
    hostname: 127.0.0.1
    nonSecurePort: ${server.port}
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
      instanceId: ${spring.application.name}:${server.port}
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
    region: default
    registryFetchIntervalSeconds: 5
非常感谢您的帮助

答案是将此WebConfigAdapter设置放在父MS中:

    @Configuration
    @EnableOAuth2Sso
    @EnableAutoConfiguration
    protected static class TestConfiguration extends WebSecurityConfigurerAdapter {


        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.csrf().disable().antMatcher("/**")
                .authorizeRequests()
                .anyRequest().permitAll();
        }

    }
以及子MS中的以下内容:

    @Configuration
    @Order(-10)
    @EnableOAuth2Client
    @EnableAutoConfiguration
    protected static class TestConfiguration extends WebSecurityConfigurerAdapter {


        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.csrf().disable().anonymous().authenticationFilter(new AnonymousAuthenticationFilter("HALLO")) //allow anonymous access
                    .and()
                    .authorizeRequests()
                    .antMatchers("/**")
                    .permitAll();
        }
    }