Spring security Zuul网关通过Eureka服务器启动时出现未经授权的异常_Spring Security_Spring Security Oauth2_Netflix Eureka_Netflix Zuul_Spring Cloud Security

Spring security Zuul网关通过Eureka服务器启动时出现未经授权的异常

spring-security

Spring security Zuul网关通过Eureka服务器启动时出现未经授权的异常,spring-security,spring-security-oauth2,netflix-eureka,netflix-zuul,spring-cloud-security,Spring Security,Spring Security Oauth2,Netflix Eureka,Netflix Zuul,Spring Cloud Security,我正在进行从1.5.12到2.1.14的Spring引导迁移。我们还必须迁移Spring云依赖性。为此，我更改了Spring云版本从'Dalston.SR4'中命名为'Greenwich.SR4'（Spring Boot 2.1.x的支持版本） //implementation('org.springframework.boot:spring-boot-starter-security') implementation('org.springframework.cloud:spring-clo

我正在进行从1.5.12到2.1.14的Spring引导迁移。我们还必须迁移Spring云依赖性。为此，我更改了Spring云版本从'Dalston.SR4'中命名为'Greenwich.SR4'（Spring Boot 2.1.x的支持版本）

//implementation('org.springframework.boot:spring-boot-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-oauth2')
//compile('org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure')
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
compile('org.springframework.boot:spring-boot-starter-web')
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-server")
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-client")
compile("org.springframework.cloud:spring-cloud-starter-netflix-zuul")

我有Eureka服务器和Zuul网关应用程序，这是微服务之一，将充当代理和Eureka客户端，如下所示

Eureka Server:
----------------

 @SpringBootApplication(exclude = {
        HibernateJpaAutoConfiguration.class,
        JndiConnectionFactoryAutoConfiguration.class,
        DataSourceAutoConfiguration.class,
        DataSourceTransactionManagerAutoConfiguration.class,
        SecurityAutoConfiguration.class
})
@EnableEurekaServer
@ComponentScan("com.swp.service.eureka")
public class EurekaRegistryApplication {
    public static void main(String[] args) {
        SpringApplication springApplication = new SpringApplication(EurekaApplication.class);
        springApplication.run(args);
    }
 
 application-eureka.properties:
 -----------------------------
 spring.application.name=eureka
server.port=8761
eureka.instance.hostname=localhost
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=false
eureka.client.serviceUrl.defaultZone=http://${eureka.instance.hostname}:${server.port}/eureka/
security.enabled=false
 
Zuul Gateway:
--------------- 
 @SpringBootApplication(exclude = {
        HibernateJpaAutoConfiguration.class,
        JndiConnectionFactoryAutoConfiguration.class,
        DataSourceAutoConfiguration.class,
        DataSourceTransactionManagerAutoConfiguration.class,
        SecurityAutoConfiguration.class
})
@EnableZuulProxy
@EnableDiscoveryClient
@ComponentScan("com.swp.swp.service.zuul")
public class SWPGatewayApplication {

    public static void main(String[] args) {  
        SpringApplication springApplication = new SpringApplication(SWPGatewayApplication.class);
        springApplication.run(args);
    }
}

application-gateway.properties
-------------------------------

spring.application.name=zuul
server.port=8092
server.servlet.context-path=/swp-gateway
allowedOriginHeaders=http://localhost:9090
zuul.add-host-header=true
zuul.sensitiveHeaders=Cookie,Set-Cookie
zuul.host.connect-timeout-millis=300000
zuul.host.socket-timeout-millis=300000
zuul.routes.swp.path=/swpapp/**
zuul.routes.oauth.path=/authservice/**
zuul.routes.swp.serviceId=swpapp
zuul.routes.oauth.serviceId=oauthservice
ribbon.ReadTimeout=300000
ribbon.ConnectTimeout=300000
ribbon.eureka.enabled=true
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=300000
eureka.client.registerWithEureka=false
eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka/
security.enabled=false

我们已经将spring安全性与Oauth2集成在一起，并具有如下所示的授权服务器和资源服务器

Authorization server:
---------------------

@Configuration
@EnableAuthorizationServer
@ConditionalOnProperty(name="EnableJwtToken", matchIfMissing=true, havingValue="false")
public class AuthServerConfig extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer {
   
   
    @Bean
    public  AuthenticationManager authenticationManagerBean() throws Exception {
        return  super.authenticationManagerBean();
    }

    @Autowired
    private AuthenticationManager authenticationManager;
    
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        logger.info("AuthorizationServerSecurityConfigurer", "Enter into AuthorizationServerSecurityConfigurer");
        oauthServer.checkTokenAccess("isAuthenticated()").checkTokenAccess("permitAll()");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").permitAll();
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/**");
    
    etc.. config for in memory auth and token generation.
}


Resource Server:
------------------

@Configuration
@EnableResourceServer
@EnableWebSecurity
@ConditionalOnProperty(name="EnableJWTSecurity", havingValue="false",matchIfMissing=true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    
    @Override
    public void configure(HttpSecurity http) throws Exception {
        logger.info("ResourceServerConfig","Inside HttpSecurity http configure");
        /*http
                .authorizeRequests().
                antMatchers("/swp/**").
                authenticated()
                .anyRequest().permitAll();*/
        http.authorizeRequests()
                .antMatchers("/**")
                .permitAll()
                .antMatchers("/**")
                .authenticated();
    }
}

我也有一些其他的微服务以及这些女士。当我启动Eureka注册应用程序，这是Eureka服务器，我们没有错误，能够成功地启动它们。但我们在运行Zull Gateway Micro服务时遇到问题，该服务在请求授权时出现以下错误

25408     SWP  DEBUG  zuul   org.apache.http.headers    << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
25408     SWP  DEBUG  zuul   org.apache.http.headers    << Pragma: no-cache
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Expires: 0
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << X-Frame-Options: DENY
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Content-Type: application/json;charset=UTF-8
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Transfer-Encoding: chunked
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Date: Fri, 10 Jul 2020 06:37:22 GMT
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Keep-Alive: timeout=60
25408     SWP  DEBUG  zuul   org.apache.http.headers  2020-07-10 02:37:22.909  << Connection: keep-alive
25408     SWP  DEBUG  zuul   o.a.h.impl.client.DefaultHttpClient  2020-07-10 02:37:22.909  Connection can be kept alive for 60000 MILLISECONDS
25408     SWP  DEBUG  zuul   o.a.h.impl.client.DefaultHttpClient  2020-07-10 02:37:22.909  Authentication required
25408     SWP  DEBUG  zuul   o.a.h.impl.client.DefaultHttpClient  2020-07-10 02:37:22.909  localhost:8761 requested authentication
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.909  Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.912  Challenge for Negotiate authentication scheme not available
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.912  Challenge for Kerberos authentication scheme not available
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.912  Challenge for NTLM authentication scheme not available
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.912  Challenge for CredSSP authentication scheme not available
25408     SWP  DEBUG  zuul   o.a.h.i.c.TargetAuthenticationStrategy  2020-07-10 02:37:22.912  Challenge for Digest authentication scheme not available
25408     SWP  DEBUG  zuul   org.apache.http.wire  2020-07-10 02:37:22.912   << "80[\r][\n]"
25408     SWP  DEBUG  zuul   org.apache.http.wire  2020-07-10 02:37:22.912   << **"{"timestamp":"2020-07-10T06:37:22.908+0000","status":401,
"error":"Unauthorized","message":"Unauthorized","path":"/eureka/apps/"}"**
25408     SWP  DEBUG  zuul   c.n.d.s.t.j.AbstractJerseyEurekaHttpClient  2020-07-10 02:37:22.912  Jersey HTTP GET http://localhost:8761/eureka//apps/?; statusCode=401
25408     SWP  DEBUG  zuul   org.apache.http.wire  2020-07-10 02:37:22.912   << "[\r][\n]"
25408     SWP  DEBUG  zuul   org.apache.http.wire  2020-07-10 02:37:22.912   << "0[\r][\n]"
25408     SWP  DEBUG  zuul   org.apache.http.wire  2020-07-10 02:37:22.912   << "[\r][\n]"
25408     SWP  DEBUG  zuul   c.n.d.s.MonitoredConnectionManager  2020-07-10 02:37:22.912  Released connection is reusable.
25408     SWP  DEBUG  zuul   c.n.d.shared.NamedConnectionPool  2020-07-10 02:37:22.912  Releasing connection [{}->http://localhost:8761][null]
25408     SWP  DEBUG  zuul   c.n.d.shared.NamedConnectionPool  2020-07-10 02:37:22.912  Pooling connection [{}->http://localhost:8761][null]; keep alive for 60000 MILLISECONDS
25408     SWP  DEBUG  zuul   c.n.d.shared.NamedConnectionPool  2020-07-10 02:37:22.912  Notifying no-one, there are no waiting threads
25408     SWP  DEBUG  zuul   c.n.d.s.t.d.RedirectingEurekaHttpClient  2020-07-10 02:37:22.912  Pinning to endpoint null
25408     SWP   WARN  zuul   c.n.d.s.t.d.RetryableEurekaHttpClient  2020-07-10 02:37:22.912  Request execution failure with status code 401; retrying on another server if available
25408     SWP  ERROR  zuul   c.netflix.discovery.DiscoveryClient  2020-07-10 02:37:22.912  DiscoveryClient_ZUUL/WGA10015LDITEGG.uswin.ad.swp.com:zuul:8092 - was unable to refresh its cache! status = Cannot execute request on any known server
com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server

25408 SWP调试zuul org.apache.http.headers