Spring security Zuul网关通过Eureka服务器启动时出现未经授权的异常
我正在进行从1.5.12到2.1.14的Spring引导迁移。我们还必须迁移Spring云依赖性。为此,我更改了Spring云版本 从'Dalston.SR4'中命名为'Greenwich.SR4'(Spring Boot 2.1.x的支持版本)Spring security Zuul网关通过Eureka服务器启动时出现未经授权的异常,spring-security,spring-security-oauth2,netflix-eureka,netflix-zuul,spring-cloud-security,Spring Security,Spring Security Oauth2,Netflix Eureka,Netflix Zuul,Spring Cloud Security,我正在进行从1.5.12到2.1.14的Spring引导迁移。我们还必须迁移Spring云依赖性。为此,我更改了Spring云版本 从'Dalston.SR4'中命名为'Greenwich.SR4'(Spring Boot 2.1.x的支持版本) //implementation('org.springframework.boot:spring-boot-starter-security') implementation('org.springframework.cloud:spring-clo
//implementation('org.springframework.boot:spring-boot-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-security')
implementation('org.springframework.cloud:spring-cloud-starter-oauth2')
//compile('org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure')
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
compile('org.springframework.boot:spring-boot-starter-web')
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-server")
compile("org.springframework.cloud:spring-cloud-starter-netflix-eureka-client")
compile("org.springframework.cloud:spring-cloud-starter-netflix-zuul")
我有Eureka服务器和Zuul网关应用程序,这是微服务之一,将充当代理和Eureka客户端,如下所示
Eureka Server:
----------------
@SpringBootApplication(exclude = {
HibernateJpaAutoConfiguration.class,
JndiConnectionFactoryAutoConfiguration.class,
DataSourceAutoConfiguration.class,
DataSourceTransactionManagerAutoConfiguration.class,
SecurityAutoConfiguration.class
})
@EnableEurekaServer
@ComponentScan("com.swp.service.eureka")
public class EurekaRegistryApplication {
public static void main(String[] args) {
SpringApplication springApplication = new SpringApplication(EurekaApplication.class);
springApplication.run(args);
}
application-eureka.properties:
-----------------------------
spring.application.name=eureka
server.port=8761
eureka.instance.hostname=localhost
eureka.client.registerWithEureka=false
eureka.client.fetchRegistry=false
eureka.client.serviceUrl.defaultZone=http://${eureka.instance.hostname}:${server.port}/eureka/
security.enabled=false
Zuul Gateway:
---------------
@SpringBootApplication(exclude = {
HibernateJpaAutoConfiguration.class,
JndiConnectionFactoryAutoConfiguration.class,
DataSourceAutoConfiguration.class,
DataSourceTransactionManagerAutoConfiguration.class,
SecurityAutoConfiguration.class
})
@EnableZuulProxy
@EnableDiscoveryClient
@ComponentScan("com.swp.swp.service.zuul")
public class SWPGatewayApplication {
public static void main(String[] args) {
SpringApplication springApplication = new SpringApplication(SWPGatewayApplication.class);
springApplication.run(args);
}
}
application-gateway.properties
-------------------------------
spring.application.name=zuul
server.port=8092
server.servlet.context-path=/swp-gateway
allowedOriginHeaders=http://localhost:9090
zuul.add-host-header=true
zuul.sensitiveHeaders=Cookie,Set-Cookie
zuul.host.connect-timeout-millis=300000
zuul.host.socket-timeout-millis=300000
zuul.routes.swp.path=/swpapp/**
zuul.routes.oauth.path=/authservice/**
zuul.routes.swp.serviceId=swpapp
zuul.routes.oauth.serviceId=oauthservice
ribbon.ReadTimeout=300000
ribbon.ConnectTimeout=300000
ribbon.eureka.enabled=true
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=300000
eureka.client.registerWithEureka=false
eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka/
security.enabled=false
我们已经将spring安全性与Oauth2集成在一起,并具有如下所示的授权服务器和资源服务器
Authorization server:
---------------------
@Configuration
@EnableAuthorizationServer
@ConditionalOnProperty(name="EnableJwtToken", matchIfMissing=true, havingValue="false")
public class AuthServerConfig extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer {
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
private AuthenticationManager authenticationManager;
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
logger.info("AuthorizationServerSecurityConfigurer", "Enter into AuthorizationServerSecurityConfigurer");
oauthServer.checkTokenAccess("isAuthenticated()").checkTokenAccess("permitAll()");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/**");
etc.. config for in memory auth and token generation.
}
Resource Server:
------------------
@Configuration
@EnableResourceServer
@EnableWebSecurity
@ConditionalOnProperty(name="EnableJWTSecurity", havingValue="false",matchIfMissing=true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
logger.info("ResourceServerConfig","Inside HttpSecurity http configure");
/*http
.authorizeRequests().
antMatchers("/swp/**").
authenticated()
.anyRequest().permitAll();*/
http.authorizeRequests()
.antMatchers("/**")
.permitAll()
.antMatchers("/**")
.authenticated();
}
}
我也有一些其他的微服务以及这些女士。当我启动Eureka注册应用程序,这是Eureka服务器,我们没有错误,能够成功地启动它们。
但我们在运行Zull Gateway Micro服务时遇到问题,该服务在请求授权时出现以下错误
25408 SWP DEBUG zuul org.apache.http.headers << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
25408 SWP DEBUG zuul org.apache.http.headers << Pragma: no-cache
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Expires: 0
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << X-Frame-Options: DENY
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Content-Type: application/json;charset=UTF-8
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Transfer-Encoding: chunked
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Date: Fri, 10 Jul 2020 06:37:22 GMT
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Keep-Alive: timeout=60
25408 SWP DEBUG zuul org.apache.http.headers 2020-07-10 02:37:22.909 << Connection: keep-alive
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 Connection can be kept alive for 60000 MILLISECONDS
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 Authentication required
25408 SWP DEBUG zuul o.a.h.impl.client.DefaultHttpClient 2020-07-10 02:37:22.909 localhost:8761 requested authentication
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.909 Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Negotiate authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Kerberos authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for NTLM authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for CredSSP authentication scheme not available
25408 SWP DEBUG zuul o.a.h.i.c.TargetAuthenticationStrategy 2020-07-10 02:37:22.912 Challenge for Digest authentication scheme not available
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "80[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << **"{"timestamp":"2020-07-10T06:37:22.908+0000","status":401,
"error":"Unauthorized","message":"Unauthorized","path":"/eureka/apps/"}"**
25408 SWP DEBUG zuul c.n.d.s.t.j.AbstractJerseyEurekaHttpClient 2020-07-10 02:37:22.912 Jersey HTTP GET http://localhost:8761/eureka//apps/?; statusCode=401
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "0[\r][\n]"
25408 SWP DEBUG zuul org.apache.http.wire 2020-07-10 02:37:22.912 << "[\r][\n]"
25408 SWP DEBUG zuul c.n.d.s.MonitoredConnectionManager 2020-07-10 02:37:22.912 Released connection is reusable.
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Releasing connection [{}->http://localhost:8761][null]
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Pooling connection [{}->http://localhost:8761][null]; keep alive for 60000 MILLISECONDS
25408 SWP DEBUG zuul c.n.d.shared.NamedConnectionPool 2020-07-10 02:37:22.912 Notifying no-one, there are no waiting threads
25408 SWP DEBUG zuul c.n.d.s.t.d.RedirectingEurekaHttpClient 2020-07-10 02:37:22.912 Pinning to endpoint null
25408 SWP WARN zuul c.n.d.s.t.d.RetryableEurekaHttpClient 2020-07-10 02:37:22.912 Request execution failure with status code 401; retrying on another server if available
25408 SWP ERROR zuul c.netflix.discovery.DiscoveryClient 2020-07-10 02:37:22.912 DiscoveryClient_ZUUL/WGA10015LDITEGG.uswin.ad.swp.com:zuul:8092 - was unable to refresh its cache! status = Cannot execute request on any known server
com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server
25408 SWP调试zuul org.apache.http.headers