在我们实际生产环境中，都需要考虑到一个安全问题，比如用户登录，又或者是eureka server，它对外暴露的有自己的rest API，如果没有安全认证，也就意味着别人可以通过rest API随意修改数据信息，这是一件非常恐怖的事情，这篇文章咱们详谈eureka server是如何开启认证，以及eureka client是如何配置鉴权信息。

公共pom文件依赖：

<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.0.3.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> <spring-cloud.version>Finchley.RELEASE</spring-cloud.version> </properties> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>${spring-cloud.version}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>

1、eureka server工程

1.1、eureka server工程pom：

<!--加上文章头部的公共依赖-->

<dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId> </dependency>
　　　　　
　　　　 <!--权限依赖，只要pom文件有这个依赖，项目默认就已经开启了权限校验--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build>

1.2、eureka server工程启动类：

import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer; @SpringBootApplication @EnableEurekaServer public class EurkeaServerApplication { public static void main(String[] args) { SpringApplication.run(EurkeaServerApplication.class, args); } }

1.3、eureka server工程配置文件，路径：eureka-server\src\main\resources\

application-security.yml：

server: port: 8761 spring: security: basic: enabled: true user: name: admin password: Xk38CNHigBP5jK75 eureka: instance: hostname: localhost client: registerWithEureka: false fetchRegistry: false serviceUrl: defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ server: waitTimeInMsWhenSyncEmpty: 0 enableSelfPreservation: false

application.yml：

spring: profiles: active: security

由于spring-boot-starter-security默认开启了CSRF校验，对于client端这类非界面应用来说，有些不合适，但是又没有配置文件的方式可以禁用，需要通过Java配置，进行禁用，如下：

import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * 关闭spring-boot-starter-security的CSRF校验 */ @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http.csrf().disable(); } }

1.4、启动eureka server工程，执行命令：

mvn spring-boot:run

打开命令行终端，执行： curl -i :8761/eureka/apps

curl -i http://localhost:8761/eureka/apps HTTP/1.1 401 Set-Cookie: JSESSIONID=554BCAF092D8D1ED3936C0CB09E91AF1; Path=http://www.mamicode.com/; HttpOnly WWW-Authenticate: Basic realm="Realm" X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 04 Oct 2019 07:31:57 GMT {"timestamp":"2019-10-04T07:31:57.888+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/eureka/apps"}

可以看出，没有传递Authenticate的header，返回401状态码。

下面使用http basic的账号密码传递Authenticate的header：