A Microservice Architecture with Spring Boot and Spring Cloud(三)
阿新 • • 發佈:2018-12-17
服務發現
對於服務發現,我們需要Eureka,Cloud Config Client和Security:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId >
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
我們將通過新增@EnableEurekaServer註解來配置我們的服務發現:
@SpringBootApplication
@EnableEurekaServer
public class DiscoveryApplication {...}
接下來,我們將簡單地保護我們的伺服器端點:
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfig extendsWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth.inMemoryAuthentication()
.withUser("discUser" )
.password("discPassword")
.roles("SYSTEM");
}
@Override
protected void configure(HttpSecurity http) {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.requestMatchers().antMatchers("/eureka/**").and()
.authorizeRequests()
.antMatchers("/eureka/**").hasRole("SYSTEM")
.anyRequest().denyAll().and()
.httpBasic().and()
.csrf().disable();
}
}
同樣地,對Eureka引數資訊進行保護:
@Configuration
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
.httpBasic().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
.antMatchers("/info", "/health").authenticated()
.anyRequest().denyAll().and()
.csrf().disable();
}
}
現在,我們將在我們的服務發現resources資料夾中新增bootstrap.properties:
spring.cloud.config.name=discovery
spring.cloud.config.uri=http://localhost:8081
spring.cloud.config.username=configUser
spring.cloud.config.password=configPassword
最後,我們將在我們的application-config Git倉庫中新增discovery.properties:
spring.application.name=discovery
server.port=8082
eureka.instance.hostname=localhost
eureka.client.serviceUrl.defaultZone=http://discUser:[email protected]:8082/eureka/
eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
spring.redis.host=localhost
spring.redis.port=6379
說明:
- 我們使用@Order(1),因為我們為服務發現配置了兩個安全配置。 一個用於端點,另一個用於引數資訊。
- 在configuration repository中,spring.cloud.config.name的屬性值要和服務發現的配置檔名一致。
- 我們必須在bootstrap.properties中提供spring.cloud.config.uri的屬性值,以便能夠從服務配置那裡獲取完整配置資訊。
閘道器服務
要設定閘道器服務,我們需要Cloud Config Client,Eureka Client,Zuul和Security:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-zuul</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
接下來,我們需要如下面這樣配置閘道器服務:
@SpringBootApplication
@EnableZuulProxy
@EnableEurekaClient
public class GatewayApplication {}
加上一個簡單的安全配置:
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("admin").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/book-service/books").permitAll()
.antMatchers("/eureka/**").hasRole("ADMIN")
.anyRequest().authenticated().and()
.formLogin().and()
.logout().permitAll().and()
.csrf().disable();
}
}
我們還需要在閘道器服務resources資料夾中新增bootstrap.properties:
spring.cloud.config.name=gateway
spring.cloud.config.discovery.service-id=config
spring.cloud.config.discovery.enabled=true
spring.cloud.config.username=configUser
spring.cloud.config.password=configPassword
eureka.client.serviceUrl.defaultZone=http://discUser:[email protected]:8082/eureka/
最後,我們將在我們的application-config Git倉庫中新增gateway.properties:
spring.application.name=gateway
server.port=8080
eureka.client.region = default
eureka.client.registryFetchIntervalSeconds = 5
management.security.sessions=always
zuul.routes.book-service.path=/book-service/**
zuul.routes.book-service.sensitive-headers=Set-Cookie,Authorization
hystrix.command.book-service.execution.isolation.thread.timeoutInMilliseconds=600000
zuul.routes.rating-service.path=/rating-service/**
zuul.routes.rating-service.sensitive-headers=Set-Cookie,Authorization
hystrix.command.rating-service.execution.isolation.thread.timeoutInMilliseconds=600000
zuul.routes.discovery.path=/discovery/**
zuul.routes.discovery.sensitive-headers=Set-Cookie,Authorization
zuul.routes.discovery.url=http://localhost:8082
hystrix.command.discovery.execution.isolation.thread.timeoutInMilliseconds=600000
spring.redis.host=localhost
spring.redis.port=6379
說明:我們正在使用zuul.routes.book-service.path定義請求路徑,向/book-service/ **發起請求會進入到Book Service application,這同樣適用於Rating Service。