A Microservice Architecture with Spring Boot and Spring Cloud(二)
2017-08-14 23:08
519 查看
安全配置
下一步是保护这两个API。 虽然后面我们可能需要用OAuth2 + JWT来实现,但现在从基本认证开始。 这正是我们要开始的地方。首先,我们Book application 的安全配置如下:
@EnableWebSecurity @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal1(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication(); } @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic() .disable() .authorizeRequests() .antMatchers(HttpMethod.GET, "/books").permitAll() .antMatchers(HttpMethod.GET, "/books/*").permitAll() .antMatchers(HttpMethod.POST, "/books").hasRole("ADMIN") .antMatchers(HttpMethod.PATCH, "/books/*").hasRole("ADMIN") .antMatchers(HttpMethod.DELETE, "/books/*").hasRole("ADMIN") .anyRequest().authenticated() .and() .csrf() .disable(); } }
Rating application的安全配置:
@EnableWebSecurity @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal1(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication(); } @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic() .disable() .authorizeRequests() .regexMatchers("^/ratings\\?bookId.*$").authenticated() .antMatchers(HttpMethod.POST,"/ratings").authenticated() .antMatchers(HttpMethod.PATCH,"/ratings/*").hasRole("ADMIN") .antMatchers(HttpMethod.DELETE,"/ratings/*").hasRole("ADMIN") .antMatchers(HttpMethod.GET,"/ratings").hasRole("ADMIN") .anyRequest().authenticated() .and() .csrf() .disable(); } }
因为这些API很简单,所以我们可以直接使用全局匹配器来进行安全管理。 然而,随着它们变得越来越复杂,我们需要将其迁移到方法体上用注释实现。
上面的安全配置定义很简单:
任何人都可以访问资源
只有拥有管理员权限的可以修改资源
SpringCloud配置
现在,随着我们的两个API独立运行,是时候使用SpringCloud和引用我们的微服务架构中的一些非常有用的组件:服务配置。提供,管理和集中配置,以实例化不同模块的配置。
服务发现 。使应用程序能够有效和灵活地发现服务。
网关服务。作为反向代理,并通过在一个端口上提供所有API来隐藏我们系统的复杂性。
两个REST API 。 Books API和Ratings API。
我们将使用Spring Initializr快速引导这三个新应用程序。
首先,我们将设置服务配置。 我们需要Cloud Config,Eureka,和Security:
<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-config-server</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-eureka</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
接下来,我们需要使用@EnableConfigServer通过Eureka客户端发现我们的服务配置,如下所示:
@SpringBootApplication @EnableConfigServer @EnableEurekaClient public class ConfigApplication {...}
这里是我们的Boot application.properties:
server.port=8081 spring.application.name=config spring.cloud.config.server.git.uri=file:///${user.home}/application-config eureka.client.region=default eureka.client.registryFetchIntervalSeconds=5 eureka.client.serviceUrl.defaultZone=http://discUser:discPassword@localhost:8082/eureka/ security.user.name=configUser security.user.password=configPassword security.user.role=SYSTEM
接下来,我们需要在我们的HOME目录中创建一个本地的Git存储库application-config来保存配置文件:
cd ~ mkdir application-co 4000 nfig cd application-config git init
请注意,我们正在使用本地Git仓库进行测试。
相关文章推荐
- Microservices Reference Architecture - with Spring Boot, Spring Cloud and Netflix OSS--转
- Building microservices with Spring Cloud and Netflix OSS, part 2
- Building Microservices with Spring Boot and Apache Thrift. Part 1 with servlet
- Building Microservices with Spring Boot and Apache Thrift. Part 2. Swifty services
- Spring Cloud ZooKeeper集成Feign的坑2,服务调用了一次后第二次调用就变成了500,错误:Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.n
- A Simple Web App with Spring Boot, Spring Security and Stormpath – in 15 Minutes
- Springboot with Impala and Kudu
- Build a Reactive application with Angular 5 and Spring Boot 2.0
- Building Microservices with Spring Cloud - Service discovery
- Auto-Publishing and Monitoring APIs With Spring Boot--转
- Event Sourcing in Microservices Using Spring Cloud and Reactor
- Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0
- How to deploy spring cloud microservice on Azure cloud
- Building Microservices with Spring Cloud - Intelligent Routing
- Spring Cloud authentication with JWT service
- Microservice Registration and Discovery with Spri
- Building Microservices with Spring Cloud - Configuration Server
- spring boot and spring cloud 组件
- Building Microservices with Spring Cloud - Load balancing
- Configure a Spring JMS application with Spring Boot and annotation support