网新企业网站管理系统,新浪博客,电子商务网站建设与维护期末答案,网站提升排名文章目录 1. 背景2. 方法2.1 Eureka Server 添加安全组件2.2 Eureka Server 添加参数2.3 重启 Eureka Server2.4 Eureka Server 升级版本2.5 Eureka Client 配置2.6 Eureka Server 添加代码2.7 其他问题 1. 背景
项目组使用的 Spring Boot 比较老#xff0c;是 1.5.4.RELEASE… 文章目录 1. 背景2. 方法2.1 Eureka Server 添加安全组件2.2 Eureka Server 添加参数2.3 重启 Eureka Server2.4 Eureka Server 升级版本2.5 Eureka Client 配置2.6 Eureka Server 添加代码2.7 其他问题 1. 背景
项目组使用的 Spring Boot 比较老是 1.5.4.RELEASE 。最近被检测出 Spring Eureka 未授权访问漏洞。
现状是浏览器直接访问 Eureka Server 可以直接进去看到已经注册的服务信息。 2. 方法
2.1 Eureka Server 添加安全组件
Eureka Server 添加 pom 依赖 dependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-security/artifactId/dependency2.2 Eureka Server 添加参数
spring.application.name:demo-eureka
server.port: 8088
eureka.instance.hostnamelocalhost
#禁用将自己作为客户端注册禁用客户端注册行为
eureka.client.register-with-eurekafalse
eureka.client.fetch-registryfalse
#eureka地址
eureka.client.service-url.defaultZonehttp://${spring.security.user.name}:${spring.security.user.password}${eureka.instance.hostname}:${server.port}/eureka
#eureka.client.service-url.defaultZonehttp://${eureka.instance.hostname}:${server.port}/eureka
#关闭自我保护 --本地开发环境可以关闭生产环境
eureka.server.enable-self-preservation false
#清理节点时间
eureka.server.eviction-interval-timer-in-ms 60000
spring.security.basic.enabledtrue
spring.security.user.namedemo
spring.security.user.password123abcd2.3 重启 Eureka Server
重启 Eureka Server 然后刷新访问页面显示登录框 输入配置的用户名和密码。
spring.security.user.namedemo
spring.security.user.password123abcd然后就报错了Reason: Bad credentials。 奇怪明明是按照配置文件里面输入的怎么还会报用户名或密码错误呢。
查了一些资料说跟 security 加密方法有关整了半天搞不定。
2.4 Eureka Server 升级版本
实在没招了只能怀疑用的框架版本太低去重新整一个eureka 就用了个服务发现问题不大。
访问https://start.spring.io/ 把项目下载到本地依赖已经加好了 dependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-security/artifactId/dependencydependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-starter-netflix-eureka-server/artifactId/dependencydependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-test/artifactIdscopetest/scope/dependencydependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-test/artifactIdscopetest/scope/dependency/dependenciesdependencyManagementdependenciesdependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-dependencies/artifactIdversion${spring-cloud.version}/versiontypepom/typescopeimport/scope/dependency/dependencies在启动类上加上注解
package com.demo.cloudeurekaserver;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;EnableEurekaServer
SpringBootApplication
public class CloudEurekaServerApplication {public static void main(String[] args) {SpringApplication.run(CloudEurekaServerApplication.class, args);}}
再把 2.2 的参数加到 properties 文件中最好换个 server.port然后 run 启动类访问 eureka 输入用户名和密码进去了 2.5 Eureka Client 配置
eureka client 参数
eureka.client.enabledtrue
eureka.client.eureka-server-port8089
eureka.client.service-url.defaultZonehttp://demo:123abcdlocalhost:8089/eureka/启动 eureka client报错
javax.ws.rs.WebApplicationException: nullat com.netflix.discovery.provider.DiscoveryJerseyProvider.readFrom(DiscoveryJerseyProvider.java:110)at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:634)at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:586)at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.sendHeartBeat(AbstractJerseyEurekaHttpClient.java:105)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$3.execute(EurekaHttpClientDecorator.java:92)at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$3.execute(EurekaHttpClientDecorator.java:92)at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:118)at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:79)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$3.execute(EurekaHttpClientDecorator.java:92)at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:119)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$3.execute(EurekaHttpClientDecorator.java:92)at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.DiscoveryClient.renew(DiscoveryClient.java:824)at com.netflix.discovery.DiscoveryClient$HeartbeatThread.run(DiscoveryClient.java:1388)at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)at java.util.concurrent.FutureTask.run(FutureTask.java:266)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)at java.lang.Thread.run(Thread.java:748)2023-11-03 14:41:26.339 WARN [test-app-service,,,] 16240 --- [tbeatExecutor-0] c.n.d.s.t.d.RetryableEurekaHttpClient : Request execution failed with message: null
2023-11-03 14:41:26.339 ERROR [test-app-service,,,] 16240 --- [tbeatExecutor-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_TEST-APP-SERVICE/10.136.44.122:test-app-service:60000 - was unable to send heartbeat!com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known serverat com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:111)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$3.execute(EurekaHttpClientDecorator.java:92)at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.sendHeartBeat(EurekaHttpClientDecorator.java:89)at com.netflix.discovery.DiscoveryClient.renew(DiscoveryClient.java:824)at com.netflix.discovery.DiscoveryClient$HeartbeatThread.run(DiscoveryClient.java:1388)at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)at java.util.concurrent.FutureTask.run(FutureTask.java:266)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)at java.lang.Thread.run(Thread.java:748)刷新 eureka 页面也没有服务信息服务注册失败了。
这是因为从 Spring Boot 2.0 开始默认情况下会启用CSRF保护以防止CSRF攻击应用程序导致服务注册失败。
2.6 Eureka Server 添加代码
修改 Eureka Server
package com.demo.cloudeurekaserver;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;EnableEurekaServer
SpringBootApplication
public class CloudEurekaServerApplication {public static void main(String[] args) {SpringApplication.run(CloudEurekaServerApplication.class, args);}/*** springboot 从 2.0 开始默认情况下会启用CSRF保护* 需要关闭*/EnableWebSecuritystatic class WebSecurityConfig extends WebSecurityConfigurerAdapter {Overrideprotected void configure(HttpSecurity http) throws Exception {//方法1关闭csrf
// http.csrf().disable();//方法2忽略/eureka/** 所有请求http.csrf().ignoringAntMatchers(/eureka/**);super.configure(http);}}
}
重启 Eureka Server 和 Eureka Client 这次没有报错刷新页面重新登录后看到注册的服务信息 2.7 其他问题
在 Spring Security 5.7.0-M2 中WebSecurityConfigurerAdapter 被弃用了Spring 鼓励用户转向基于组件的安全配置。这意味着现在应该使用基于组件的安全配置来配置 HttpSecurity而不是继承 WebSecurityConfigurerAdapter。这种方式更加灵活可以更好地支持 Spring Boot 2.x 和 Spring 5.x。 我试了几个方法没有替换掉靠你了耿小姐。
先这样吧。 图网侵删
