我正在尝试在我们的项目中设置Spring Boot Admin SBA,该项目具有15到20个Spring Boot应用程序集,其中Netflix Zuul作为API网关,而Eureka作为发现服务。
我能够在SBA中实现任何工作而无需任何安全性。在SBA的登录页面中添加spring security时会出现问题。使用基础ipaddress和端口(而不是zuul主机名)将呼叫直接重定向到SBA应用程序。这是我的配置
SBA详细信息
渐变依赖项,云版本为GREENWICH,引导版本为2.1.5.RELEASE
dependencies {
implementation enforcedPlatform("org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}")
implementation 'org.springframework.boot:spring-boot-starter'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'de.codecentric:spring-boot-admin-server-ui:2.1.6'
implementation 'de.codecentric:spring-boot-admin-starter-server:2.1.6'
implementation 'org.springframework.cloud:spring-cloud-starter-netflix-eureka-client'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.cloud:spring-cloud-starter-config'
}
YAML
eureka:
client:
enabled: true
serviceUrl:
defaultZone: http://localhost:8761/eureka/
spring:
profiles: local
boot:
admin:
ui:
public-url: http://localhost:8080/api/admin
security:
user:
name: admin
password: admin
management:
endpoints:
web:
exposure:
include: "*"
endpoint:
health:
show-details: always
server:
port: 2233
forward-headers-strategy: NATIVE
Spring Security Config
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getcontextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl(this.adminContextPath + "/");
http.authorizeRequests()
.antMatchers(this.adminContextPath + "/assets/**").permitAll()
.antMatchers(this.adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(this.adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(this.adminContextPath + "/logout").and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringRequestMatchers(
new AntPathRequestMatcher(this.adminContextPath + "/instances",HttpMethod.POST.toString()),new AntPathRequestMatcher(this.adminContextPath + "/instances/*",HttpMethod.DELETE.toString()),new AntPathRequestMatcher(this.adminContextPath + "/actuator/**")
);
// @formatter:on
}
}
Zuul详细信息
应用程序Yaml
spring:
profiles:
active: local
application:
name: zuul
zuul:
prefix: /api
sensitiveHeaders: Cookie,Set-Cookie
ribbon:
ReadTimeout: 100000
ConnectTimeout: 100000
eureka:
enabled: true
hystrix:
command:
default:
execution:
timeout:
enabled: false
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
enabled: true
server:
port: 8080
如您所见,zuul运行在端口8080和2233的SBA上。期望是当我们命中http://localhost:8080/api/admin时,应将其重定向到http://localhost:8080/api/admin/login,但它将重定向到http://localip:2233/login带有302代码。
这可能不是SBA问题,但必须弄清楚如何通过Zuul主机重定向Spring Boot应用程序中的任何页面或Spring Security的登录页面。