我有一個允許用戶註冊帳戶的應用程序。我們的身份驗證和用戶服務是UAA,所以我需要能夠與其安全端點進行通信,而不需要用戶真正在場。Spring Cloud安全 - 允許未經身份驗證的請求
如何設置Spring Cloud安全性以允許從1個微服務向另一個調用,然後與UAA進行通信以創建用戶?
因此,有2個主要的微服務正在發揮作用。第一個託管Web應用程序,並將調用與Zuul轉發到第二個微服務。這個微服務與UAA進行通信並處理任何其他應用程序特定的用戶請求。
我對第一微服務這WebSecurityConfigurerAdapter(的LandingPage)
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Sso
@EnableEurekaClient
@EnableAutoConfiguration
public class LandingPageUiApplication extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(LandingPageUiApplication.class, args);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll();
}
}
,這在第二個微服務(UserInformation):
@SpringBootApplication
@EnableCircuitBreaker
@EnableFeignClients
public class UserInformationServiceApplication {
public static void main(String[] args) {
SpringApplication.run(UserInformationServiceApplication.class, args);
}
@Bean
public ModelMapper modelMapper() {
return new ModelMapper();
}
}
不幸的是,我有一個很難訪問REST終端上的第一個微服務,以及無法轉發任何東西到第二個。我通常會收到401迴應代碼。他們各自application.yaml文件被設置爲客戶端和服務器種源
的LandingPage Application.yaml
spring:
application:
name: Landing Page
aop:
proxy-target-class: true
security:
oauth2:
client:
accessTokenUri: http://localhost:8080/uaa/oauth/token
userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize
clientId: landing-page
clientSecret: landing-page-secret
scope: openid,uaa.admin,uaa.user
resource:
userInfoUri: http://localhost:8080/uaa/userinfo
zuul:
routes:
users:
serviceId: USER-INFO-SERVICE
path: /users/**
server:
port: 8081
eureka:
instance:
hostname: 127.0.0.1
nonSecurePort: ${server.port}
leaseRenewalIntervalInSeconds: 10
metadataMap:
instanceId: ${spring.application.name}:${server.port}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
region: default
registryFetchIntervalSeconds: 5
和UserInfoSerevice Application.yaml
server:
port: 0
security:
oauth2:
client:
clientId: user-info-service
clientSecret: app-secret
resource:
jwt:
keyUri: http://localhost:8080/uaa/token_key
spring:
application:
name: user-info-service
profiles: development,default
datasource:
url: jdbc:h2:mem:AZ;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
driverClassName: org.h2.Driver
username: sa
password:
database-platform: org.hibernate.dialect.H2Dialect
eureka:
instance:
hostname: 127.0.0.1
nonSecurePort: ${server.port}
leaseRenewalIntervalInSeconds: 10
metadataMap:
instanceId: ${spring.application.name}:${server.port}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
region: default
registryFetchIntervalSeconds: 5
任何幫助與UAA溝通非常感謝。