Spring Cloud安全 - 允許未經身份驗證的請求

Question

我有一個允許用戶註冊帳戶的應用程序。我們的身份驗證和用戶服務是UAA，所以我需要能夠與其安全端點進行通信，而不需要用戶真正在場。

如何設置Spring Cloud安全性以允許從1個微服務向另一個調用，然後與UAA進行通信以創建用戶？

因此，有2個主要的微服務正在發揮作用。第一個託管Web應用程序，並將調用與Zuul轉發到第二個微服務。這個微服務與UAA進行通信並處理任何其他應用程序特定的用戶請求。

我對第一微服務這WebSecurityConfigurerAdapter（的LandingPage）

@SpringBootApplication 
@EnableZuulProxy 
@EnableOAuth2Sso 
@EnableEurekaClient 
@EnableAutoConfiguration 
public class LandingPageUiApplication extends WebSecurityConfigurerAdapter { 

    public static void main(String[] args) { 
     SpringApplication.run(LandingPageUiApplication.class, args); 
    } 

    @Override 
    public void configure(HttpSecurity http) throws Exception { 
     http.csrf().disable().authorizeRequests().anyRequest().permitAll(); 
    } 
} 

，這在第二個微服務（UserInformation）：

@SpringBootApplication 
@EnableCircuitBreaker 
@EnableFeignClients 
public class UserInformationServiceApplication { 

    public static void main(String[] args) { 
     SpringApplication.run(UserInformationServiceApplication.class, args); 
    } 

    @Bean 
    public ModelMapper modelMapper() { 
     return new ModelMapper(); 
    } 
} 

不幸的是，我有一個很難訪問REST終端上的第一個微服務，以及無法轉發任何東西到第二個。我通常會收到401迴應代碼。他們各自application.yaml文件被設置爲客戶端和服務器種源

的LandingPage Application.yaml

spring: 
    application: 
    name: Landing Page 
    aop: 
    proxy-target-class: true 

security: 
    oauth2: 
    client: 
     accessTokenUri: http://localhost:8080/uaa/oauth/token 
     userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize 
     clientId: landing-page 
     clientSecret: landing-page-secret 
     scope: openid,uaa.admin,uaa.user 
    resource: 
     userInfoUri: http://localhost:8080/uaa/userinfo 

zuul: 
    routes: 
    users: 
     serviceId: USER-INFO-SERVICE 
     path: /users/** 

server: 
    port: 8081 

eureka: 
    instance: 
    hostname: 127.0.0.1 
    nonSecurePort: ${server.port} 
    leaseRenewalIntervalInSeconds: 10 
    metadataMap: 
     instanceId: ${spring.application.name}:${server.port} 
    client: 
    serviceUrl: 
     defaultZone: http://localhost:8761/eureka/ 
    region: default 
    registryFetchIntervalSeconds: 5 

和UserInfoSerevice Application.yaml

server: 
    port: 0 

security: 
    oauth2: 
    client: 
     clientId: user-info-service 
     clientSecret: app-secret 
    resource: 
     jwt: 
     keyUri: http://localhost:8080/uaa/token_key 


spring: 
    application: 
    name: user-info-service 
    profiles: development,default 
    datasource: 
    url: jdbc:h2:mem:AZ;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE 
    driverClassName: org.h2.Driver 
    username: sa 
    password: 
    database-platform: org.hibernate.dialect.H2Dialect 


eureka: 
    instance: 
    hostname: 127.0.0.1 
    nonSecurePort: ${server.port} 
    leaseRenewalIntervalInSeconds: 10 
    metadataMap: 
     instanceId: ${spring.application.name}:${server.port} 
    client: 
    serviceUrl: 
     defaultZone: http://localhost:8761/eureka/ 
    region: default 
    registryFetchIntervalSeconds: 5 

任何幫助與UAA溝通非常感謝。

Answer 1

答案是把父MS此WebConfigAdapter設置：

@Configuration 
    @EnableOAuth2Sso 
    @EnableAutoConfiguration 
    protected static class TestConfiguration extends WebSecurityConfigurerAdapter { 


     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      http.csrf().disable().antMatcher("/**") 
       .authorizeRequests() 
       .anyRequest().permitAll(); 
     } 

    } 

，並在孩子下面MS：

@Configuration 
    @Order(-10) 
    @EnableOAuth2Client 
    @EnableAutoConfiguration 
    protected static class TestConfiguration extends WebSecurityConfigurerAdapter { 


     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      http.csrf().disable().anonymous().authenticationFilter(new AnonymousAuthenticationFilter("HALLO")) //allow anonymous access 
        .and() 
        .authorizeRequests() 
        .antMatchers("/**") 
        .permitAll(); 
     } 
    }