A Microservice Architecture with Spring Boot and Spring Cloud（三）

服务发现

对于服务发现，我们需要Eureka，Cloud Config Client和Security：

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-eureka-server</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-config</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

我们将通过添加@EnableEurekaServer注解来配置我们的服务发现：

@SpringBootApplication
@EnableEurekaServer
public class DiscoveryApplication {...}

接下来，我们将简单地保护我们的服务器端点：

@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfig extendsWebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) {
    auth.inMemoryAuthentication()
        .withUser("discUser")
        .password("discPassword")
        .roles("SYSTEM");
   }

    @Override
    protected void configure(HttpSecurity http) {
        http
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
        .requestMatchers().antMatchers("/eureka/**").and()
        .authorizeRequests()
        .antMatchers("/eureka/**").hasRole("SYSTEM")
        .anyRequest().denyAll().and()
        .httpBasic().and()
        .csrf().disable();
    }
}

同样地，对Eureka参数信息进行保护：

@Configuration
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) {
        http
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
        .httpBasic().disable()
        .authorizeRequests()
        .antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
        .antMatchers("/info", "/health").authenticated()
        .anyRequest().denyAll().and()
        .csrf().disable();
     }
}

现在，我们将在我们的服务发现resources文件夹中添加bootstrap.properties：

spring.cloud.config.name=discovery
spring.cloud.config.uri=http://localhost:8081
spring.cloud.config.username=configUser
spring.cloud.config.password=configPassword

最后，我们将在我们的application-config Git仓库中添加discovery.properties：

spring.application.name=discovery
server.port=8082
eureka.instance.hostname=localhost
eureka.client.serviceUrl.defaultZone=http://discUser:discPassword@localhost:8082/eureka/
eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
spring.redis.host=localhost
spring.redis.port=6379

说明：

• 我们使用@Order(1)，因为我们为服务发现配置了两个安全配置。 一个用于端点，另一个用于参数信息。
• 在configuration repository中，spring.cloud.config.name的属性值要和服务发现的配置文件名一致。
• 我们必须在bootstrap.properties中提供spring.cloud.config.uri的属性值，以便能够从服务配置那里获取完整配置信息。

网关服务

要设置网关服务，我们需要Cloud Config Client，Eureka Client，Zuul和Security：

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-config</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-eureka</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-zuul</artifactId>
 </dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

接下来，我们需要如下面这样配置网关服务：

@SpringBootApplication
@EnableZuulProxy
@EnableEurekaClient
public class GatewayApplication {}

加上一个简单的安全配置：

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password("password").roles("USER")
            .and()
            .withUser("admin").password("admin").roles("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
        .antMatchers("/book-service/books").permitAll()
        .antMatchers("/eureka/**").hasRole("ADMIN")
        .anyRequest().authenticated().and()
        .formLogin().and()
        .logout().permitAll().and()
        .csrf().disable();
     }
}

我们还需要在网关服务resources文件夹中添加bootstrap.properties：

spring.cloud.config.name=gateway
spring.cloud.config.discovery.service-id=config
spring.cloud.config.discovery.enabled=true
spring.cloud.config.username=configUser
spring.cloud.config.password=configPassword
eureka.client.serviceUrl.defaultZone=http://discUser:discPassword@localhost:8082/eureka/

最后，我们将在我们的application-config Git仓库中添加gateway.properties：

spring.application.name=gateway
server.port=8080
eureka.client.region = default
eureka.client.registryFetchIntervalSeconds = 5
management.security.sessions=always
zuul.routes.book-service.path=/book-service/**
zuul.routes.book-service.sensitive-headers=Set-Cookie,Authorization
hystrix.command.book-service.execution.isolation.thread.timeoutInMilliseconds=600000
zuul.routes.rating-service.path=/rating-service/**
zuul.routes.rating-service.sensitive-headers=Set-Cookie,Authorization
hystrix.command.rating-service.execution.isolation.thread.timeoutInMilliseconds=600000
zuul.routes.discovery.path=/discovery/**
zuul.routes.discovery.sensitive-headers=Set-Cookie,Authorization
zuul.routes.discovery.url=http://localhost:8082
hystrix.command.discovery.execution.isolation.thread.timeoutInMilliseconds=600000
spring.redis.host=localhost
spring.redis.port=6379

说明：我们正在使用zuul.routes.book-service.path定义请求路径，向/book-service/ **发起请求会进入到Book Service application，这同样适用于Rating Service。