BAEL-315 Change some security settings to allow discovery server operations. Copy static files from the eureka project to the zuul filter to display the discovery dashboard through the proxy.

This commit is contained in:
Tim Schimandle 2016-10-18 21:07:52 -06:00
parent 2a7b598cf0
commit a66aeb1157
1 changed files with 37 additions and 5 deletions

View File

@ -2,14 +2,17 @@ package com.baeldung.spring.cloud.bootstrap.discovery;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired @Autowired
@ -23,14 +26,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.and()
.requestMatchers()
.antMatchers("/eureka/**")
.and()
.authorizeRequests() .authorizeRequests()
.antMatchers("/eureka/js/**","/eureka/css/**","/eureka/images/**","/eureka/fonts/**").authenticated()
.antMatchers("/eureka/**").hasRole("SYSTEM") .antMatchers("/eureka/**").hasRole("SYSTEM")
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN") .anyRequest().denyAll()
.anyRequest().authenticated() .and()
.and() .httpBasic()
.and()
.csrf().disable();
}
@Configuration
//no order tag means this is the last security filter to be evaluated
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
@Override protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.httpBasic() .httpBasic()
.and() .disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
.antMatchers("/info","/health").authenticated()
.antMatchers("/eureka/js/**", "/eureka/css/**", "/eureka/images/**", "/eureka/fonts/**").authenticated()
.anyRequest().denyAll()
.and()
.csrf().disable(); .csrf().disable();
}
} }
} }