BAEL-315 added security to config and dsicovery servers.

2016-10-03 14:24:58 -06:00 · 2016-10-03 14:24:58 -06:00 · d226ad2999
parent d3979102f8
commit d226ad2999
9 changed files with 47 additions and 11 deletions
--- a/spring-cloud/spring-cloud-bootstrap/config/src/main/java/com/baeldung/spring/cloud/integration/config/ConfigApplication.java
+++ b/spring-cloud/spring-cloud-bootstrap/config/src/main/java/com/baeldung/spring/cloud/integration/config/ConfigApplication.java
@ -1,4 +1,4 @@
-package com.baeldung.spring.cloud.integration.config;
+package com.baeldung.spring.cloud.bootstrap.config;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
--- a/spring-cloud/spring-cloud-bootstrap/config/src/main/java/com/baeldung/spring/cloud/integration/config/SecurityConfig.java
+++ b/spring-cloud/spring-cloud-bootstrap/config/src/main/java/com/baeldung/spring/cloud/integration/config/SecurityConfig.java
@ -1,8 +1,9 @@
-package com.baeldung.spring.cloud.integration.config;
+package com.baeldung.spring.cloud.bootstrap.config;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@ -15,11 +16,24 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        auth.inMemoryAuthentication()
                .withUser("config_discUser")
                .password("discPassword")
+                .roles("SYSTEM")
            .and()
                .withUser("config_gatewayUser")
                .password("gatewayPassword")
+                .roles("SYSTEM")
            .and()
                .withUser("config_resourceUser")
-                .password("resourcePassword");
+                .password("resourcePassword")
+                .roles("SYSTEM");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .anyRequest().authenticated()
+                .and()
+                .httpBasic().and()
+                .csrf().disable();
    }
 }
--- a/spring-cloud/spring-cloud-bootstrap/config/src/main/resources/application.properties
+++ b/spring-cloud/spring-cloud-bootstrap/config/src/main/resources/application.properties
@ -5,4 +5,4 @@ spring.cloud.config.server.git.uri=file:///${user.home}/application-config

 eureka.client.region = default
 eureka.client.registryFetchIntervalSeconds = 5
-eureka.client.serviceUrl.defaultZone=disc_configUser:configPassword@http://localhost:8082/eureka/
+eureka.client.serviceUrl.defaultZone=http://disc_configUser:configPassword@localhost:8082/eureka/
--- a/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/integration/discovery/DiscoveryApplication.java
+++ b/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/integration/discovery/DiscoveryApplication.java
@ -1,4 +1,4 @@
-package com.baeldung.spring.cloud.integration.discovery;
+package com.baeldung.spring.cloud.bootstrap.discovery;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
--- a/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/integration/discovery/SecurityConfig.java
+++ b/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/integration/discovery/SecurityConfig.java
@ -1,8 +1,10 @@
-package com.baeldung.spring.cloud.integration.discovery;
+package com.baeldung.spring.cloud.bootstrap.discovery;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@ -15,14 +17,34 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        auth.inMemoryAuthentication()
                .withUser("disc_configUser")
                .password("configPassword")
+                .roles("SYSTEM")
            .and()
                .withUser("disc_discUser")
                .password("discPassword")
+                .roles("SYSTEM")
            .and()
                .withUser("disc_gatewayUser")
                .password("gatewayPassword")
+                .roles("SYSTEM")
            .and()
                .withUser("disc_resourceUser")
-                .password("resourcePassword");
+                .password("resourcePassword")
+                .roles("SYSTEM")
+            .and()
+                .withUser("admin")
+                .password("password")
+                .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                    .antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
+                    .anyRequest().authenticated()
+                .and()
+                    .httpBasic()
+                .and()
+                    .csrf().disable();
    }
 }
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/integration/resource/GatewayApplication.java
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/integration/resource/GatewayApplication.java
@ -1,4 +1,4 @@
-package com.baeldung.spring.cloud.integration.resource;
+package com.baeldung.spring.cloud.bootstrap.gateway;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/resources/bootstrap.properties
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/resources/bootstrap.properties
@ -4,4 +4,4 @@ spring.cloud.config.discovery.enabled=true
 spring.cloud.config.username=config_gatewayUser
 spring.cloud.config.password=gatewayPassword

-eureka.client.serviceUrl.defaultZone=http://localhost:8082/eureka/
+eureka.client.serviceUrl.defaultZone=http://disc_gatewayUser:gatewayPassword@localhost:8082/eureka/
--- a/spring-cloud/spring-cloud-bootstrap/resource/src/main/java/com/baeldung/spring/cloud/integration/resource/ResourceApplication.java
+++ b/spring-cloud/spring-cloud-bootstrap/resource/src/main/java/com/baeldung/spring/cloud/integration/resource/ResourceApplication.java
@ -1,4 +1,4 @@
-package com.baeldung.spring.cloud.integration.resource;
+package com.baeldung.spring.cloud.bootstrap.resource;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
--- a/spring-cloud/spring-cloud-bootstrap/resource/src/main/resources/bootstrap.properties
+++ b/spring-cloud/spring-cloud-bootstrap/resource/src/main/resources/bootstrap.properties
@ -4,4 +4,4 @@ spring.cloud.config.discovery.enabled=true
 spring.cloud.config.username=config_resourceUser
 spring.cloud.config.password=resourcePassword

-eureka.client.serviceUrl.defaultZone=http://localhost:8082/eureka/
+eureka.client.serviceUrl.defaultZone=http://disc_resourceUser:resourcePassword@localhost:8082/eureka/