BAEL-315 added security to config and dsicovery servers.

This commit is contained in:
Tim Schimandle 2016-10-03 14:24:58 -06:00
parent d3979102f8
commit d226ad2999
9 changed files with 47 additions and 11 deletions

View File

@ -1,4 +1,4 @@
package com.baeldung.spring.cloud.integration.config; package com.baeldung.spring.cloud.bootstrap.config;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -1,8 +1,9 @@
package com.baeldung.spring.cloud.integration.config; package com.baeldung.spring.cloud.bootstrap.config;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@ -15,11 +16,24 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
auth.inMemoryAuthentication() auth.inMemoryAuthentication()
.withUser("config_discUser") .withUser("config_discUser")
.password("discPassword") .password("discPassword")
.roles("SYSTEM")
.and() .and()
.withUser("config_gatewayUser") .withUser("config_gatewayUser")
.password("gatewayPassword") .password("gatewayPassword")
.roles("SYSTEM")
.and() .and()
.withUser("config_resourceUser") .withUser("config_resourceUser")
.password("resourcePassword"); .password("resourcePassword")
.roles("SYSTEM");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic().and()
.csrf().disable();
} }
} }

View File

@ -5,4 +5,4 @@ spring.cloud.config.server.git.uri=file:///${user.home}/application-config
eureka.client.region = default eureka.client.region = default
eureka.client.registryFetchIntervalSeconds = 5 eureka.client.registryFetchIntervalSeconds = 5
eureka.client.serviceUrl.defaultZone=disc_configUser:configPassword@http://localhost:8082/eureka/ eureka.client.serviceUrl.defaultZone=http://disc_configUser:configPassword@localhost:8082/eureka/

View File

@ -1,4 +1,4 @@
package com.baeldung.spring.cloud.integration.discovery; package com.baeldung.spring.cloud.bootstrap.discovery;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -1,8 +1,10 @@
package com.baeldung.spring.cloud.integration.discovery; package com.baeldung.spring.cloud.bootstrap.discovery;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@ -15,14 +17,34 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
auth.inMemoryAuthentication() auth.inMemoryAuthentication()
.withUser("disc_configUser") .withUser("disc_configUser")
.password("configPassword") .password("configPassword")
.roles("SYSTEM")
.and() .and()
.withUser("disc_discUser") .withUser("disc_discUser")
.password("discPassword") .password("discPassword")
.roles("SYSTEM")
.and() .and()
.withUser("disc_gatewayUser") .withUser("disc_gatewayUser")
.password("gatewayPassword") .password("gatewayPassword")
.roles("SYSTEM")
.and() .and()
.withUser("disc_resourceUser") .withUser("disc_resourceUser")
.password("resourcePassword"); .password("resourcePassword")
.roles("SYSTEM")
.and()
.withUser("admin")
.password("password")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
} }
} }

View File

@ -1,4 +1,4 @@
package com.baeldung.spring.cloud.integration.resource; package com.baeldung.spring.cloud.bootstrap.gateway;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -4,4 +4,4 @@ spring.cloud.config.discovery.enabled=true
spring.cloud.config.username=config_gatewayUser spring.cloud.config.username=config_gatewayUser
spring.cloud.config.password=gatewayPassword spring.cloud.config.password=gatewayPassword
eureka.client.serviceUrl.defaultZone=http://localhost:8082/eureka/ eureka.client.serviceUrl.defaultZone=http://disc_gatewayUser:gatewayPassword@localhost:8082/eureka/

View File

@ -1,4 +1,4 @@
package com.baeldung.spring.cloud.integration.resource; package com.baeldung.spring.cloud.bootstrap.resource;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;

View File

@ -4,4 +4,4 @@ spring.cloud.config.discovery.enabled=true
spring.cloud.config.username=config_resourceUser spring.cloud.config.username=config_resourceUser
spring.cloud.config.password=resourcePassword spring.cloud.config.password=resourcePassword
eureka.client.serviceUrl.defaultZone=http://localhost:8082/eureka/ eureka.client.serviceUrl.defaultZone=http://disc_resourceUser:resourcePassword@localhost:8082/eureka/