概述

基于springcloud的单点登录服务及基于zuul的网关服务(解决了通过zuul转发到认证服务之后session丢失问题)

详细

代码下载：http://www.demodashi.com/demo/10313.html

一、准备工作

学习前请先系统的学习一下eureka、zuul、spring security，否则上手可能会比较困难，我当时买的《springcloud微服务实战》，这本书写的还不错。

该项目基于springcloud Dalston.SR1。因公司决定使用spring cloud，前期做认证服务时发现通过zuul网关把请求转发到认证服务之后session丢失，一直报csrf验证失败问题，网上的大部分资料也不靠谱，通过研究解决掉该问题，特做了一个例子，供大家参考

二、项目截图

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-7ZRQCFbS-1661300120888)(http://www.demodashi.com/ueditor/jsp/upload/image/20170618/1497771279114021805.png “1497771279114021805.png”)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BzvjtwBs-1661300120889)(http://www.demodashi.com/ueditor/jsp/upload/image/20170618/1497771321460040765.png “1497771321460040765.png”)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-HNIFN3aX-1661300120890)(http://www.demodashi.com/ueditor/jsp/upload/image/20170618/1497771346809050573.png “1497771346809050573.png”)]

三、各个服务说明

① 服务注册(基于eureka)：项目名称:service-registry-server 端口号:8761

启动类:cn.com.springcloudtest.cloud.service.registry.ServiceRegistryServerApplication

② 网关服务(基于zuul): 项目名称:api-gateway-server 端口号:8080

启动类:cn.com.springcloudtest.cloud.api.gateway.ApiGatewayServerApplication

③ 认证服务(基于oauth2及spring security): 项目名称:uaa-server 端口号:7769

启动类:cn.com.springcloudtest.cloud.uaa.UaaServerApplication

认证服务使用redis保存了session，客户端保存于mysql数据库

四、配置文件说明

有些配置作者也没全部搞明白，网上找的设置，但是这么设置确定是没问题的

① service-registry-server服务注册配置信息不再过多描述，标准用法

② api-gateway-server网关服务配置信息

spring:
  aop: #aop代理
    proxyTargetClass: true
  application:
    name: api-gateway-server

server:
  port: 8080
  tomcat:
    uri-encoding: UTF-8

#服务注册
eureka: 
  client:
    serviceUrl:
      defaultZone: http://127.0.0.1:8761/eureka/
#  server:
#    enable-self-preservation: false  #关闭eureka自我保护,生产环境不建议关闭自我保护

#认证中心index页面地址,如果直接登录认证中心则会跳转到该地址
uaa.server.index-path: /uaa/index
#认证中心跳转路径前缀
uaa.server.service.path: /uaa/**
#不走认证的url集合
http.authorize.matchers: /**/css/**,/**/styles/**,/**/js/**,/**/plugin/**,/**/plugins/**,/**/template/**,/**/img/**,/**/fonts/**,/**/cvr100u/**,/css/**,/js/**,/plugin/**,/template/**,/img/**,/fonts/**,/cvr100u/**

#网关信息
zuul:
  routes:
    uaa-server:
      sensitiveHeaders: "*"  #敏感headers也支持全局设置(必须这样设置)
      path: ${uaa.server.service.path}
      stripPrefix: false
  add-proxy-headers: true  #X-Forwarder-Host请求头默认添加到转发请求中

#安全认证信息
security:
  basic:
    enabled: false 
  oauth2:
    sso:
      loginPath: /login
    client:
      accessTokenUri: http://127.0.0.1:7769/uaa/oauth/token
      userAuthorizationUri: /uaa/oauth/authorize
      clientId: acme
      clientSecret: acmesecret
    resource:
      jwt:
        keyValue: |
          -----BEGIN PUBLIC KEY-----
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB
          -----END PUBLIC KEY-----
      id: openid
      serviceId: ${PREFIX:}resource
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

③ uaa-server配置信息

spring:
  application:
    name: uaa-server
  #数据库连接信息
  datasource:
    url: jdbc:mysql://localhost:3306/uaa?characterEncoding=UTF-8
    username: root
    password: root
    driver-class-name: com.mysql.jdbc.Driver
    max-idle: 5
    max-wait: 10000
    min-idle: 2
    initial-size: 3
    validation-query: SELECT 1
    time-between-eviction-runs-millis: 18800
    jdbc-interceptors: ConnectionState;SlowQueryReport(threshold=50)
  jpa: 
    database: MYSQL
    show-sql: true
  #使用redis存储session,redis服务地址
  redis:
    host: 127.0.0.1 
    port: 6379
#不缓存thymeleaf模板，开发环境下配置该属性，生产环境下请勿配置
thymeleaf: 
    cache: false
    cache-period: 0
template: 
    cache: false

server:
  port: 7769
  context-path: /uaa   #认证服务上下文地址(必须配置)
  use-forward-headers: false
  tomcat:
    uri-encoding: UTF-8

#服务注册
eureka: 
  instance:
    preferIpAddress: true
  client:
    serviceUrl:
      defaultZone: http://127.0.0.1:8761/eureka/

security:
  basic:
    enabled: false
  user:
    password: password
  ignored: /css/**,/js/**,/favicon.ico,/webjars/**
  sessions: NEVER #永远不自己创建session

#jwt信息(自定义的属性,AuthorizationServerConfigurer配置类中用到)
jwt:
  access:
    token:
      converter:
        resource:
          location: classpath:keystore.jks
          password: foobar
          key-pair-alias: test
    
#自定义的属性,WebSecurityConfigurer配置类中用到 
http:
  authorize:
    #不走认证的url集合
    matchers: /**/css/**,/**/js/**,/**/plugin/**,/**/template/**,/**/img/**,/**/fonts/**,/**/cvr100u/**,/css/**,/js/**,/plugin/**,/template/**,/img/**,/fonts/**,/cvr100u/**
  login:
    path: /login
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

五、java代码配置

①、api-gateway-server服务配置都集中在WebSecurityConfigurer类中，配置比较简单

②、uaa-server服务配置都集中在AuthorizationServerConfigurer和WebSecurityConfigurer中，AuthorizationServerConfigurer是jwt相关的配置，WebSecurityConfigurer是安全相关的配置，重要的部分代码中已经做了注释

六、项目运行效果

注：项目运行前请阅读readme.txt文件

用户名:admin@163.com 密码:admin

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-z8tWCVIe-1661300120891)(http://www.demodashi.com/ueditor/jsp/upload/image/20170618/1497772087235042523.png “1497772087235042523.png”)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-rUcA2neq-1661300120892)(http://www.demodashi.com/ueditor/jsp/upload/image/20170618/1497772285124074281.png “1497772285124074281.png”)]

注：本文著作权归作者，由demo大师（http://www.demodashi.com）宣传，拒绝转载，转载需要作者授权

权