[Spring Boot & MSA] Secure Eureka Discovery Service

✔ 깃허브 소스코드
✔ Udemy 강의

Eureka Discovery Service 보안

• Spring-Security를 통해서 Eureka에 접근할 시,
• HTTP Basic Authentication 을 통해서 아이디와 비밀번호를 제공하도록 설정
• Config Server에 프로퍼티 값들을 추가하고 암호화

Eureka Server 프로젝트 구성

의존성 설정

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-starter-config</artifactId>
</dependency>

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency>

프로퍼티 설정(Config Server - discoveryservice.yml)

• 먼저 http://localhost:8012/encrypt 를 통해서 비밀번호 암호화

spring:
  security:
    user:
      name: {username}
      password: '{cipher}{encrypted_password}'

Config Server 연결(bootstrap.yml)

spring:
  cloud:
    config:
      uri: http://localhost:8012
      name: discoveryservice

ApplicationSecurityConfig 설정

@EnableWebSecurity
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic();
    }
}

Eureka Client 프로젝트 구성

Eureka URL 수정(Config Server - application.yml)

myEureka:
  password: '{cipher}{encrypted_password}'

eureka:
  client:
    serviceUrl:
      defaultZone: http://{username}:${myEureka.password}@localhost:8010/eureka