Eureka Server with Http basic security in spring microservice
February 20, 2020 | Spring boot complete tutorial with example | No Comments
As we know we use Eureka server to monitor the status of our microservices. Eureka server provides a dashboard on which we can see every microservice status and other details like port no on which microservice running and how many instance of microservice are running. But if you see we can easily see dashbord by hitting the URL of Eureak and it is open to all if anybody get your Eureka server URL, they will see all the details about your project.
So to protect our Eureka server we have to define some sort of security so only authorized person can see the server details. In this post we will see how to use HTTP basic security in Eureka Server. so to do this we have to follow below steps:
- Add required dependency in your pom.xml file of Eureka Server.
- Allow basic security property in your application.properties file with username and password.
- Enable security using @EnableWebSecurity annotation in your main class.
- Define a configuration class that extends WebSecurityConfigurerAdapter class and overrides configure methos.
Follow below steps:
- Add required dependency in your pom.xml file of Eureka Server.
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId> </dependency>
2- Allow basic security in your application.properties file.
spring.security.basic.enabled=true spring.security.user.name=vasu spring.security.user.password=rajput spring.application.name=netflix-eureka-server server.port=8761 eureka.client.register-with-eureka=false eureka.client.fetch-registry=false
3- Enable security using @EnableWebSecurity annotation in your main class.
package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@EnableEurekaServer
@EnableWebSecurity
@SpringBootApplication
public class SecureEurekaServerApplication {
public static void main(String[] args) {
SpringApplication.run(SecureEurekaServerApplication.class, args);
}
}
4- Define a configuration class that extends WebSecurityConfigurerAdapter class and overrides configure methos.
package com.example.demo;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic();
}
}
Now Run your application and Hit the Eurka Server URL you will get a popup, Now enter username and password if credentials are valid you will be login otherwise you are not able to login on Eureka server.
Now we have to register our Eureka Client to Eureka server. We know how to connect Eureka client with Eureka Server we use
eureka.client.service-url.default-zone=http://localhost:8761/eureka
in application.properties file of our Eureka client. Now if you use the same configuration you will get error that no server found to connect with so you have to change the above property as
eureka.client.serviceUrl.defaultZone=http://vasu:rajput@localhost:8761/eureka
Now your Eureka client application.properties file look like below
spring.application.name=secureEurekaClient server.port=9091 eureka.client.serviceUrl.defaultZone=http://vasu:rajput@localhost:8761/eureka
In the above URL http://vasu:rajput@localhost:8761/eureka vasu is username and rajput is password.
Now run your Eureka client and it will successfully register to Eureka Server.
Complete Code on GitHub : Eureka Server Security
