# spring-cloud-security **Repository Path**: aaronsd/spring-cloud-security ## Basic Information - **Project Name**: spring-cloud-security - **Description**: 学习spring cloud 与 spring security oAuth2.0 - **Primary Language**: Java - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 1 - **Forks**: 2 - **Created**: 2018-01-21 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # spring-cloud-security 学习spring cloud 与 spring security oAuth2.0 ## 统一开发工具代码格式化 * IDEA ``` settings -> plugins -> 安装 Eclipse Code Formatter restart IDEA settings -> other settings -> Eclipse Code Formatter 启用并导入项目根目录下的formatter.xml ``` * ECLIPSE ``` window - > preferences -> Code Style -> Formatter -> import 项目根目录下的formatter.xml ``` ## lombok安装 本工程依赖lombok(因为作者太懒,Lombok能简化代码开发) [lombok安装使用](http://jnb.ociweb.com/jnb/jnbJan2010.html#installation) ## 工程结构说明 * 模块说明 ``` scs-common scs-config scs-registry 监控中心 scs-zipkin scs-gateway scs-kefu scs-customer ``` 其中 监控中心 不能使用该版本SpringCloud构建,请使用 [spring-boot-monitor](https://gitee.com/aaronsd/spring-boot-monitor) * 本地运行该程序需要修改hostname ``` 127.0.0.1 peer1 peer2 peer3 127.0.0.1 registry config monitor rabbitmq gateway auth-service ``` * 生产环境应该都是使用不同的虚拟机(docker/云服务器)部署,微服务都需要修改其hostname,如 ``` # eureka 高可用集群 xxx.xxx.xxx.101 registry1 xxx.xxx.xxx.102 registry2 xxx.xxx.xxx.103 registry3 # rabbitmq 高可用集群 xxx.xxx.xxx.104 rabbitmq1 xxx.xxx.xxx.105 rabbitmq2 ``` ## 集成swagger 访问 http://ip:port/swagger-ui.html 可以查看和测试所有定义的restAPI,通过[swagger](http://blog.didispace.com/springbootswagger2/)的注解可以进行文档完善工作 # 示例微服务 * scs-kefu 平台客服妹子使用的微服务 * scs-customer 用于接收用户各类消息的微服务,客服消息转发给客服 * 安全采用 http basic auth 详细见 [BASIC-AUTH.MD](https://gitee.com/aaronsd/spring-cloud-security/blob/master/BASIC-AUTH.md) * master分支对url进行了调整,见UML图,测试方法参考 [BASIC-AUTH.MD](https://gitee.com/aaronsd/spring-cloud-security/blob/master/BASIC-AUTH.md) !["customer-kefu](https://gitee.com/uploads/images/2018/0124/155359_447ea0e2_722875.png "customer-kefu.png") ![kefu-customer](https://gitee.com/uploads/images/2018/0124/155422_946e4550_722875.png "kefu-customer.png") ![gateway-customer-kefu](https://gitee.com/uploads/images/2018/0124/155443_b629d49d_722875.png "gateway-customer-kefu.png") ![gateway-kefu-customer](https://gitee.com/uploads/images/2018/0124/155505_8a0bd34f_722875.png "gateway-kefu-customer.png") # 各组件的高可用实现 ## Eureka Server(scs-registry) 高可用 * 修改application.yml ``` # 本地运行时需要以下配置,3个registry两两相互注册,生产环境使用3台不同的服务器不需要换port --- spring: profiles: registry1 server: port: 8761 eureka: instance: hostname: peer1 client: registerWithEureka: true service-url: defaultZone: http://user:${security.user.password}@peer2:8762/eureka/,http://user:${security.user.password}@peer3:8763/eureka/ --- spring: profiles: registry2 server: port: 8762 eureka: instance: hostname: peer2 client: registerWithEureka: true service-url: defaultZone: http://user:${security.user.password}@peer1:8761/eureka/,http://user:${security.user.password}@peer3:8763/eureka/ --- spring: profiles: registry3 server: port: 8763 eureka: instance: hostname: peer3 client: registerWithEureka: true service-url: defaultZone: http://user:${security.user.password}@peer1:8761/eureka/,http://user:${security.user.password}@peer2:8762/eureka/ ``` * 启动scs-registry时指定激活的profile ``` java -Dspring.profiles.active=registry3 -jar scs-registry.jar 或者 java -jar scs-registry.jar --spring.profiles.active=registry3 ``` * 修改微服务的bootstrap.yml ``` eureka.client.service-url.defaultZone: http://user:password@peer1:8761/eureka/,http://user:password@peer2:8762/eureka/,http://user:password@peer3:8763/eureka/ ``` ## Spring Cloud Config(scs-config) 高可用 * 修改application.yml ``` # config 注册到eureka,多个注册中心时defaultZone要指定多个url,逗号分割 eureka: instance: hostname: registry prefer-ip-address: true metadata-map: user.name: ${security.user.name} user.password: ${security.user.password} client: service-url: defaultZone: http://user:${REGISTRY_SERVER_PASSWORD:password}@registry:8761/eureka/ # 同一台服务器上部署多个config实现高可用时使用,生产环境使用3台服务器部署的话,不需要该配置 --- spring: profiles: config1 server: port: 8888 --- spring: profiles: config2 server: port: 8889 --- spring: profiles: config3 server: port: 8890 ``` * 启动config时指定激活的profile ``` java -Dspring.profiles.active=config3 -jar scs-config.jar 或者 java -jar scs-config.jar --spring.profiles.active=config3 ``` * config client 通过eureka发现配置服务 ``` # 在微服务的bootstrap.yml中配置 ,注意必须是bootstrap.yml不可以是application.yml spring: application: name: xxx-service cloud: config: discovery: enabled: true service-id: config # config 服务的service-id fail-fast: true username: user password: ${CONFIG_SERVER_PASSWORD:password} retry: initial-interval: 2000 max-interval: 10000 multiplier: 2 max-attempts: 10 # 配置服务发现,多个注册中心时defaultZone要指定多个url,逗号分割 eureka: instance: hostname: registry prefer-ip-address: true client: service-url: defaultZone: http://user:${REGISTRY_SERVER_PASSWORD:password}@registry:8761/eureka/ ``` ## RabbitMQ 高可用 参考 [在CentOS7上配置RabbitMQ 3.6.3集群与高可用](https://www.jianshu.com/p/3a625aacd9aa) ## gateway 高可用 * 多个zuulGateway 注册到Eureka-Server上,可以实现内部服务访问的高可用,但是外部的app/网站/其他公司的应用则无法保证其高可用 * 实现高可用是通过 nginx + Keepalived 来实现,具体实现参考下面文章 * [Nginx+Keepalived实现站点高可用](https://segmentfault.com/a/1190000002881132) * [nginx服务器安装及配置文件详解](http://seanlook.com/2015/05/17/nginx-install-and-config/)