-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docker: require auth for Eureka on EUREKA_USERNAME (#3698)
This allows the Eureka test image to accept EUREKA_USERNAME and EUREKA_PASSWORD to require authentication accordingly without requiring auth when they aren't set. This is important to test auth, but not break our tests that do not require auth. Signed-off-by: Adrian Cole <[email protected]> Co-authored-by: Andriy Redko <[email protected]>
- Loading branch information
1 parent
13e46f8
commit 5ff651f
Showing
4 changed files
with
122 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
docker/test-images/zipkin-eureka/src/main/java/zipkin/test/EurekaProperties.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright 2015-2024 The OpenZipkin Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except | ||
* in compliance with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License | ||
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express | ||
* or implied. See the License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
package zipkin.test; | ||
|
||
import org.springframework.boot.context.properties.ConfigurationProperties; | ||
|
||
/** Properties for configuring and building a {@link EurekaServer}. */ | ||
@ConfigurationProperties("eureka") | ||
class EurekaProperties { | ||
|
||
/** Optional username to require. */ | ||
private String username; | ||
|
||
/** Optional password to require. */ | ||
private String password; | ||
|
||
public String getUsername() { | ||
return username; | ||
} | ||
|
||
public void setUsername(String username) { | ||
this.username = username; | ||
} | ||
|
||
public String getPassword() { | ||
return password; | ||
} | ||
|
||
public void setPassword(String password) { | ||
this.password = password; | ||
} | ||
} |
58 changes: 58 additions & 0 deletions
58
docker/test-images/zipkin-eureka/src/main/java/zipkin/test/EurekaSecurity.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
/* | ||
* Copyright 2015-2024 The OpenZipkin Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except | ||
* in compliance with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License | ||
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express | ||
* or implied. See the License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
package zipkin.test; | ||
|
||
import org.springframework.boot.autoconfigure.ImportAutoConfiguration; | ||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; | ||
import org.springframework.boot.context.properties.EnableConfigurationProperties; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.config.Customizer; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.core.userdetails.User; | ||
import org.springframework.security.core.userdetails.UserDetails; | ||
import org.springframework.security.crypto.password.PasswordEncoder; | ||
import org.springframework.security.provisioning.InMemoryUserDetailsManager; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
|
||
import static org.springframework.security.crypto.factory.PasswordEncoderFactories.createDelegatingPasswordEncoder; | ||
|
||
/** This enables security, particularly only BASIC auth, when {@code EUREKA_USERNAME} is set. */ | ||
@Configuration | ||
@ConditionalOnProperty("eureka.username") | ||
@EnableConfigurationProperties(EurekaProperties.class) | ||
@ImportAutoConfiguration(SecurityAutoConfiguration.class) | ||
public class EurekaSecurity { | ||
@Bean InMemoryUserDetailsManager userDetailsService(EurekaProperties props) { | ||
PasswordEncoder encoder = createDelegatingPasswordEncoder(); | ||
UserDetails user = User.withUsername(props.getUsername()) | ||
.password(encoder.encode(props.getPassword())) | ||
.roles("ADMIN") | ||
.build(); | ||
return new InMemoryUserDetailsManager(user); | ||
} | ||
|
||
/** | ||
* You have to disable CSRF to allow BASIC authenticating Eureka clients to operate. | ||
* <p> | ||
* See <a href="https://cloud.spring.io/spring-cloud-netflix/reference/html/#securing-the-eureka-server">Securing The Eureka Server</a> | ||
*/ | ||
@Bean SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | ||
http.csrf(csrf -> csrf.ignoringRequestMatchers("/eureka/**")); | ||
http.authorizeHttpRequests(authz -> authz.requestMatchers("/eureka/**").authenticated()) | ||
.httpBasic(Customizer.withDefaults()); | ||
return http.build(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters