Nginx反向代理仅允许经过身份验证的用户访问Spring Boot API。

huangapple
未分类评论48阅读模式
英文:

Nginx reverse proxy allow only authenticated users to spring boot api

问题

我有一个任务,需要用Nginx替换Zuul反向代理。在Zuul代理中,安全性是通过以下方式实现的:implementation 'org.springframework.boot:spring-boot-starter-security'

  1. @EnableWebSecurity
  2. class ZuulSecurity(...) : WebSecurityConfigurerAdapter() {
  4.     override fun configure(http: HttpSecurity) {
  5.         http.csrf().disable().httpBasic().disable()
  6.                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
  7.                 .sessionFixation().changeSessionId()
  8.                 .and().authorizeRequests()
  9.                 .antMatchers(*dennyPatterns).denyAll()
  10.                 .antMatchers(*loginPatterns).permitAll()
  11.                 .anyRequest().authenticated()
  12.                 .and().formLogin().loginPage(loginUrl)
  13.     }
  14. }

类似地,Spring Boot API服务也是通过@EnableWebSecurity进行保护的。

我将Zuul反向代理替换为Nginx作为反向代理。

我该如何在Nginx上强制执行安全性,以便不会将未经身份验证的请求“proxy_pass”到后端API服务?换句话说,我希望在Nginx上验证请求是否由经过身份验证的用户发出(对于loginPatterns URL有一些例外)。我应该学习nginx/admin-guide/security-controls中的哪一部分?

英文:

I have a task of replacing Zuul reverse proxy with Nginx.
Security in Zuul proxy is implemented with implementation 'org.springframework.boot:spring-boot-starter-security'

  1. @EnableWebSecurity
  2. class ZuulSecurity(...) : WebSecurityConfigurerAdapter() {
  4.     override fun configure(http: HttpSecurity) {
  5.         http.csrf().disable().httpBasic().disable()
  6.                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
  7.                 .sessionFixation().changeSessionId()
  8.                 .and().authorizeRequests()
  9.                 .antMatchers(*dennyPatterns).denyAll()
  10.                 .antMatchers(*loginPatterns).permitAll()
  11.                 .anyRequest().authenticated()
  12.                 .and().formLogin().loginPage(loginUrl)
  13.     }
  14. }

Spring boot api services are protected in similar way with @EnableWebSecurity

I replace Zuul reverse proxy with Nginx as reverse proxy.

How can I enforce security on Nginx, so that no unathenticated request is proxy_pass'ed to backend api servcies? - Other words, I would like to validate on Nginx if request is made by an authenticated user (with some exception for loginPatterns urls). Which one of nginx/admin-guide/security-controls should I study?

答案1

得分: 0

我已经按照configuring-subrequest-authentication/完成了。

英文:

I have done it with configuring-subrequest-authentication/

huangapple
  • 本文由 发表于 2020年7月23日 22:33:13
  • 转载请务必保留本文链接:https://java.coder-hub.com/63056749.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定