Config安全控制

1、config server引入依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

 

2、config server配置bootstrap.yml文件

security:
  basic:
    enabled: true
  user:
    name: lynch
    password: 123456
encrypt: 
  key-store: 
    location: configserver.keystore
    alias: mydevkey
    password: 123456
    secret: 123456

 

3、访问application-prod.properties配置文件

4、config client配置bootstrap.yml文件
4.1、单机配置安全验证

#注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    config:
      #安全认证设置用户名密码
      uri: http://kevin:123456@localhost:6061/
      #指定profile，对应mmima-cloud-config-server所获取的配置文件中的{profile}
      profile: prod
      label: master
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  instance:
    prefer-ip-address: true
    instanceId: ${spring.application.name}:${spring.cloud.client.ipAddress}:${server.port}

 

4.2、集群配置安全验证

#注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    consul:
      discovery: 
        instanceId: ${spring.application.name}:${server.port}
      host: localhost
      port: 8500
      config:
        enabled: true #falseu7981u7528Consulu914du7f6euff0cu9ed8u8ba4true
        format: YAML    # u8868u793aconsulu4e0au9762u6587u4ef6u7684u683cu5f0f u6709u56dbu79cd YAML PROPERTIES KEY-VALUE FILES
        #data-key: configuration    #u8868u793aconsulu4e0au9762u7684KEYu503c(u6216u8005u8bf4u6587u4ef6u7684u540du5b57) u9ed8u8ba4u662fdata
        data-key: data    #u8868u793aconsulu4e0au9762u7684KEYu503c(u6216u8005u8bf4u6587u4ef6u7684u540du5b57) u9ed8u8ba4u662fdata
        #prefixu8bbeu7f6eu914du7f6eu503cu7684u57fau672cu6587u4ef6u5939
        #defaultContextu8bbeu7f6eu6240u6709u5e94u7528u7a0bu5e8fu4f7fu7528u7684u6587u4ef6u5939u540du79f0
        #profileSeparatoru8bbeu7f6eu7528u4e8eu4f7fu7528u914du7f6eu6587u4ef6u5728u5c5eu6027u6e90u4e2du5206u9694u914du7f6eu6587u4ef6u540du79f0u7684u5206u9694u7b26u7684u503c 
    config:
      profile: prod
      label: master
      username: lynch
      password: 123456
      discovery:
        # 默认false，设为true表示使用注册中心中的configserver配置而不自己配置configserver的uri
        enabled: true  
        # 指定config server在服务发现中的serviceId，默认为：configserver         
        serviceId: mima-cloud-config-server