我知道Spring Cloud Config Server可以使用用户名和密码进行保护,用户名和密码必须由访问客户端提供 .
如何阻止客户端将这些用户名和密码以明文形式存储在客户端应用程序/服务的bootstrap.yml文件中?
加密文本可以放在bootstrap.yml中 .
检查 - > http://projects.spring.io/spring-cloud/spring-cloud.html#_encryption_and_decryption
最基本的"basic authentication"(来自这里https://github.com/spring-cloud-samples/configserver)
您可以通过在Spring Security上添加额外的依赖项来添加HTTP Basic身份验证(例如,通过spring-boot-starter-security) . 用户名为"user",启动时在控制台上打印密码(标准Spring Boot方法) . 如果使用maven( pom.xml ):
pom.xml
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
如果需要自定义用户/密码对,则需要在服务器配置文件中指明
security: basic: enabled: false
并在您的代码中添加此最小类( BasicSecurityConfiguration.java ):
BasicSecurityConfiguration.java
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration //@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class BasicSecurityConfiguration extends WebSecurityConfigurerAdapter { @Value("#{'${qa.admin.password:admin}'}") //property with default value String admin_password; @Value("#{'${qa.user.password:user}'}") //property with default value String user_password; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password(user_password).roles("USER") .and() .withUser("admin").password(admin_password).roles("USER", "ACTUATOR"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .httpBasic() .and() .authorizeRequests() .antMatchers("/encrypt/**").authenticated() .antMatchers("/decrypt/**").authenticated() //.antMatchers("/admin/**").hasAuthority("ROLE_ACTUATOR") //.antMatchers("/qa/**").permitAll() ; } }
@Value(“#{'$ {qa.admin.password:admin}'}”)允许在属性配置文件,环境变量或命令行中定义密码 .
例如( application.yml ):
application.yml
server: port: 8888 security: basic: enabled: false qa: admin: password: adminadmin user: password: useruser management: port: 8888 context-path: /admin logging: level: org.springframework.cloud: 'DEBUG' spring: cloud: config: server: git: ignoreLocalSshSettings: true uri: ssh://git@gitlab.server.corp/repo/configuration.git
这对我有用 .
编辑:您可以直接将基本用户配置放在_478654中,而不是类:
security: basic: enabled: true path: /** ignored: /health**,/info**,/metrics**,/trace** user: name: admin password: tupassword
2 回答
加密文本可以放在bootstrap.yml中 .
检查 - > http://projects.spring.io/spring-cloud/spring-cloud.html#_encryption_and_decryption
最基本的"basic authentication"(来自这里https://github.com/spring-cloud-samples/configserver)
您可以通过在Spring Security上添加额外的依赖项来添加HTTP Basic身份验证(例如,通过spring-boot-starter-security) . 用户名为"user",启动时在控制台上打印密码(标准Spring Boot方法) . 如果使用maven(
pom.xml
):如果需要自定义用户/密码对,则需要在服务器配置文件中指明
并在您的代码中添加此最小类(
BasicSecurityConfiguration.java
):@Value(“#{'$ {qa.admin.password:admin}'}”)允许在属性配置文件,环境变量或命令行中定义密码 .
例如(
application.yml
):这对我有用 .
编辑:您可以直接将基本用户配置放在_478654中,而不是类: