Config安全控制

1、config server引入依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

 

2、config server配置bootstrap.yml文件

security:
  basic:
    enabled: true
  user:
    name: lynch
    password: 123456
encrypt: 
  key-store: 
    location: configserver.keystore
    alias: mydevkey
    password: 123456
    secret: 123456

 

3、访问application-prod.properties配置文件

4、config client配置bootstrap.yml文件
4.1、单机配置安全验证

#注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    config:
      #安全认证设置用户名密码
      uri: http://kevin:123456@localhost:6061/
      #指定profile，对应mmima-cloud-config-server所获取的配置文件中的{profile}
      profile: prod
      label: master
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  instance:
    prefer-ip-address: true
    instanceId: ${spring.application.name}:${spring.cloud.client.ipAddress}:${server.port}

 

4.2、集群配置安全验证

#注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    consul:
      discovery: 
        instanceId: ${spring.application.name}:${server.port}
      host: localhost
      port: 8500
      config:
        enabled: true #false\u7981\u7528Consul\u914d\u7f6e\uff0c\u9ed8\u8ba4true
        format: YAML    # \u8868\u793aconsul\u4e0a\u9762\u6587\u4ef6\u7684\u683c\u5f0f \u6709\u56db\u79cd YAML PROPERTIES KEY-VALUE FILES
        #data-key: configuration    #\u8868\u793aconsul\u4e0a\u9762\u7684KEY\u503c(\u6216\u8005\u8bf4\u6587\u4ef6\u7684\u540d\u5b57) \u9ed8\u8ba4\u662fdata
        data-key: data    #\u8868\u793aconsul\u4e0a\u9762\u7684KEY\u503c(\u6216\u8005\u8bf4\u6587\u4ef6\u7684\u540d\u5b57) \u9ed8\u8ba4\u662fdata
        #prefix\u8bbe\u7f6e\u914d\u7f6e\u503c\u7684\u57fa\u672c\u6587\u4ef6\u5939
        #defaultContext\u8bbe\u7f6e\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u7684\u6587\u4ef6\u5939\u540d\u79f0
        #profileSeparator\u8bbe\u7f6e\u7528\u4e8e\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u5728\u5c5e\u6027\u6e90\u4e2d\u5206\u9694\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7684\u5206\u9694\u7b26\u7684\u503c 
    config:
      profile: prod
      label: master
      username: lynch
      password: 123456
      discovery:
        # 默认false，设为true表示使用注册中心中的configserver配置而不自己配置configserver的uri
        enabled: true  
        # 指定config server在服务发现中的serviceId，默认为：configserver         
        serviceId: mima-cloud-config-server