由于配置中心内容比较敏感,所以结合spring security实现安全保护。
首先改造config-server,在pom文件里引入spring-boot-starter-security:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
启动后,可以观察到:
2019-04-14 16:54:26.568 INFO 31260 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 36c88ee0-8e4f-47af-b7bd-90c1953e3400
这是因为没有指定用户密码,那么,在application.yml中指定账户密码如下:
spring:
security:
user:
name: user
password: 3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a
再次启动,访问接口:
-
curl http://127.0.0.1:7001/didispace/prod/ 报错Unauthorized
-
curl http://127.0.0.1:7001/didispace/prod/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a -v 可以获得配置信息
RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7001/didispace/prod/
{"timestamp":"2019-04-14T08:56:25.014+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/didispace/prod/"}RdeMacBook-Pro:config-server r$
RdeMacBook-Pro:config-server r$
RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7001/didispace/prod/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a -v
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7001 (#0)
* Server auth using Basic with user 'user'
> GET /didispace/prod/ HTTP/1.1
> Host: 127.0.0.1:7001
> Authorization: Basic dXNlcjozYmUzNWNiZS00Y2JlLTRhYjItODdkNi1lZTNiMWY1OWFkNWE=
> User-Agent: curl/7.63.0
> Accept: */*
>
< HTTP/1.1 200
< Set-Cookie: JSESSIONID=B0B000C4FD35C184466451D5E8B5AF3A; Path=/; HttpOnly
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Sun, 14 Apr 2019 08:56:40 GMT
<
* Connection #0 to host 127.0.0.1 left intact
{"name":"didispace","profiles":["prod"],"label":null,"version":"c9a668d1cf75d7bd5c27f0884214c61b8e0f5c6a","state":null,"propertySources":[{"name":"https://github.com/stringhuang/SpringCloud-Learning.git/spring_cloud_in_action/config-repo/didispace-prod.properties","source":{"from":"git-prod-1.0"}},{"name":"https://github.com/stringhuang/SpringCloud-Learning.git/spring_cloud_in_action/config-repo/didispace.properties","source":{"from":"git-default-1.0"}}]}RdeMacBook-Pro:config-server r$
RdeMacBook-Pro:config-server r$
那么,对于config-client,需要在bootstrap.properties中引入如下内容:
spring.cloud.config.username=user
spring.cloud.config.password=3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a
否则,启动的时候,不会"located property source"
运行:
RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7002/fromEnv/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a
git-prod-2.0
RdeMacBook-Pro:config-server r$