config-server/client 简单接入 spring-boot-starter-security

由于配置中心内容比较敏感，所以结合spring security实现安全保护。

首先改造config-server，在pom文件里引入spring-boot-starter-security：

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

启动后，可以观察到：

2019-04-14 16:54:26.568  INFO 31260 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: 36c88ee0-8e4f-47af-b7bd-90c1953e3400

这是因为没有指定用户密码，那么，在application.yml中指定账户密码如下：

spring:
  security:
    user:
      name: user
      password: 3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a

再次启动，访问接口：

• curl http://127.0.0.1:7001/didispace/prod/ 报错Unauthorized

• curl http://127.0.0.1:7001/didispace/prod/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a -v 可以获得配置信息

RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7001/didispace/prod/
{"timestamp":"2019-04-14T08:56:25.014+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/didispace/prod/"}RdeMacBook-Pro:config-server r$ 
RdeMacBook-Pro:config-server r$ 
RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7001/didispace/prod/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a -v
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7001 (#0)
* Server auth using Basic with user 'user'
> GET /didispace/prod/ HTTP/1.1
> Host: 127.0.0.1:7001
> Authorization: Basic dXNlcjozYmUzNWNiZS00Y2JlLTRhYjItODdkNi1lZTNiMWY1OWFkNWE=
> User-Agent: curl/7.63.0
> Accept: */*
> 
< HTTP/1.1 200 
< Set-Cookie: JSESSIONID=B0B000C4FD35C184466451D5E8B5AF3A; Path=/; HttpOnly
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Sun, 14 Apr 2019 08:56:40 GMT
< 
* Connection #0 to host 127.0.0.1 left intact
{"name":"didispace","profiles":["prod"],"label":null,"version":"c9a668d1cf75d7bd5c27f0884214c61b8e0f5c6a","state":null,"propertySources":[{"name":"https://github.com/stringhuang/SpringCloud-Learning.git/spring_cloud_in_action/config-repo/didispace-prod.properties","source":{"from":"git-prod-1.0"}},{"name":"https://github.com/stringhuang/SpringCloud-Learning.git/spring_cloud_in_action/config-repo/didispace.properties","source":{"from":"git-default-1.0"}}]}RdeMacBook-Pro:config-server r$ 
RdeMacBook-Pro:config-server r$ 

那么，对于config-client，需要在bootstrap.properties中引入如下内容：

spring.cloud.config.username=user
spring.cloud.config.password=3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a

否则，启动的时候，不会"located property source"

扫描二维码关注公众号，回复： 5886603 查看本文章

运行：

RdeMacBook-Pro:config-server r$ curl http://127.0.0.1:7002/fromEnv/ --user user:3be35cbe-4cbe-4ab2-87d6-ee3b1f59ad5a 
git-prod-2.0
RdeMacBook-Pro:config-server r$