Spring Cloud Learning Notes-011

• Distributed Configuration Center: Security

Because the content of the configuration center store is more sensitive, it is necessary to do some security processing. There are many ways to secure your configuration center, such as physical network restrictions, OAuth2 authorization, and so on. Because microservices applications and configuration centers are built on the basis of spring boot, it is more convenient to use it in conjunction with spring security.

1. Add sprign security dependencies to the Pom.xml in the reconfiguration center only, and no additional changes are required to enable security protection for configuration Center access. By default, you can get a user named users, and when the configuration center starts, print out the user's random password at the console:

2. In most cases, the mechanism of randomly generated passwords is not used. You can specify the user and password in the configuration file:

3. At this point, if the corresponding security information is not set in the client that is connected to the configuration center, a 401 error is returned when the configuration information is obtained. Therefore, you need to configure the way in the client to join security information to pass the checksum:

• Distributed Configuration Center: Highly Available configuration

When you want to deploy the configuration center to a production environment, as with the service registry, it should be a highly available application. Spring Cloud config is very easy to implement on the server side, mainly in the following two ways:

legacy Mode: No additional configuration is required for these servers, just follow a configuration rule that points all config servers to the same Git repository so that all configuration content is maintained through a unified shared file system. When the client specifies the config server location, it only needs to configure the load balancing device address on the upper level of config server.

　　 Service mode: using config server as a common micro-service application, it is included in Eureka Service governance system. In this way, the MicroServices application can obtain configuration information through the Configuration Center's service name, which is more advantageous than the traditional implementation mode, because the server load balancer configuration and the Client Configuration Center designation are solved by the service governance mechanism, both high availability and self-maintenance are realized.

The next step is to register config server with the service center and Access the Config server through service discovery and get the configuration information in the Git repository. Based on the Demo-config-server and demo-config-client two projects to transform.

1. Increase the Eureka dependency in the Demo-config-server pom.xml:

2. Specify the service registry location in the Demo-config-server application.yml file:

3. Enable the Eureka client in the Demo-config-server startup class:

4. Start the service and log in to the registry to view:

5. Increase the Eureka dependency in the Demo-config-client pom.xml:

6. Specify the location of the service registry in the Demo-config-client Bootstrap.properties file:

Where the service registry is specified by the Eureka.client.serviceUrl.defatulZone parameter for registration and discovery of the service, and the spring.cloud.discovery.enabled parameter is set to true to access config through the service The function of the server; Finally, the spring.cloud.config.discovery.serviceId parameter is used to specify the service name registered by Config server.

7. Enable the Eureka client in the Demo-config-client startup class:

8. Start the service and log in to the registry to view:

9. Access the service Http://localhost:8002/from provided by the client app, which returns the contents of the From property configured in the Application-dev.properties file in the git repository: "git-dev-1.0"

Spring Cloud Learning Notes-011