Springcloud security settings for application Configuration Center Config

Springcloud security settings for application Configuration Center Config

In Springcloud application development, in order to facilitate the online management of our configuration files, usually with a configuration center config-server, which hosts some of the application's configuration files, these profiles are configured with many of our account information: MySQL, Redis, Accounts and passwords for MongoDB, RABBITMQ, and so on. The account information involved, we must guarantee how to ensure its security.

1. Ensure the security of the container file access, that is, to ensure that all network resource requests are required to log in

With the security of Springboot configuration properties, configuring Security.user.name and Security.user.password can initially achieve the effect of secure access. Configuration: In Application.yml, configure the following:

The security of the Springboot configuration attribute plus the following is better:

Security:  basic:    true

Increased in pom dependency

Security dependency

When you restart Config-server and then access the file resource through a URL,

Security Secure Login Page * * *: If the URL is called directly, then you need to add parameters in the URL, add in headers inside, Authorization:basic *************=********* After Base64 to the user name password encryption, get it can be logged in the security login page above, F12 Open, find the request headers inside. Or use the Postman Test tool to enter the username and password, to headers view.

2. Encrypt the password in all configuration files in the configuration to ensure its redaction

Springcloud's Configuration Service Center has the Decrypt/encrypt function, can encrypt the original text into ciphertext, also can decrypt the ciphertext into the original text. Its working principle is, first of all the original password and so on through the developer set key and Springcloud in the encrypt encryption into ciphertext, with a cipher to replace the source code center of the original password; When the project starts loading the configuration center, The ciphertext is automatically decrypted into the original text and loaded into the context of spring (the spring context caches the original text rather than the ciphertext). The following steps are described:

A. First go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html to download and unzip the file, you can see Local_ Policy.jar and Us_export_policy.jar and Readme.txt, if the JRE is installed, place two jar files in the%jre_home%\lib\security file directory, if the JDK is installed, The two jar files are also placed in the%jdk_home%\jre\lib\security file directory. (JDK8 Environment)

B. Set the encryption key to configure the Security.key=your key in the Application.yml file in the Config-server microservices

Configure keys

C. Restart the Configuration Center service and you will find

Security Policy encryption/decryption method discovery

D. Encrypt the original password

Encrypt with postman tool

E. Copy encrypted ciphertext, plus {cipher} identity, edit in config file (cannot have any characters in the middle of identifiers and ciphertext, including spaces)

Editing a configuration file

After the fix, all the passwords in our configuration file are ciphertext, even if the configuration file is hosted on GitHub, others can not see what the original password is.

Transferred from: https://www.jianshu.com/p/93592860993d

Springcloud security settings for application Configuration Center Config