在上一篇中,集成nacos用的是springboot的配置文件,在配置文件中有几个项是必须要配置的,否则启动不成功。
另一种集成方式是,用javaconfig的方式:
@SpringBootApplication
@EnableNacosConfig(globalProperties = @NacosProperties(serverAddr = "192.168.xxx.xxx:8848",namespace = "32a9fc67-5fc9-47a7-947b-863364d93a88"))
@NacosPropertySource( autoRefreshed = true, groupId="AUTH_CENTER", dataId = "ykylogic-auth",type = ConfigType.YAML)
public class YkyAuthServerApplication {
public static void main(String[] args) {
SpringApplication.run(YkyAuthServerApplication.class, args);
}
}
在使用时,用@NacosValue,参考下边的类,该类是在登录时多用ras非对称加密方式对用户传过来的密文密码先解密,然后再用DESede加密被解密后的密码,最后与数据库存储的DESede加密密码对比,rsa的公钥是对外公布的,其密钥存在服务端nacos配置中心,此处是利用了@NacosValue来获取配置中心rsa的密钥。(我下边的CustomDaoAuthenticationProvider 上没有注解,但在其他地方已配置其为spring的bean)
/**
* <p>Title: CustomDaoAuthenticationProvider.java</p>
* <p>Description: </p>
* @author wangzhj
* @date 2020年5月11日
* @version 1.0
*/
package com.yky.auth.service;
import org.apache.commons.codec.binary.Base64;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import com.alibaba.nacos.api.config.annotation.NacosValue;
import com.yky.auth.util.Encrypter;
/**
* <p>Title: CustomDaoAuthenticationProvider</p>
* <p>Description: </p>
* @author wangzhj
* @date 2020年5月11日
*/
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {
@NacosValue(value = "${rsa.private.key}", autoRefreshed = true)
private String privateKey;
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials",
"Bad credentials"));
}
String name = userDetails.getUsername();
String password = authentication.getCredentials().toString();
try {
password = new String(Encrypter.decryptRSAByPrivateKey(Base64.decodeBase64(privateKey), Base64.decodeBase64(password)));
} catch (Exception e1) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials",
"Bad credentials"));
}
String encodePassword;
try {
encodePassword = new String(Encrypter.byteToHex(
Encrypter.encryptMode(Encrypter.stringToByte(name + password), password.getBytes())));
} catch (Exception e) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials",
"Bad credentials"));
}
if(!encodePassword.equals(userDetails.getPassword())) {
logger.debug("Authentication failed: password does not match stored value");
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials",
"Bad credentials"));
}
}
}
nacos配置中心yaml格式的密钥:
rsa:
private:
key: MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA8A7YBYYdIGiVCRsbggMJna/SDR5SmLhr6QMblcIdpvF9JbnEpi/CETILTINxw+bYzM8zEDv+464FIwLleYLRHwIDAQABAkEAhkl3dFeasYdvX4GneKokVe6FzUraH46C5v0TEEpfdgPpdPFKglhJMVH7hvUobAfmW4ZYCiV70eXaVm+h8BjhCQIhAP3UZfSFodq/6w8bEVwdJ1B1uvtgu9Ps6Nzq4Rt4qY3DAiEA8hxNEHojq0RvPFFIajvfaCOYncWnWyhA1F3akysjbXUCIAENsJ6jL1jJEyCs7BWFyXP8CRqh/CWVBiJklyqWBZ4hAiEAhCD51cIycSd55VsewAtI0xaKFaBmwxLmvn8x6BskzHkCIQCHZWLc+r0P9UiWIRke1K/fovWYnADzSvqNfP3bbVnJZw==