一、配置中心服务器的配置
1. pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sande</groupId>
<artifactId>config-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>config-server</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2. src/main/resource/application.properties
server.port=7001
spring.application.name=config-server
eureka.client.serviceUrl.defaultZone=http://localhost:1112/eureka/,http://localhost:1111/eureka/
spring.cloud.config.server.git.uri=https://gitee.com/lixiaxin200319/config-repo
spring.cloud.config.server.git.username=lixiaxin200319
spring.cloud.config.server.git.password=HUI2011kai0421
spring.cloud.config.server.git.search-paths={application}
spring.cloud.config.label=master
spring.cloud.config.server.git.basedir=E:\\JAVA\\Spring\\config-server\\src\\main\\resources\\repos
spring.cloud.config.server.encrypt.enabled=true
3. src/main/resource/bootstrap.properties
encrypt.key-store.location=file:///E:/JAVA/Spring/config-server/src/main/resources/shared/config-server.keystore3
encrypt.key-store.alias=config-server3
encrypt.key-store.password=111111
#encrypt.key-store.secret=222222
#encrypt.key=didispace
4. 下载无长度限制的 jce_policy-8
下载地址:http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
我开发环境用的是 JDK 1.8 所以需要下载与JDK版本一张的 JCE。
解压后替换 C:\Program Files\Java\jre1.8.0_152\lib\security\policy\limited ,C:\Program Files\Java\jre1.8.0_152\lib\security\policy\unlimited, C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\policy\limited, C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\policy\unlimited ,这四个文件夹下的 local_policy.jar 和 US_export_policy.jar。
5. 生成加密用的秘钥
C:\Program Files\Java\jdk1.8.0_152\bin>keytool.exe -genkeypair -alias "config-server3" -keyalg "RSA" -dname "CN=zhaiyongchao,OU=company,O=organization,L=city,ST=province,C=china" -keypass 222222 -keystore "d:\config-server.keystore3" -storepass 111111 -validity 365 -deststoretype pkcs12
把秘钥 config-server.keystore3 复制到 E:\JAVA\Spring\config-server\src\main\resources\shared 文件夹下。
6. 应用主类
package com.sande.configserver;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.config.server.EnableConfigServer;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.bind.annotation.RestController;
@EnableConfigServer
@SpringBootApplication
public class ConfigServerApplication {
public static void main(String[] args) {
SpringApplication.run(ConfigServerApplication.class, args);
}
}
7. 启动 spring cloud config 服务端,检查加密KEY 状态是否OK
访问 /encrypt/status 端点,显示状态OK。
8. 使用 curl 访问 /encrypt 端点进行加密
9. 把加密后的数据更新到仓库的配置文件中
10. 验证可解密加密过的密码