一、漏洞修复
1. 未授权访问漏洞
前因:政府项目被扫出nacos未授权访问漏洞
2. 解决方案
在nacos/conf/application.properties
nacos开启权限认证配置:
nacos.core.auth.enabled=true
3. 修复效果图
添加用户
http://127.0.0.1:8848/nacos/v1/auth/users/?username=test&password=test
可以看到不使用鉴权就可以访问到用户信息
http://127.0.0.1:8848/nacos/v1/auth/users/?pageNo=1&pageSize=9
二、403 异常解决
现象:开启
nacos.core.auth.enabled=true
,然后重启nacos,发现权限果然好用了,但是在启动java应用时无法连接nacos服务端,报403错误。
2.1. 版本对照
先阅读->版本说明
2.2. 线上采用版本
Spring Cloud Alibaba Version | Spring Cloud Version | Spring Boot Version | Nacos Version |
---|---|---|---|
2.2.7.RELEASE | Spring Cloud Hoxton.SR12 | 2.3.12.RELEASE | 2.0.3 |
2.3. yml文件配置
bootstrap.yml
# Tomcat
server:
port: 8080
# Spring
spring:
application:
# 应用名称
name: ly-gateway
profiles:
# 环境配置
active: dev
cloud:
nacos:
discovery:
# nacos 认证密码
username: nacos
# nacos 认证密码
password: kwx_!2022@O^
# 服务注册地址
server-addr: 127.0.0.1:8848
config:
# 配置中心地址
server-addr: 127.0.0.1:8848
# nacos 认证用户
username: nacos
# nacos 认证密码
password: kwx_!2022@O^
# 配置文件格式
file-extension: yml
# 共享配置
shared-configs:
- application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
2.4. pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.gblfy</groupId>
<artifactId>nacos</artifactId>
<version>1.0.0</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.12.RELEASE</version>
<relativePath/>
</parent>
<properties>
<spring-cloud.version>Hoxton.SR12</spring-cloud.version>
<spring-cloud-alibaba.version>2.2.7.RELEASE</spring-cloud-alibaba.version>
<nacos-client.version>2.0.3</nacos-client.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<!--服务注册发现-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
<exclusions>
<exclusion>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--配置管理-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
<exclusions>
<exclusion>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client</artifactId>
<version>${nacos-client.version}</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<!-- SpringCloud 微服务 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- SpringCloud Alibaba 微服务 -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-alibaba-dependencies</artifactId>
<version>${spring-cloud-alibaba.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>