• Config安全控制

    1、config server引入依赖

    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

     

    2、config server配置bootstrap.yml文件

    security:
  basic:
    enabled: true
  user:
    name: lynch
    password: 123456
encrypt: 
  key-store: 
    location: configserver.keystore
    alias: mydevkey
    password: 123456
    secret: 123456

     

    3、访问application-prod.properties配置文件

    4、config client配置bootstrap.yml文件
    4.1、单机配置安全验证

    #注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    config:
      #安全认证设置用户名密码
      uri: http://kevin:123456@localhost:6061/
      #指定profile,对应mmima-cloud-config-server所获取的配置文件中的{profile}
      profile: prod
      label: master
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  instance:
    prefer-ip-address: true
    instanceId: ${spring.application.name}:${spring.cloud.client.ipAddress}:${server.port}

     

    4.2、集群配置安全验证

    #注意config-client的配置需要放到bootstrap.yml中
management:
  security:
    enabled: false
spring:
  application:
    name: mima-cloud-config-client
  cloud:
    consul:
      discovery: 
        instanceId: ${spring.application.name}:${server.port}
      host: localhost
      port: 8500
      config:
        enabled: true #falseu7981u7528Consulu914du7f6euff0cu9ed8u8ba4true
        format: YAML    # u8868u793aconsulu4e0au9762u6587u4ef6u7684u683cu5f0f u6709u56dbu79cd YAML PROPERTIES KEY-VALUE FILES
        #data-key: configuration    #u8868u793aconsulu4e0au9762u7684KEYu503c(u6216u8005u8bf4u6587u4ef6u7684u540du5b57) u9ed8u8ba4u662fdata
        data-key: data    #u8868u793aconsulu4e0au9762u7684KEYu503c(u6216u8005u8bf4u6587u4ef6u7684u540du5b57) u9ed8u8ba4u662fdata
        #prefixu8bbeu7f6eu914du7f6eu503cu7684u57fau672cu6587u4ef6u5939
        #defaultContextu8bbeu7f6eu6240u6709u5e94u7528u7a0bu5e8fu4f7fu7528u7684u6587u4ef6u5939u540du79f0
        #profileSeparatoru8bbeu7f6eu7528u4e8eu4f7fu7528u914du7f6eu6587u4ef6u5728u5c5eu6027u6e90u4e2du5206u9694u914du7f6eu6587u4ef6u540du79f0u7684u5206u9694u7b26u7684u503c 
    config:
      profile: prod
      label: master
      username: lynch
      password: 123456
      discovery:
        # 默认false,设为true表示使用注册中心中的configserver配置而不自己配置configserver的uri
        enabled: true  
        # 指定config server在服务发现中的serviceId,默认为:configserver         
        serviceId: mima-cloud-config-server

     
  • 相关阅读:
    最大流
    CF Round #634
    CF Round #633
    Sunday
    Pikachu——RCE(远程系统命令、代码执行)
    Pikachu——SQL Inject
    Pikachu——CSRF(跨站请求伪造)
    Pikachu——XSS(反射型,存储型,DOM型,盲打,过滤,htmlspecialchars(),href输出,js输出)
    Pikachu暴力破解——token防爆破?
    Pikachu暴力破解——验证码绕过(on client)
  • 原文地址:https://www.cnblogs.com/linjiqin/p/10339501.html
Copyright © 2020-2023  润新知