SpringCloud-分布式配置中心【加密-非对称加密】
案例代码:https://github.com/q279583842q/springcloud-e-book
非对称加密
一、什么是非对称加密(Asymmetric encryption)
二、Java-keytool 使用说明
非对称加密我们需要生成对应的公钥和私钥,jdk中提供的有java-keytool工具帮助我们生成,执行如下命令:
keytool -genkeypair -alias "config-info" -keyalg "RSA" -keystore c:\tools\encryp-info.keystore
三、创建服务项目
1.创建项目
创建一个SpringCloud项目
2.pom文件
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>1.5.13.RELEASE</version></parent><groupId>com.bobo</groupId><artifactId>config-server-encryption-SRA</artifactId><version>0.0.1-SNAPSHOT</version><dependencyManagement><dependencies><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>Dalston.SR1</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-eureka</artifactId></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-config-server</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
3.配置文件
spring.application.name=config-server-encryption-SRAserver.port=9060#设置服务注册中心地址,指向另一个注册中心eureka.client.serviceUrl.defaultZone=http://dpb:123456@eureka1:8761/eureka/,http://dpb:123456@eureka2:8761/eureka/#Git 配置spring.cloud.config.server.git.uri=https://gitee.com/dengpbs/config#spring.cloud.config.server.git.username=#spring.cloud.config.server.git.password=#keytool -genkeypair -alias "config-info" -keyalg "RSA" -keystore c:\tools\encryp-info.keystore# keystore 文件的路径encrypt.key-store.location=classpath:encryp-info.keystore# alias 指定密钥对的别名,该别名是公开的;encrypt.key-store.alias=config-info# storepass 密钥仓库encrypt.key-store.password=123456# keypass 用来保护所生成密钥对中的私钥encrypt.key-store.secret=123456
将生成的keystore文件拷贝到classpath目录下
4.启动测试
测试加密状态
//localhost:9060/encrypt/status
加密
public class Test1 {/** * 通过RestTemplate来加密数据 * @param args */public static void main(String[] args) {String url = "http://127.0.0.1:9060/encrypt";RestTemplate template = new RestTemplate();ResponseEntity<String> msg = template.postForEntity(url, "123456", String.class);System.out.println(msg.getBody());}}
四、创建客户端项目
1.创建项目
拷贝上个案例的客户端程序。
2.pom文件
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>1.5.13.RELEASE</version><relativePath /> <!-- lookup parent from repository --></parent><groupId>com.bobo</groupId><artifactId>config-e-book-product-provider-sra</artifactId><version>0.0.1-SNAPSHOT</version><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>1.3.4</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-eureka</artifactId></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.47</version></dependency><dependency><groupId>com.bobo</groupId><artifactId>e-book-product-service</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-config</artifactId></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>Dalston.SR5</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
3.bootstrap文件
spring.application.name=config-e-book-product-provider-sraserver.port=9001#\u8BBE\u7F6E\u670D\u52A1\u6CE8\u518C\u4E2D\u5FC3\u5730\u5740\uFF0C\u6307\u5411\u53E6\u4E00\u4E2A\u6CE8\u518C\u4E2D\u5FC3eureka.client.serviceUrl.defaultZone=http://dpb:123456@eureka1:8761/eureka/,http://dpb:123456@eureka2:8761/eureka/#配置中心服务端的链接信息#默认 false,这里设置 true,表示开启读取配置中心的配置spring.cloud.config.discovery.enabled=true#对应 eureka 中的配置中心 serviceId,默认是 configserverspring.cloud.config.discovery.serviceId=config-server-encryption-SRA#git 标签spring.cloud.config.label=master
4.仓库文件
在git中创建config-e-book-product-provider-sra.properties文件
#--------------db----------------mybatis.type-aliases-package=com.book.product.pojomybatis.mapper-locations=classpath:com/bobo/product/mapper/*.xmlspring.datasource.driverClassName=com.mysql.jdbc.Driverspring.datasource.url=jdbc:mysql://localhost:3306/book-product?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNullspring.datasource.username={cipher}AQBTQaUuvTsXQ9Y4tr9Vq5BrEASk7ItrtNsQemtjgMd8anL5bMeo+NJVJ2kEKOzEdITiEGAguUTs78I9XGBZNI2DaNcySNjmKIi6NRX9ury1Fd9tGzT4ViZyNf2IcaUhwb7Yx0HBiHAyOxVDB1wStCUTUj3sD7/MZxw3VQeUMueti4j7giyHg2xGnKW1NnKNxKjpiUKY1uz3Ag2DZwdLQnAvmm90Y290HNNMDzq8ROrHbxXmyGCAlpmHXWloLZ0r7eBNkLvG7Hnnx9vDmWWyiRxSPiJo2UszmnKf5vN8hQZYIU83AjXMkOGolpPkOhg4nsoQS9++oF/AYGGydthxmuI9zsX8L6JXWBioo72yAXX8sw7doAp71ABuv2ivwd8njo8=spring.datasource.password={cipher}AQBZKEptQk2RBf+3DJ1tlHbmFKiuNtjwIbq8qf1kjIkkteYmxcrTfPmO5DYFuRd/xsVlKAfK+pfsn1nPntBjqMQYPvDPMy7LkcYe/gA4Q8/9d97Fn8o0TRv3VcYLvnPbn77S3CWBG/80LngQjLSbpShrUJdf7saC1ksBFDTmLMjlClJudIv3SpzkEVWZ8gc/UJoJSCHT/p3IAIxIGG6zQwYxv04tHYzMV+mxy5bgg6G6K+tQ9RShd0KkedtJHKTWaF3fJWfQHgy4eK5+d4UCinUso0pQg+kQpEgcszgK4+2jOnmf5O0OYzlzUkdAhYvqHFvi6qzQSh63KRTvkxAXSWZK6H8ku11Il3zJzNkiaJTK4bIFDKjV4ZSUbluzNxA946M=
5.测试
启动服务端和客户端访问。
直接访问服务端查看//localhost:9060/config-e-book-product-provider-SRA/default
我们发现当我们知道服务端的访问地址后,其实可以拿到解密后的明文,这种是我们加密中的漏铜,这时我们可以通过添加安全认证来解决。
五、安全认证
服务端项目集成Security
添加security依赖
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>
修改配置
在application.properties中添加如下信息
# 安全认证#开启基于 http basic 的安全认证security.basic.enabled=truesecurity.user.name=dpbsecurity.user.password=123456
测试
http://localhost:9060/config-e-book-product-provider-SRA/default
客户端认证
因为服务端开启了完全认证,所以客户端也必然要响应的添加。所以在bootstrap.properties中添加对应的账号信息即可:
spring.application.name=config-e-book-product-provider-sraserver.port=9001#\u8BBE\u7F6E\u670D\u52A1\u6CE8\u518C\u4E2D\u5FC3\u5730\u5740\uFF0C\u6307\u5411\u53E6\u4E00\u4E2A\u6CE8\u518C\u4E2D\u5FC3eureka.client.serviceUrl.defaultZone=http://dpb:123456@eureka1:8761/eureka/,http://dpb:123456@eureka2:8761/eureka/#配置中心服务端的链接信息#默认 false,这里设置 true,表示开启读取配置中心的配置spring.cloud.config.discovery.enabled=true#对应 eureka 中的配置中心 serviceId,默认是 configserverspring.cloud.config.discovery.serviceId=config-server-encryption-SRA#git 标签spring.cloud.config.label=master#安全保护spring.cloud.config.username=dpbspring.cloud.config.password=123456
这样就堵住了加密后信息在服务端显示的漏洞咯
短命女
左手的ㄟ右手
╰+哭是因爲堅強的太久メ
「爱情、让人受尽委屈。」
不念不忘少年蓝@
还没有评论,来说两句吧...