本文共 9329 字,大约阅读时间需要 31 分钟。
我们在前几篇的基础上(springcloud版本为Dalston.SR1),再搭建ConfigServer和ConfigClient两个子模块,项目结构
Dalston.SR2,Dalston.SR3等版本,配置中心加密功能有bug,在配置了encrypt.key后,加密时仍然会报异常“No key was installed for encryption service”,所以这里我们采用Dalston.SR1版本
ConfigServer
pom.xml
4.0.0 com.yj SpringCloud 0.0.1-SNAPSHOT ConfigServer ConfigServer http://maven.apache.org UTF-8 org.springframework.cloud spring-cloud-config-server org.springframework.cloud spring-cloud-starter-eureka org.springframework.boot spring-boot-starter-security org.springframework.cloud spring-cloud-starter-bus-amqp org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-actuator ${artifactId} org.springframework.boot spring-boot-maven-plugin true org.apache.maven.plugins maven-jar-plugin com.yj.config.ConfigServerApplication true lib ./ config/** **.xml **.properties **.jks maven-assembly-plugin false src/main/build/package.xml make-assembly package single src/main/resources
ConfigServerApplication
package com.yj.config;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.cloud.config.server.EnableConfigServer;import org.springframework.cloud.netflix.eureka.EnableEurekaClient;@SpringBootApplication@EnableConfigServer@EnableEurekaClientpublic class ConfigServerApplication { public static void main(String[] args) { SpringApplication.run(ConfigServerApplication.class, args); }} application.properties
spring.application.name=config-servereureka.client.serviceUrl.defaultZone=http://admin:123456@peer1:8001/eureka,http://admin:123456@peer2:8002/eurekaeureka.instance.prefer-ip-address=trueeureka.instance.instance-id=${spring.cloud.client.ipAddress}:${server.port}eureka.instance.hostname=${spring.cloud.client.ipAddress}#配置文件在本地spring.profiles.active=native#配置文件的目录#spring.cloud.config.server.native.search-locations=file:D:/config-repospring.cloud.config.server.native.search-locations=file:///opt/springcloud/config-reposecurity.user.name=adminsecurity.user.password=123456#对称加密encrypt.key=myEncryptKeyspring.rabbitmq.host=192.168.37.140spring.rabbitmq.port=5672spring.rabbitmq.username=guestspring.rabbitmq.password=guest#非对称加密#encrypt.key-store.location=classpath:/config-server.jks#encrypt.key-store.alias=myEncryptKey#encrypt.key-store.password=hiYjGG#encrypt.key-store.secret=hiCmjMM startAll.sh
#! /bin/bashmoduleName="ConfigServer"java -jar ./$moduleName.jar --server.port=8010 &java -jar ./$moduleName.jar --server.port=8011 &
ConfigClient项目
pom.xml
4.0.0 com.yj SpringCloud 0.0.1-SNAPSHOT ConfigClient ConfigClient http://maven.apache.org UTF-8 org.springframework.cloud spring-cloud-starter-config org.springframework.cloud spring-cloud-starter-eureka org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-actuator org.springframework.cloud spring-cloud-starter-bus-amqp ${artifactId} org.springframework.boot spring-boot-maven-plugin true org.apache.maven.plugins maven-jar-plugin com.yj.config.ConfigClientApplication true lib ./ config/** **.xml **.properties maven-assembly-plugin false src/main/build/package.xml make-assembly package single src/main/resources
ConfigClientController
package com.yj.config.controller;import org.springframework.beans.factory.annotation.Value;import org.springframework.cloud.context.config.annotation.RefreshScope;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RefreshScopepublic class ConfigClientController { @Value("${config.testStr}") private String testStr; @RequestMapping("/hiConfig") public String hiConfig(){ return testStr; }} ConfigClientApplication
package com.yj.config;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.cloud.netflix.eureka.EnableEurekaClient;@SpringBootApplication@EnableEurekaClientpublic class ConfigClientApplication { public static void main(String[] args) { SpringApplication.run(ConfigClientApplication.class, args); }} bootstrap.properties
server.port=8012spring.application.name=config-clienteureka.client.serviceUrl.defaultZone=http://admin:123456@peer1:8001/eureka,http://admin:123456@peer2:8002/eurekaeureka.instance.prefer-ip-address=trueeureka.instance.instance-id=${spring.cloud.client.ipAddress}:${server.port}eureka.instance.hostname=${spring.cloud.client.ipAddress}spring.cloud.config.discovery.enabled=truespring.cloud.config.discovery.service-id=config-serverspring.cloud.config.label=config-clientspring.cloud.config.profile=devspring.cloud.config.username=adminspring.cloud.config.password=123456spring.rabbitmq.host=192.168.37.140spring.rabbitmq.port=5672spring.rabbitmq.username=guestspring.rabbitmq.password=guest 当使用Spring Cloud的时候,配置信息一般是从Config Server加载的,为了取得配置信息(比如数据库密码等),需要提早读取配置。因此,把 Config Server 信息放在
bootstrap.yml,用来加载需要的配置信息原理:
bootstrap.yml是被一个父级的Spring ApplicationContext加载的。这个父级的Spring ApplicationContext是先加载的,在加载application.yml的ApplicationContext之前。bootstrap与application
bootstrap.yml(bootstrap.properties)用来程序引导时执行,应用于更加早期配置信息读取,如可以使用来配置application.yml中使用到参数等application.yml(application.properties) 应用程序特有配置信息,可以用来配置后续各个模块中需使用的公共参数等。
官方提供http查看方式
/{application}/{profile}[/{label}]/{application}-{profile}.yml/{label}/{application}-{profile}.yml/{application}-{profile}.properties/{label}/{application}-{profile}.properties application:应用名 ,也就是spring.application.name
label:分支名,默认masterprofile:环境名,环境可以在配置文件的属性名是env,不设置也可以 部署验证
①当前版本的SpringCloud Bus仅支持两款中间件产品RabbitMq和Kafka,为了方便,这里我们直接用docker起一个rabbitMq的实例,实际生产环境建议使用集群
②在服务器/opt/springcloud/config-repo/config-client路径下创建一个名为config-client-dev.properties的配置文件
config.testStr={cipher}9fdd3c1aee0d95551f7829ba9d7aa02dc096930b33e178c14dacf3502c9d79b2 加密串来源于加密接口的加密结果
http://admin:123456@192.168.37.140:8010/encrypt/或者http://admin:123456@192.168.37.140:8011/encrypt/
③启动端口为8010,8011的ConfigServer实例,8012,8013的ConfigClient实例
④访问
http://192.168.37.140:8010/config-client/config-client-dev.properties或者http://192.168.37.140:8011/config-client/config-client-dev.properties
输入账号密码admin/123456后,可以访问到对应的配置文件
⑤请求
http://192.168.37.140:8012/hiConfig或者http://192.168.37.140:8013/hiConfig
显示hiConfig
⑥验证配置中心基于消息总线实现配置文件动态刷新的功能
修改配置文件内的加密串240552d25edcbac3f43f4a0262cc718e5a862cb54db548956f2dbf1e40be8415,然后请求
http://admin:123456@192.168.37.140:8010/bus/refresh或者http://admin:123456@192.168.37.140:8011/bus/refresh
刷新接口调用后,观察ConfigClient项目的控制台,监听到mq刷新消息,表示刷新成功
Received remote refresh request. Keys refreshed [config.testStr]
重复步骤1,显示hiYj
/bus/refresh接口可以指定服务,即使用"destination"参数,比如 “/bus/refresh?destination=config-client:**” 即刷新服务名为config-client的所有应用的配置文件
以上,我们用的是对称算法,接下来我们来试下配置中心非对称算法的实现
①配置jdk的jce,我们需要将这里的两个jar包拷贝到我们的jdk安装目录下,我的是%JAVA_HOME%\jre\lib\security,覆盖该目录下原有的文件
②jdk中自带的keytool工具生成密钥文件,%JAVA_HOME%/bin/目录下,执行
keytool -genkeypair -alias myEncryptKey -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass hiCmjMM -keystore config-server.jks -storepass hiYjGG -validity 365
成功后,当前目录下会生成一个config-server.jks文件(默认只有90天的有效期,这里我们将有效期该为一年内有效)
③将该文件剪切到ConfigServer项目的classpath下,修改ConfigServer配置文件application.properties,关闭对称加密,启用非对称加密
④注意ConfigServer的pom文件打包时,排除掉jks的文件(pom.xml第77行)
接下来加密以及刷新的操作,参照对称加密算法,两者是一模一样的
转载地址:http://ypsjn.baihongyu.com/