一. config 加密
先下载JCE,替换
keytool -genkeypair -alias {我的key} -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=CN" -keypass {我的secret} -keystore my_keystore.jks -storepass {我的password}
把生成的my_keystore.jks 拷的resources下
修改bootstrap.yml
encrypt:
key-store: # 非对称加密
location: classpath:/my_keystore.jks
password: 我的password
alias: 我的key
secret: 我的secret
key: 自定义key # 对称加密
password: '{cipher}密码' # 在yml中用括起来, properties中不用
二. config 动态刷新
在需要刷新的和config-server中都加入spring-cloud-starter-bus-amqp依赖,刷新的地方加上@RefreshScope注解
spring:
rabbitmq:
host: 39.107.123.121
port: 5672
username: guest
password: '{cipher}密码'
anagement:
security:
enabled: false
encrypt:
key: fengf
/bus/refresh?destination=** 刷新
三.Edgware升级到Finchley
①spring boot 1.5.x --> 2.0.x
②eureka:spring-cloud-starter-eureka --> spring-cloud-starter-netflix-eureka-client
spring-cloud-starter-eureka-server --> spring-cloud-starter-netflix-eureka-server
③ zuul spring-cloud-starter-zuul --> spring-cloud-starter-netflix-zuul
④hystrix spring-cloud-starter-hystrix --> spring-cloud-starter-netflix-hystrix
⑤调用 spring-cloud-starter-feign --> spring-cloud-starter-openfeign
spring-cloud-starter-ribbon --> 不需要再加了,已经包含在eureka 里了
⑥config刷新
server和client配置 取消安全验证: management.security.enable=false --> management.endpoints.web.exposure.include=bus-refresh
添加 spring-boot-starter-actuator 和 spring-cloud-starter-bus-amqp 依赖
客户端要加上 @RefreshScope注解 !!
调用 : /bus/refresh ---> /actuator/bus-refresh
四. oauth2
断断续续折腾了有四五个月个,20180718今天终于能获取token了, 心态都崩了好几次。总结如下
①post /oauth/token 返回 401 unauthorized
可能为security和oauth2的Resource互相覆盖,在ResourceConfig中设置放过/oauth/token
也尝试了在配置文件中添加security.oauth2.resource.filter-order=3但这个已经过时而且注释掉无影响
②加密密码
可以配置不加密密码
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
或者按照spring5中新的格式 {PasswordEncoder的id}原始密码
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client").secret("{noop}mysecret")
.authorizedGrantTypes("password", "refresh_token").scopes("all");
}
但实测后在.secret("")里只要写加密后的字符串就行了
③请求参数
image.png
或者
post localhost:8888/auth/oauth/token?grant_type=password
header: {
Authorization: Basic d2ViOndlYkFwcA== clientId和clientSecret编码后
Content-Type: application/x-www-form-urlencoded
}
body:{
username: f
password: ff
}
鉴权check_token
post localhost:8888/auth/oauth/check_token
header 相同
body:{
token: "token"
}
刷新token
post localhost:8888/auth/oauth/token?grant_type=refresh_token&refresh_token="refresh_token"
header:{
Authorization: Basic d2ViOndlYkFwcA==
}
无body
五. zuul放过header
zuul 会默认过滤掉请求header,比如 Authorization, 在配置文件中设置
zuul:
host:
connect-timeout-millis: 990000
socket-timeout-millis: 990000
sensitive-headers:
add-host-header: true
六. gateway的坑
- gateway是基于webflux实现,所以不要引用spring-boot-starter-web这种基于springmvc的
- gateway与hystrix
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
default-filters:
routes:
- id: user
uri: lb://user
predicates:
- Path=/user/**
filters:
- RewritePath=/user/(?<path>.*), /$\{path}
- name: Hystrix
args:
name: userHystrixCommand
fallbackUri: forward:/hystrixTimeout
@RequestMapping("/hystrixTimeout")
public String hystrixTimeout() {
return "gateway触发了断路由";
}
@HystrixCommand(commandKey = "userHystrixCommand",commandProperties = {
@HystrixProperty(name = "execution.isolation.thread.timeoutInMilliseconds", value = "30000")}
)
public Map userHystrixCommand() {
Map<String, String> map = new HashMap<>();
map.put("message", "gateway触发了userHystrixCommand");
return map;
}
网友评论