如何在Jhipster注册表应用程序中使用时加密Jasypt.encryptor.pasword属性';s配置文件
我正在使用JHipster注册表应用程序,并通过使用Jasypt库对所有micro服务的集中配置中的用户名和密码进行加密,从而使用本地加密 在执行此操作时,我注意到,当我尝试加密默认用户名和密码(admin/admin)时,我已经配置了gateway.yml(所有micro services通用配置的中央配置文件) 我也为Jasypt maven spring boot starter配置添加了注册应用程序项目所需的依赖项,如下所示,它编译并完美地打开了注册如何在Jhipster注册表应用程序中使用时加密Jasypt.encryptor.pasword属性';s配置文件,jhipster,spring-cloud-config,jhipster-registry,jhipster-gateway,Jhipster,Spring Cloud Config,Jhipster Registry,Jhipster Gateway,我正在使用JHipster注册表应用程序,并通过使用Jasypt库对所有micro服务的集中配置中的用户名和密码进行加密,从而使用本地加密 在执行此操作时,我注意到,当我尝试加密默认用户名和密码(admin/admin)时,我已经配置了gateway.yml(所有micro services通用配置的中央配置文件) 我也为Jasypt maven spring boot starter配置添加了注册应用程序项目所需的依赖项,如下所示,它编译并完美地打开了注册 <dependency>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
请建议在配置或任何其他替代方法时出现了什么问题,或者它不支持基于Jasypt的加密/解密或其他需要配置的内容?我已经找到了解决问题的方法。我所做的唯一更改是通过传递Jasypt加密库,我尝试使用传统的JHipster注册表应用程序云配置服务器加密/解密策略。对于类似的事情,我必须喜欢使用任何SpringCloudConfig服务器发现以及eureka。因此,当我在boostrap.yml中通过JHipster注册表应用程序中的central config文件夹使用本机文件系统进行集中配置时,我在注册表应用程序端禁用了Spring Cloud config server的encrypt属性,如下所示
spring:
application:
name: gateway
profiles:
active: dev
include: composite
cloud:
config:
fail-fast: false
uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
spring:
application:
name: jhipster-registry
profiles:
active: dev
include: composite
cloud:
config:
server:
#git:
# uri: https://github.com/debjupiter18/central-config-server
#skipSslValidation: true
bootstrap: true
**encrypt.enabled: false**
在我的micro service gateway应用程序中启用了相同的功能,如下所述
jhipster:
registry:
password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
spring:
application:
name: gateway
profiles:
active: dev
include: composite
# The commented value for `active` can be replaced with valid Spring profiles to load.
# Otherwise, it will be filled in by maven when building the JAR file
# Either way, it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
#active: dev
cloud:
config:
server.encrypt.enabled: true
fail-fast: false # if not in "prod" profile, do not force to use Spring Cloud Config
uri: http://admin:${jhipster.registry.password}@localhost:8761/config
#http://admin:password@registry:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
在central config文件夹中的gateway.yml文件中,修改了以下两个加密属性,因为目标是一个原型,以检查是否能够发现Eureka客户端并在这些更改到位的情况下连接到MYSQL Db
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4 #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev #, faker
# Property to disable logging in GAE since we cannot write to GAE file system
mail:
host: localhost
port: 25
username:
password:
messages:
cache-duration: PT1S # 1 second, see the ISO 8601 standard
thymeleaf:
cache: false
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
security:
basic.enabled: true
user.name : admin
user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
instance:
prefer-ip-address: true
client:
register-with-eureka: true
fetch-registry: true
service-url:
defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/
最后但并非最不重要的一点是,按照在配置服务器端启用加密机制并帮助在服务器端解密相同属性的原则,JHipster registry在bootsrap.yml中使用了下面提到的相同属性,这是由于JHipster registry同时充当云配置服务器和Eureka注册表
encrypt:
key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side, to use the encryption at server side and decryption at client side .
I am able to run the centralized configuration with encryption and deryption,
I stopped using Jasypt library for now.
This is working for me, please let me know if any other suggestions or any downside of this solution, can discuss if anybody tried a different approach.
我已经想出了解决这个问题的办法。我所做的唯一更改是通过传递Jasypt加密库,我尝试使用传统的JHipster注册表应用程序云配置服务器加密/解密策略。对于类似的事情,我必须喜欢使用任何SpringCloudConfig服务器发现以及eureka。因此,当我在boostrap.yml中通过JHipster注册表应用程序中的central config文件夹使用本机文件系统进行集中配置时,我在注册表应用程序端禁用了Spring Cloud config server的encrypt属性,如下所示
spring:
application:
name: gateway
profiles:
active: dev
include: composite
cloud:
config:
fail-fast: false
uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
spring:
application:
name: jhipster-registry
profiles:
active: dev
include: composite
cloud:
config:
server:
#git:
# uri: https://github.com/debjupiter18/central-config-server
#skipSslValidation: true
bootstrap: true
**encrypt.enabled: false**
在我的micro service gateway应用程序中启用了相同的功能,如下所述
jhipster:
registry:
password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
spring:
application:
name: gateway
profiles:
active: dev
include: composite
# The commented value for `active` can be replaced with valid Spring profiles to load.
# Otherwise, it will be filled in by maven when building the JAR file
# Either way, it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
#active: dev
cloud:
config:
server.encrypt.enabled: true
fail-fast: false # if not in "prod" profile, do not force to use Spring Cloud Config
uri: http://admin:${jhipster.registry.password}@localhost:8761/config
#http://admin:password@registry:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
在central config文件夹中的gateway.yml文件中,修改了以下两个加密属性,因为目标是一个原型,以检查是否能够发现Eureka客户端并在这些更改到位的情况下连接到MYSQL Db
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4 #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev #, faker
# Property to disable logging in GAE since we cannot write to GAE file system
mail:
host: localhost
port: 25
username:
password:
messages:
cache-duration: PT1S # 1 second, see the ISO 8601 standard
thymeleaf:
cache: false
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
security:
basic.enabled: true
user.name : admin
user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
instance:
prefer-ip-address: true
client:
register-with-eureka: true
fetch-registry: true
service-url:
defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/
最后但并非最不重要的一点是,按照在配置服务器端启用加密机制并帮助在服务器端解密相同属性的原则,JHipster registry在bootsrap.yml中使用了下面提到的相同属性,这是由于JHipster registry同时充当云配置服务器和Eureka注册表
encrypt:
key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side, to use the encryption at server side and decryption at client side .
I am able to run the centralized configuration with encryption and deryption,
I stopped using Jasypt library for now.
This is working for me, please let me know if any other suggestions or any downside of this solution, can discuss if anybody tried a different approach.
如果我尝试使用JCE而不是Jasypt库,然后使用Jhipster注册表应用程序进行集中配置,那么Jhipster microservice客户端如何访问本机文件系统加密的属性,我并不清楚。micro service app bootstrap.yml文件中的任何简单更改都足以进行配置,如果是,如何配置?如果我尝试使用JCE而不是Jasypt库,然后使用Jhipster registry app进行集中配置,Jhipster microservice客户端如何访问本机文件系统加密的属性,我还不清楚。micro service app bootstrap.yml文件中的任何简单更改都足以进行配置,如果是,如何配置?