如果配置包含加密条目,则嵌入式自配置Spring-Cloud-Config服务器启动失败
[英]Embedded self-configuring Spring-Cloud-Config server startup fails if configuration contains encrypted entries
问题描述
I'm currently playing around with Spring-Cloud-Config and stumbled over a problem trying to run an embedded config server configuring itself from its repository. 
我目前正在使用Spring-Cloud-Config,偶然发现了一个问题,该问题试图从其存储库中运行配置自身的嵌入式配置服务器。 Everything works fine until I add an encrypted value to the server's configuration file. 一切正常,直到我将加密值添加到服务器的配置文件中为止。 As soon as I do that, server startup fails with this exception: 一旦这样做,服务器启动就会失败,并出现以下异常:
java.lang.IllegalStateException: Cannot decrypt: key=config-server.test.prop
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:201) ~[spring-cloud-context-1.1.5.RELEASE.jar:1.1.5.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:165) ~[spring-cloud-context-1.1.5.RELEASE.jar:1.1.5.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:95) ~[spring-cloud-context-1.1.5.RELEASE.jar:1.1.5.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:635) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:349) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:313) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1186) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1175) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
at test.configserver.Application.main(Application.java:13) [classes/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:152) ~[spring-cloud-context-1.1.5.RELEASE.jar:1.1.5.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:193) ~[spring-cloud-context-1.1.5.RELEASE.jar:1.1.5.RELEASE]
... 8 common frames omitted
The keystore config should be correct, since the encrypted value was created using the /encrypt endpoint of the server. 密钥库配置应该正确,因为加密值是使用服务器的/encrypt端点创建的。
Also, when I start the embedded server without an encrypted value in its configuration and then change the configuration adding an encrypted value, the server detects the config changes and calls to /<name>/<profile> show the correctly decrypted values. 另外,当我启动嵌入式服务器时在其配置中没有加密值,然后更改配置并添加一个加密值时,服务器将检测到配置更改,并调用/<name>/<profile>显示正确的解密值。
My test application looks like this: 我的测试应用程序如下所示:
Application.java 应用程序
@SpringBootApplication
@EnableConfigServer
public class Application {
public static void main(final String[] args) {
SpringApplication.run(Application.class, args);
}
}
bootstrap.yml bootstrap.yml
server:
port: 8888
spring:
application:
name: config-server
cloud:
config:
server:
bootstrap: true
git:
uri: file:///config_server/repo
application.yml application.yml
encrypt:
keyStore:
location: classpath:/configserver.jks
alias: configserver
( encrypt.keyStore.password is set via -D option) ( encrypt.keyStore.password通过-D选项设置)
Sample config that works 有效的示例配置
config-server:
test:
prop: testvalue
Sample config that makes the server fail 使服务器发生故障的示例配置
config-server:
test:
prop: '{cipher}AQBsAuCDKbDgmFMkxcNPbbDMiLq4SZbBgrHX73KSBJAgisTC2O3iTxXyHhY1MWxXhuzYX4EMy2v9enV3iY3IQz4O2GprO/GjQSggW+jHE1TV7MOcvH01nvg6SUKDkAmWHQqWiqQI0G9NPp2KzOHNcMeKm+q8wbvwFSBhA4A8y8F+++mgC8XK1Kc942jepppI17dCSV25/+iUrDDVdBv6rAqu2D9eyuTZmLl6Q2/SLOGBc+Il8B8L3ylyDHrBdQD92C0aAdh6HcY5Jze1wQSNSxTIzT3nKi22DTF69ilwq9SPz5re4Hm+Y1S+be10wHh34L+fdexrdcpFz9ApqsSKDv2TzXiTCNJIKo3xsOWb6QVIL1DjyKexPri/FZWtBu4EX0dWY2OxiMDmkFf+xVIkE4kw'
I'm using Spring-Framework 4.3.4, Spring-Boot 1.4.2 and Spring-Cloud Camden.SR2 on Java 8. 我在Java 8上使用Spring-Framework 4.3.4,Spring-Boot 1.4.2和Spring-Cloud Camden.SR2。
Edit 编辑
For setting up a sample project to reproduce the problem, just use the above code snippets of Application.java , bootstrap.yml and application.yml . 要设置一个示例项目来重现该问题,只需使用上面的Application.java , bootstrap.yml和application.yml代码段。
Here is the pom.xml for the project: 这是项目的pom.xml :
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>config-server</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>config-server</name>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
<compiler-plugin.version>3.5.1</compiler-plugin.version>
<spring-framework.version>4.3.4.RELEASE</spring-framework.version>
<spring-boot.version>1.4.2.RELEASE</spring-boot.version>
<spring-cloud.version>Camden.SR2</spring-cloud.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${compiler-plugin.version}</version>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
</plugins>
</build>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring-framework.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
</dependencies>
</project>
For the git repo just create a folder, call git init inside it and add a file named config-server.yml with the described sample config that works as content. 对于git repo,只需创建一个文件夹,在其中调用git init ,然后添加一个名为config-server.yml的文件,其中包含作为内容的上述示例配置。
The keystore can be generated with keytool as described in the Spring-Cloud-Config docs (for my test I didn't set a -secret ). 可以使用如Spring-Cloud-Config文档中所述的keytool生成密钥库(对于我的测试,我没有设置-secret )。
You should then be able to start the project from your IDE and access the config server on localhost:8888 . 然后,您应该能够从IDE启动项目并访问localhost:8888上的配置服务器。
Steps to reproduce the problem 重现问题的步骤
Start the config server
启动配置服务器 curl localhost:8888/config-server/default- should output the configuration that was added to the git repocurl localhost:8888/config-server/default应该输出添加到git repo的配置Encrypt a value:
curl localhost:8888/encrypt -d test加密值: curl localhost:8888/encrypt -d testAdd the encrypted value to config-server.yml (prefixed with
{cipher}and enclosed in single quotes)将加密的值添加到config-server.yml(前缀为{cipher}并用单引号引起来)curl localhost:8888/config-server/default- should output the decrypted valuecurl localhost:8888/config-server/default应该输出解密后的值Restart the config server - fails with error
重新启动配置服务器-失败并显示错误
1 个解决方案
解决方案1
1 已采纳 2016-12-05 21:12:37
将密钥库加密配置放入bootstrap.yml中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.