我爱编程

spring cloud 总结

2018-04-11  本文已影响0人  dotff

一. config 加密

先下载JCE,替换

keytool -genkeypair -alias {我的key} -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=CN" -keypass {我的secret} -keystore my_keystore.jks -storepass {我的password}

把生成的my_keystore.jks 拷的resources下
修改bootstrap.yml

encrypt:
    key-store:    # 非对称加密
        location: classpath:/my_keystore.jks
        password: 我的password
        alias: 我的key
        secret: 我的secret
    key: 自定义key    # 对称加密

password: '{cipher}密码' # 在yml中用括起来, properties中不用

二. config 动态刷新

在需要刷新的和config-server中都加入spring-cloud-starter-bus-amqp依赖,刷新的地方加上@RefreshScope注解

spring:
    rabbitmq:
            host: 39.107.123.121
            port: 5672
            username: guest
            password: '{cipher}密码'
anagement:
    security:
        enabled: false
encrypt:
    key: fengf

/bus/refresh?destination=** 刷新

三.Edgware升级到Finchley

①spring boot 1.5.x --> 2.0.x
②eureka:spring-cloud-starter-eureka --> spring-cloud-starter-netflix-eureka-client
spring-cloud-starter-eureka-server --> spring-cloud-starter-netflix-eureka-server
③ zuul spring-cloud-starter-zuul --> spring-cloud-starter-netflix-zuul
④hystrix spring-cloud-starter-hystrix --> spring-cloud-starter-netflix-hystrix
⑤调用 spring-cloud-starter-feign --> spring-cloud-starter-openfeign
spring-cloud-starter-ribbon --> 不需要再加了,已经包含在eureka 里了
⑥config刷新
server和client配置 取消安全验证: management.security.enable=false --> management.endpoints.web.exposure.include=bus-refresh
添加 spring-boot-starter-actuator 和 spring-cloud-starter-bus-amqp 依赖
客户端要加上 @RefreshScope注解 !!
调用 : /bus/refresh ---> /actuator/bus-refresh

四. oauth2

断断续续折腾了有四五个月个,20180718今天终于能获取token了, 心态都崩了好几次。总结如下
①post /oauth/token 返回 401 unauthorized
可能为security和oauth2的Resource互相覆盖,在ResourceConfig中设置放过/oauth/token
也尝试了在配置文件中添加security.oauth2.resource.filter-order=3但这个已经过时而且注释掉无影响
②加密密码
可以配置不加密密码

@Bean
    public static NoOpPasswordEncoder passwordEncoder() {
        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
    }

或者按照spring5中新的格式 {PasswordEncoder的id}原始密码

@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("client").secret("{noop}mysecret")
                .authorizedGrantTypes("password", "refresh_token").scopes("all");
    }

但实测后在.secret("")里只要写加密后的字符串就行了
③请求参数


image.png

或者

post localhost:8888/auth/oauth/token?grant_type=password
header: {
    Authorization: Basic d2ViOndlYkFwcA==    clientId和clientSecret编码后
    Content-Type: application/x-www-form-urlencoded
}
body:{
    username: f
    password: ff
}

鉴权check_token

post localhost:8888/auth/oauth/check_token
header 相同 
body:{
        token: "token"
}

刷新token

post localhost:8888/auth/oauth/token?grant_type=refresh_token&refresh_token="refresh_token"
header:{
    Authorization:  Basic d2ViOndlYkFwcA==
}
无body

五. zuul放过header

zuul 会默认过滤掉请求header,比如 Authorization, 在配置文件中设置

zuul:
    host:
        connect-timeout-millis: 990000
        socket-timeout-millis: 990000
    sensitive-headers:           
    add-host-header: true

六. gateway的坑

  1. gateway是基于webflux实现,所以不要引用spring-boot-starter-web这种基于springmvc的
  2. gateway与hystrix
spring:
    cloud:
        gateway:
            discovery:
                locator:
                    enabled: true
            default-filters:
            routes:
                -   id: user
                    uri: lb://user
                    predicates:
                        - Path=/user/**
                    filters:
                        - RewritePath=/user/(?<path>.*), /$\{path}
                        - name: Hystrix
                          args:
                              name: userHystrixCommand
                              fallbackUri: forward:/hystrixTimeout
@RequestMapping("/hystrixTimeout")
public String hystrixTimeout() {
    return "gateway触发了断路由";
}

@HystrixCommand(commandKey = "userHystrixCommand",commandProperties = {
        @HystrixProperty(name = "execution.isolation.thread.timeoutInMilliseconds", value = "30000")}
)
public Map userHystrixCommand() {
    Map<String, String> map = new HashMap<>();
    map.put("message", "gateway触发了userHystrixCommand");
    return map;
}
上一篇 下一篇

猜你喜欢

热点阅读