spring-cloud-config-server中的加密

Question

我正在尝试使用application.yml中的加密属性运行spring-cloud-config-server。

---

server:
  port: 8888  

spring:
  cloud:
    config:
      server:
        git:
          uri: file:/Users/gadams/git/cs-config

encrypt:
  key-store:
    location: classpath:/config-server.jks
    password: password
    alias: alias
    secret: secret

security:
  user:
    password: '{cipher}encryptedPassword'

我在启动时遇到以下错误：

java.lang.IllegalStateException: Cannot decrypt: key=security.user.password
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:201) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:165) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:95) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:333) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:635) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
    at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:349) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:313) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1186) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1175) [spring-boot-1.4.2.RELEASE.jar:1.4.2.RELEASE]
    at com.collegescheduler.ConfigServerApplication.main(ConfigServerApplication.java:12) [bin/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
    at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:152) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:193) ~[spring-cloud-context-1.1.6.RELEASE.jar:1.1.6.RELEASE]
    ... 9 common frames omitted

我正在使用org.springframework.cloud:spring-cloud-dependencies:Camden.SR3。如何在配置服务器中加密spring-security用户密码？

Answer 1

来自日志的密钥库配置有问题。

首先使用keytool验证密钥存储区的密码/密码/别名。

Answer 2

您是否尊重prerequisites？

  

先决条件：使用您需要的加密和解密功能   安装在JVM中的全功能JCE（它不在那里   默认）。您可以下载＆＃34; Java密码术扩展（JCE）   无限强度管辖政策文件＆＃34;来自Oracle，并关注   安装说明（基本上替换2个策略文件   在JRE lib / security目录中包含您下载的目录。

您还应该拥有pom.xml：

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-rsa</artifactId>
</dependency>