我正在尝试在Spring Cloud配置服务器中禁用加密和解密端点。 我的Bootstrap.yml文件是
"dependencies": {
"pg": "^7.5.0",
"pg-hstore": "^2.3.2",
"sequelize": "^4.39.0",
"sequelize-cli": "^5.2.0"
}
我尝试了使用不同版本的Spring Cloud和Spring Boot这个属性文件 尝试了Spring Boot版本1.5.8.RELEASE和springCloudVersion ='Dalston.SR4'
也尝试过
springBootVersion ='2.0.5.RELEASE' 和 springCloudVersion ='Finchley.SR1'
但我的加密和解密端点仍在工作。
答案 0 :(得分:3)
使用Spring Security阻止此URI,并且此配置端点URL不可公开使用。
package com.debopam.configserver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author Debopam
*
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("configUser").password("configPassword").roles("SYSTEM")
.and()
.withUser("admin").password("admin").roles("SUPERUSER","ADMIN")
.and()
.withUser("actuator").password("actuator").roles("ACTUATOR");;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/encrypt**").hasAnyRole("SUPERUSER","ADMIN")
.antMatchers("/decrypt**").hasAnyRole("SUPERUSER","ADMIN")
.anyRequest().hasRole("SYSTEM").and().httpBasic().and().csrf().disable();
}
}