问题
I am working on Spring Cloud Config for a while. I have a requirement for securing the config data. As per Spring Cloud Documentation have configured the server.jks and added to classpath. Now i am able to encrypt and decrypt remote config data.
For making the config server secure i have added spring security starter and assigned credentials (password decryted). For some reason the application is throwing excpetions that it does not have key store on the classpath. After googling it for a while i found that the keystore should go to bootstrap.yml instead of application.yml. This is also not working please point me what i am missing here.
Please find the yml files in git SpringConfigData
Exception
java.lang.IllegalStateException: Cannot decrypt: key=security.user.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:195) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:164) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:94) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:333) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1191) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1180) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at com.test.TestConfigServerApplication.main(TestConfigServerApplication.java:12) [classes/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:151) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:187) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
... 9 common frames omitted
回答1:
Instead of bootstrap.yml passed using environment variables.
-Dencrypt.keyStore.location=classpath:/server.jks -Dencrypt.keyStore.password=springcloudconfigserver -Dencrypt.keyStore.alias=springcloudconfigserver -Dencrypt.keyStore.secret=springcloudconfigserver
Config Server is not able to locate the properties in bootstrap.yml for asymmetric security. symmetric works just fine
回答2:
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-rsa -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-rsa</artifactId>
<version>1.0.8.RELEASE</version>
</dependency>
I was facing the same problem from the config client side. To resolve this, I added this dependency in the pom.xml and in bootstarp.properties/bootstrap.yml file, I added encrypt.key property as I was using symmetric encryption.
hope it helps.
来源:https://stackoverflow.com/questions/35938714/spring-cloud-config-not-decrypting-the-config-server-password