background

In traditional JavaWeb projects, configuration and business code are packaged together and deployed to the server. This is a security risk: if the server is compromised, all files on the server may be leaked. Therefore, sensitive configurations and service projects need to be separated.

The solution

The plaintext is stored in the storage platform (such as DB, MQ, and enterprise built-in configuration center), and the service code references the ciphertext. The plaintext is obtained from ciphertext at server startup

Compare the advantages and disadvantages

Mature configuration centers (such as SpringCloud Config, Apollo, nacOS) support many functions, which also determines its high access cost and requires the access party to build and maintain a set of server.

The config-data-spring-cloud-starter is only a tool. Through the SPI mechanism, the access party can flexibly access any storage platform (DB, MQ, and enterprise internal configuration center).

The overall design

To simplify the implementation complexity, a config-Security-SpringCloud-starter gitee repository is encapsulated based on the Spring Cloud Context

config-security-springcloud-starter
- ConfigSecurityPropertyPlaceholderConfigurer: read the ciphertext
- ConfigSecurityPropertyPlaceholderConfigurer: will clear in the spring container
The business project
- Config-security. properties: specifies the ciphertext configuration file
- ConfigSecurityClientImpl: configuration provide call center implementation class, converting the ciphertext to clear
Remote configuration center
- Remote Config Server: Saves plaintext

Access to the process

See the config-security-sample module

1. Prepare

Plaintext encryption generates ciphertext

Add the ciphertext to the configuration center

2. Define the configuration file

The configuration file name is config-security.properties

3. Implement configuration decryption logic by SPI

Add META-INF.Services to resources folder

Add files com. Frame. Cloud. Security. Client. ConfigSecurityClient

Add the implementation class full path

The last

Do you have any questions or suggestions to post or issue

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Springboot configures encryption

background

The solution

Compare the advantages and disadvantages

The overall design

Access to the process

1. Prepare

Plaintext encryption generates ciphertext

Add the ciphertext to the configuration center

2. Define the configuration file

3. Implement configuration decryption logic by SPI

Add META-INF.Services to resources folder

Add files com. Frame. Cloud. Security. Client. ConfigSecurityClient

Add the implementation class full path

The last

Springboot configures encryption

background

The solution

Compare the advantages and disadvantages

The overall design

Access to the process

1. Prepare

Plaintext encryption generates ciphertext

Add the ciphertext to the configuration center

2. Define the configuration file

3. Implement configuration decryption logic by SPI

Add META-INF.Services to resources folder

Add files com. Frame. Cloud. Security. Client. ConfigSecurityClient

Add the implementation class full path

The last

Related Posts

Create an Ubuntu application from scratch — a small RSS reader (1)

MyBatis cache | MyBatis series (10)

If a student Stacks up