Closed a561066192 closed 5 years ago
of course,Once security is added, all requests must carry user and password.You can remove security.It seems wrong to see the information you've written.
@bingbingll when I seperate config-server and config-client.I can use security,and the result is when I request config-server's endpoint such as /encrypt I need to input username and password,but when I request config-client's endpoint,I don't need to input anyting because I had configured username and password in config-client's bootstrap.properties.So what I want to know is how to implement the result as I mentioned before when I use embedded config-server.
I am a little confused .Why would Config Client's endpoint be protected ? Can you submit a project which reproduces the issue you are talking about.
@indraneelb1903 If is't not protected,everyone can get properties,and use /decrypt endpoint to decrypt the value.It's not safe。
Can u post a minimal verifiable sample which reproduces the issue you are talking about.
@a561066192 look me sample
@bingbingll I suppose you are a chinese?how can i contact with you and so i can communicate with you in chinese to show this issue.
@bingbingll here is a sample . https://github.com/a561066192/embedded-config-server.git
@indraneelb1903 here is a sample . https://github.com/a561066192/embedded-config-server.git
Thanks , I will try to take a look today.
Is this still an issue after looking at the sample?
If you use spring.cloud.config.server.bootstrap=true (which is missing in your bootstrap.yml example) in your config, you do not need Security, because with spring.cloud.config.server.bootstrap=true an embedded config server with no endpoint will start. And attention, don't use @EnableConfigServer in your code, this will switch on the Config Server endpoints.
And Security can switched off by removing the dependency spring-boot-starter-security. So remove maven/gradle dependency spring-boot-starter-security . After that you can also remove obsolete username/password properties.
But if I do not use @EnableConfigServer, how can I refresh my config when the application is running?
发送自 Windows 10 版邮件应用
发件人: moerker 发送时间: 2018年9月26日 22:30 收件人: spring-cloud/spring-cloud-config 抄送: a561066192; Mention 主题: Re: [spring-cloud/spring-cloud-config] how to user embeddedconfig-server with secrrity (#1078)
If you use spring.cloud.config.server.bootstrap=true (which is missing in your bootstrap.yml example) in your config, you do not need Security, because with spring.cloud.config.server.bootstrap=true an embedded config server with no endpoint will start. And attention, don't use @EnableConfigServer in your code, this will switch on the Config Server endpoints. And Security can switched off by removing the dependency spring-boot-starter-security. So remove maven/gradle dependency spring-boot-starter-security . After that you can also remove obsolete username/password properties. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
To update the config, you can restart the application with embedded ConfigServer or use Spring Boot Actuator (Dependency springframework.boot:spring-boot-starter-actuator) and needed to be enabled via management.endpoints.web.exposure.include=refresh in the local application.properties. If properties have now been changed, with a simple curl localhost:8080/actuator/refresh -d {} -H "Content-Type: application/json" the application can be triggerd to reload the config.
I will try it and thank you very very much!
On 09/27/2018 15:57, moerker wrote:
To update the config, you can restart the application with embedded ConfigServer or use Spring Boot Actuator (Dependency springframework.boot:spring-boot-starter-actuator) and needed to be enabled via management.endpoints.web.exposure.include=refresh in the local application.properties. If properties have now been changed, with a simple curl localhost:8080/actuator/refresh -d {} -H "Content-Type: application/json" the application can be triggerd to reload the config.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
Closing this due to inactivity. Please re-open if there's more to discuss.
Dear spring-cloud team: I use embedded config-serve in my config-client,everything works as expected but security。I add spring-boot-starter-security in my pom.xml. And I configure security.user.name, security.user.password and coressponding spring.cloud.config.username , spring.cloud.config.password, but when I start up my project,any endpoint need me to input username and password。I don't know where I had a mistake, so please help my,thank you~。 the following is my bootstrap.properties:
the following is my bootstrap.yml: