使用 Spring Boot 在 Cloud Foundry 上加密属性
Encrypted properties on Cloud foundry with Sping Boot
我有一个 Spring 启动应用程序,它的 属性 文件中有一些加密值
例如spring.security.user.password=ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
我正在使用 jasypt 即时解密这些。这在本地工作正常运行。
然而,当我在 Cloud Foundry 上部署应用程序时,我的 属性 文件现在从 vcap 环境变量中提取值。
例如
spring.security.user.password=${vcap.services.myconfig.credentials.user.password}
在 PCF 中,值添加为
user.password = ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
但是现在我的应用程序无法启动并且我收到一条错误消息
ERROR 22 --- [ main] o.s.b.web.embedded.tomcat.TomcatStarter : Error
starting Tomcat context. Exception:
org.springframework.beans.factory.UnsatisfiedDependencyException.
Message: Error creating bean with name
'securityFilterChainRegistration' defined in class path resource
[org/springframework/boot/autoconfigure/security/servlet/SecurityFilterAutoConfiguration.class]:
Unsatisfied dependency expressed through method
'securityFilterChainRegistration' parameter 0; nested exception is
org.springframework.boot.context.properties.ConfigurationPropertiesBindException:
Error creating bean with name
'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties':
Could not bind properties to 'SecurityProperties' :
prefix=spring.security, ignoreInvalidFields=false,
ignoreUnknownFields=true; nested exception is
org.springframework.boot.context.properties.bind.BindException: Failed
to bind properties under 'spring.security.user.password' to
java.lang.String
有什么原因让我遗漏了为什么这在本地有效但在 Cloud Foundry 上无效?
更新
cf env returns ...
System-Provided:
{
"VCAP_SERVICES": {
"user-provided": [
{
"binding_name": null,
"credentials": {
"JAVA_OPTS": "-Dspring.security.user.password=ENC\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\)",
"user.password": "ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)"
},
"instance_name": "myconfig",
"label": "user-provided",
"name": "myconfig",
"syslog_drain_url": "",
"tags": [],
"volume_mounts": []
}
]
}
}
这播下了可用的 JAVA_OPTS 版本以及无法解析的 user.password 属性
试试这个:
JAVA_OPTS=-Dspring.security.user.password=ENC\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\)
我有一个 Spring 启动应用程序,它的 属性 文件中有一些加密值
例如spring.security.user.password=ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
我正在使用 jasypt 即时解密这些。这在本地工作正常运行。
然而,当我在 Cloud Foundry 上部署应用程序时,我的 属性 文件现在从 vcap 环境变量中提取值。
例如
spring.security.user.password=${vcap.services.myconfig.credentials.user.password}
在 PCF 中,值添加为
user.password = ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
但是现在我的应用程序无法启动并且我收到一条错误消息
ERROR 22 --- [ main] o.s.b.web.embedded.tomcat.TomcatStarter : Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/servlet/SecurityFilterAutoConfiguration.class]: Unsatisfied dependency expressed through method 'securityFilterChainRegistration' parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String
有什么原因让我遗漏了为什么这在本地有效但在 Cloud Foundry 上无效?
更新
cf env returns ...
System-Provided:
{
"VCAP_SERVICES": {
"user-provided": [
{
"binding_name": null,
"credentials": {
"JAVA_OPTS": "-Dspring.security.user.password=ENC\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\)",
"user.password": "ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)"
},
"instance_name": "myconfig",
"label": "user-provided",
"name": "myconfig",
"syslog_drain_url": "",
"tags": [],
"volume_mounts": []
}
]
}
}
这播下了可用的 JAVA_OPTS 版本以及无法解析的 user.password 属性
试试这个:
JAVA_OPTS=-Dspring.security.user.password=ENC\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\)