当前位置: 文江博客 话题详情

带有弹簧靴的Vault UserPass身份验证

发布于 2025-02-01 09:23:25 字数 1897 浏览 5 评论 0 原文

我需要从我的春季启动微服务连接到金库。为了获取保险库令牌,服务需要通过提供用户名和密码来登录到金库。默认情况下,Spring-Vault集成不支持此行为。

我遇到了这个所以问题尝试,但它会导致 BeanDefinitionStoreException ,因为已经定义了名为 clientauthentication 的bean。

后来我推荐示例,并扩展 AbstractVaultConfiguration 。现在,我的配置层次结构看起来如下:

@Configuration(proxyBeanMethods = false)
public abstract class AbstractVaultConfiguration implements ApplicationContextAware {
  public abstract VaultEndpoint vaultEndpoint();
  public abstract ClientAuthentication clientAuthentication();
  // other methods and bean definitions
}

@Configuration
public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration implements 
ApplicationContextAware {
  // other methods
}

public class VaultCustomConfig extends AbstractVaultConfiguration {
@Override
public VaultEndpoint vaultEndpoint() {
    return VaultEndpoint.create("https://vault-dev.net", 443);
}

@Override
public ClientAuthentication clientAuthentication() {
    //logic to fetch token
}
}

前两个类由Spring-Vault提供。我添加了最后一个,还将条目放入弹簧中。Factories:

org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.test.configuration.VaultCustomConfig

应用程序正在启动,但遇到了403个错误。当我从自动配置中排除 Environment VaultConfiguration 时,获得了未创建许多bean的例外(ex- vaultTemplate )。我可以使用 RESTTEMPLATE 与Vault API联系并获取令牌。面临的挑战是设置在应用程序试图联系Vault之前的令牌(通过Spring-Vault支持)。

而不是覆盖保险库配置,而是尝试设置一个名为 vault.token 的环境变量。

我如何覆盖内置的配置并提供令牌?

原文

I need to connect to Vault from my spring boot microservice. To get the vault token, the service needs to login to vault by providing username and password. Spring-vault integration doesn't support this behaviour by default.

I came across this SO question and tried the approach but it results in BeanDefinitionStoreException, as the bean named clientAuthentication is already defined.

Later I have referred this example and extend AbstractVaultConfiguration. Now my configuration hierarchy looks like the below:

@Configuration(proxyBeanMethods = false)
public abstract class AbstractVaultConfiguration implements ApplicationContextAware {
  public abstract VaultEndpoint vaultEndpoint();
  public abstract ClientAuthentication clientAuthentication();
  // other methods and bean definitions
}

@Configuration
public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration implements 
ApplicationContextAware {
  // other methods
}

public class VaultCustomConfig extends AbstractVaultConfiguration {
@Override
public VaultEndpoint vaultEndpoint() {
    return VaultEndpoint.create("https://vault-dev.net", 443);
}

@Override
public ClientAuthentication clientAuthentication() {
    //logic to fetch token
}
}

First two classes are provided by spring-vault. I have added the last one and also put entry in spring.factories:

org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.test.configuration.VaultCustomConfig

The application is starting but getting 403 error. When I exclude EnvironmentVaultConfiguration from auto configuration, getting exceptions that many beans are not created(ex-vaultTemplate). I am able to contact vault API and fetch the token using RestTemplate. The challenge is setting that token before the app tries to contact vault(through spring-vault support).

Instead of overriding vault configuration, I tried setting an environment variable named vault.token which will be read by spring during start-up, but that is also not working(probably I missed something).

How can I override the built-in configuration and provide the token?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

等风也等你 2025-02-08 09:23:25

在引导程序上下文中初始化了与弹簧保险库相关的豆,这是主要应用程序的父上下文。这就是为什么您需要使用 bootstrap.yml 而不是 application.yml 来定义属性。检查有关更多详细信息。

另外,您需要在 org.springframework.cloud.bootstrap.bootstrapconfiguration 中使用 meta-inf/spring.factories

Spring Vault-related beans are initialized during bootstrap context, which is a parent context for the main application. That's why you need to use bootstrap.yml instead of application.yml to define properties. Check Spring Cloud Context: Application Context Services for more details.

Also you need to use org.springframework.cloud.bootstrap.BootstrapConfiguration in META-INF/spring.factories.

回复 原文
你的他你的她 2025-02-08 09:23:25

Spring读取此属性 spring.cloud.vault.token 的Vault令牌。我创建了一个自定义 propertysoursoursiorcelocator ,并添加了令牌:

public class VaultCustomPropertySourceLocator implements PropertySourceLocator {

@Override
public PropertySource<?> locate(Environment environment) {
    Properties props = new Properties();
    props.setProperty("spring.cloud.vault.token", getVaultAuthToken());
    PropertiesPropertySource ps = new PropertiesPropertySource("customPropsSource",props);
    return ps;
}

private String getVaultAuthToken() {
    // logic to fetch vault token
}
}

Spring reads vault token from this property spring.cloud.vault.token. I have created a custom PropertySourceLocator and added the token:

public class VaultCustomPropertySourceLocator implements PropertySourceLocator {

@Override
public PropertySource<?> locate(Environment environment) {
    Properties props = new Properties();
    props.setProperty("spring.cloud.vault.token", getVaultAuthToken());
    PropertiesPropertySource ps = new PropertiesPropertySource("customPropsSource",props);
    return ps;
}

private String getVaultAuthToken() {
    // logic to fetch vault token
}
}
回复 原文
~没有更多了~

关于作者

一笑百媚生

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Mr.HU

文章 0 评论 0

疯到世界奔溃

文章 0 评论 0

隔纱相望

文章 0 评论 0

萌无敌

文章 0 评论 0

梦幻的味道

文章 0 评论 0

自在安然

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文