官方依赖版本:
nacos-server :1.2.1
nacos-config-spring-boot.version :0.2.7
nacos server支持启用鉴权
### If turn on auth system:
nacos.core.auth.enabled=true
nacos.config.context-path=/nacos
nacos server端使用了spring security进行权限,在新版的spring security中,对url进行了规则强校验,不允许类似“http://127.0.0.1//xxx”这种"//“出现,导致出现获取配置出现500的错误。(如果设置nacos.config.context-path=nacos 又会导致登陆失败,拿不到accessToken)
private String getUrl(String serverAddr, String relativePath,boolean isSSL) {
String cOntextPath= serverListMgr.getContentPath().startsWith("/") ?
serverListMgr.getContentPath() : "/" + serverListMgr.getContentPath();
String url= StringUtils.removeEnd(serverAddr,"/")+"/"+StringUtils.removeStart(contextPath,"/")+ relativePath;
if (isSSL &&url.startsWith(httpPre)){
return httpsPre+StringUtils.removeStart(url,httpPre);
}else{
return url;
}
}
if (HttpClient.ENABLE_HTTPS){
url = "https://" + server + contextPath + LOGIN_URL;
}else {
url = "http://" + server + contextPath + LOGIN_URL;
}
if (server.contains(Constants.HTTP_PREFIX)||server.contains(Constants.HTTPS_PREFIX)) {
url = server + contextPath + LOGIN_URL;
}
static {
try {
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier
(
(urlHostName, session) -> true
);
} catch (Exception e) {
}
}
private static void trustAllHttpsCertificates()
throws NoSuchAlgorithmException, KeyManagementException {
TrustManager[] trustAllCerts = new TrustManager[1];
trustAllCerts[0] = new TrustAllManager();
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(
sc.getSocketFactory());
}
private static class TrustAllManager
implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
}
}
com.alibaba.nacos.client.naming.tls.enable