登录认证自定义公私钥设置指南
1、产生公私钥
方式一
import cn.hutool.core.codec.Base64;
import cn.hutool.crypto.SecureUtil;
KeyPair pair = SecureUtil.generateKeyPair("RSA");
System.out.println(Base64.encode(pair.getPrivate().getEncoded()));;
System.out.println(Base64.encode(pair.getPublic().getEncoded()));;# 私钥
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANDxDQ+vuxeC4zNKn9WiG6ITSfoS3XRnc3A4XVaBrQJv5YbDqOD92fwO9VFGuI/WeaNJpT2TzZNDT0aic2KxbIbxhjvCQDEfl4yOXLBsQDl0KvzWD4PeFJv7qE9Psqvru2Tj/BavNRv/dKI+cbCIc0UJmCKe+zNhKN9zQ6MvKSQ7AgMBAAECgYBIKYCb0tMYly11+QeD5pWJoATUODDA87vEXcsqxeWlalUI+sl4T2Q6cEYcuIKktuvSz+wgfMwq2LvoBtI4G1QCFUW7m2+qbfBZKqB/Z/hb46Ouii226qtrUxPFp3N8q5DyO+Ng5hbw9oL3t+gqcy2SR5mYCR4c3KSUMyLAH0aIDQJBAPCzdBgxUS/dr7kaQUk0AlMaiirrLj+rjwukNT3FJm5rrIhEfI0JvA8vdR19F9LaXZxPA22YjlpCuJ0X12PmmGUCQQDeONPJcNP2o5jtVNL3am4+XjtIwe9WKyOEsspZCIMEgwfuzf4zVw9H1wkHMTQkICsfOWqIgA6U9JXTllcxBvAfAkEA4DA09IeSt8OCdSSoJDeF5sN0Z28vX2w6SryCPmtPVU+CnlUzsOWdPIOWUIX/14s932WUqtKJ3DYC34aiPlE8JQJAIkte092nuI5y0V2f2TMBpHpiZ84WI5QwvQ/ijm7z2URnewErU70BzLJw4D1FsLWOMhloSXyJw48jeC3hct2BPQJBAJQxoQWD4VtsG1aKsfCDxWgxUZ3cyWFLOngbSzD7pAkl2fW6ZmN3q6SZHBElhlbnTZSREgN3qROIjQf9/+tAO0Y=
# 公钥
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ8Q0Pr7sXguMzSp/VohuiE0n6Et10Z3NwOF1Wga0Cb+WGw6jg/dn8DvVRRriP1nmjSaU9k82TQ09GonNisWyG8YY7wkAxH5eMjlywbEA5dCr81g+D3hSb+6hPT7Kr67tk4/wWrzUb/3SiPnGwiHNFCZginvszYSjfc0OjLykkOwIDAQAB方式二
2、调整ConfigMap(配置字典)
本次涉及pai-env-base及pai-env-front两个配置字典,通过Kuboard工具,在pai-cloud命名空间,配置中心-配置字典,编辑对应字典即可
pai-env-base
增加pai.rsa.privateKey和pai.rsa.publicKey两个属性,值为上一步产生的公私钥值
pai.rsa.privateKey: MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANDxDQ+vuxeC4zNKn9WiG6ITSfoS3XRnc3A4XVaBrQJv5YbDqOD92fwO9VFGuI/WeaNJpT2TzZNDT0aic2KxbIbxhjvCQDEfl4yOXLBsQDl0KvzWD4PeFJv7qE9Psqvru2Tj/BavNRv/dKI+cbCIc0UJmCKe+zNhKN9zQ6MvKSQ7AgMBAAECgYBIKYCb0tMYly11+QeD5pWJoATUODDA87vEXcsqxeWlalUI+sl4T2Q6cEYcuIKktuvSz+wgfMwq2LvoBtI4G1QCFUW7m2+qbfBZKqB/Z/hb46Ouii226qtrUxPFp3N8q5DyO+Ng5hbw9oL3t+gqcy2SR5mYCR4c3KSUMyLAH0aIDQJBAPCzdBgxUS/dr7kaQUk0AlMaiirrLj+rjwukNT3FJm5rrIhEfI0JvA8vdR19F9LaXZxPA22YjlpCuJ0X12PmmGUCQQDeONPJcNP2o5jtVNL3am4+XjtIwe9WKyOEsspZCIMEgwfuzf4zVw9H1wkHMTQkICsfOWqIgA6U9JXTllcxBvAfAkEA4DA09IeSt8OCdSSoJDeF5sN0Z28vX2w6SryCPmtPVU+CnlUzsOWdPIOWUIX/14s932WUqtKJ3DYC34aiPlE8JQJAIkte092nuI5y0V2f2TMBpHpiZ84WI5QwvQ/ijm7z2URnewErU70BzLJw4D1FsLWOMhloSXyJw48jeC3hct2BPQJBAJQxoQWD4VtsG1aKsfCDxWgxUZ3cyWFLOngbSzD7pAkl2fW6ZmN3q6SZHBElhlbnTZSREgN3qROIjQf9/+tAO0Y=
pai.rsa.publicKey: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ8Q0Pr7sXguMzSp/VohuiE0n6Et10Z3NwOF1Wga0Cb+WGw6jg/dn8DvVRRriP1nmjSaU9k82TQ09GonNisWyG8YY7wkAxH5eMjlywbEA5dCr81g+D3hSb+6hPT7Kr67tk4/wWrzUb/3SiPnGwiHNFCZginvszYSjfc0OjLykkOwIDAQAB
pai-env-front
增加PAI_JS属性,内容中的enc属性为第一步产生的公钥的值。其余内容查看请求/auth/pai.js的内容,维持原样即可
PAI_JS: window.pai = {
console: {
clientId: 'console',
clientSecret: '123456',
},
workbench: {
clientId: 'workbench',
clientSecret: '123456',
},
developer: {
clientId: 'developer',
clientSecret: '123456',
},
operate: {
clientId: 'operate',
clientSecret: '123456',
},
enc: 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ8Q0Pr7sXguMzSp/VohuiE0n6Et10Z3NwOF1Wga0Cb+WGw6jg/dn8DvVRRriP1nmjSaU9k82TQ09GonNisWyG8YY7wkAxH5eMjlywbEA5dCr81g+D3hSb+6hPT7Kr67tk4/wWrzUb/3SiPnGwiHNFCZginvszYSjfc0OjLykkOwIDAQAB'
}
编辑服务工作负载
本次涉及pai-auth及pai-auth-ui(2.0版本之后pai-lingyun-ui)两个服务,通过Kuboard工具,在pai-cloud命名空间,概要-找到对应的工作负载-查看-编辑。
pai-auth
1、切换到容器信息页签,找到环境变量配置
2、增加环境变量rsa.publicKey及rsa.privateKey 类型选择ConfigMap,选择pai-env-base 对应的pai.rsa.publicKey及pai.rsa.privateKey
3、保存
pai-auth-ui或pai-lingyun-ui
1、切换到存储挂载页签
2、添加数据卷,数据卷名称:paijs,类型:配置字典,ConfigMap:pai-env-front
3、添加挂载,容器内路径:/usr/share/nginx/html/auth/pai.js,subPath:PAI_JS
4、保存
等待服务重新启动验证即可
文档更新时间: 2023-08-11 12:19 作者:管理员
