18年4月，目前SpringCloud版本為Finchley.M9
1.從表面上看對(duì)Eureka，F(xiàn)eign，hystrix等項(xiàng)目名稱做了修改，
Edgware.RELEASE
spring-cloud-starter-eureka-server
spring-cloud-starter-eureka
spring-cloud-starter-hystrix
spring-cloud-starter-hystrix-dashboard
spring-cloud-starter-feign

Finchley.M9
spring-cloud-starter-netflix-eureka-server
spring-cloud-starter-netflix-eureka-client
spring-cloud-starter-netflix-hystrix
spring-cloud-starter-netflix-hystrix-dashboard
spring-cloud-starter-openfeign

2.加入了一些新組件，拋棄了一些舊組件
加入Gateway:

加入Reactive Web

Statemachine 狀態(tài)機(jī)

https://blog.csdn.net/soberchina/article/details/72953994

3.使用Endpoint注解，actuator以及bus的調(diào)用方式做了修改，以bus為例，源碼有以下改動(dòng)
Edgware.RELEASE

Finchley.M9

This allows us to offer support on Servlet-based apps (Spring MVC and Jersey) as well as reactive apps

@Endpoint注解，id即接口訪問路徑。

@ReadOperation可以用GET方式請(qǐng)求 @WriteOperation可以用POST方式請(qǐng)求

SpringCloud默認(rèn)的安全配置不會(huì)啟動(dòng)Endpoint，需要添加一下配置才會(huì)啟動(dòng)

properties:

management.endpoints.web.exposure.include=*

yml:

management:

endpoints:

web:

exposure:

include: '*'

參考：https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-Security-2.0

SpringBoot2.0對(duì)用戶定義的endpoint和執(zhí)行器的endpoint不提供分離的自動(dòng)配置，當(dāng)使用了Spring Security，自動(dòng)配置默認(rèn)保護(hù)所有的endpoints。加入了@EnableWebSecurity注解和基于Spring Security的內(nèi)容協(xié)商策略的信任，來決定用httpBasic還是formLogin。加入了一個(gè)有默認(rèn)用戶名和密碼的用戶，它可以用來登錄。

4.配置參數(shù)修改

4.1 management.security.enabled=false配置過時(shí)，

4.2 SpringCloud提供了默認(rèn)的安全配置，如果使用自定義安全控制，默認(rèn)配置會(huì)失效

自定義Endpoint安全控制

<dependency>

<groupId>org.springframework.boot</groupId>

<artifactId>spring-boot-starter-security</artifactId>

</dependency>

4.3 繼承WebSecurityConfigurerAdapter

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;

import org.springframework.boot.autoconfigure.security.servlet.PathRequest;

import org.springframework.context.annotation.Configuration;

import org.springframework.core.annotation.Order;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration

@Order(1)

public class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

@Override

protected void configure(HttpSecurity http) throws Exception {

http

.authorizeRequests()

.requestMatchers(EndpointRequest.to("env")).permitAll()

.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")

.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()

.antMatchers("/**").hasRole("USER")

.and()

.httpBasic();

}

}

參考資料

Springboot2

https://spring.io/blog/2017/09/15/security-changes-in-spring-boot-2-0-m4

https://spring.io/blog/2017/08/22/introducing-actuator-endpoints-in-spring-boot-2-0

Actuator相關(guān)

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html

https://www.infoq.com/news/2017/08/spring-boot-2-actuator-endpoints

https://github.com/spring-projects/spring-boot/wiki/Migrating-a-custom-Actuator-endpoint-to-Spring-Boot-2

Eureka Clients

https://cloud.spring.io/spring-cloud-netflix/multi/multi__service_discovery_eureka_clients.html

Endpoints

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html

content negotiation

https://blog.csdn.net/u012410733/article/details/78536656

Reactive Web Applications

https://docs.spring.io/spring/docs/5.0.0.M4/spring-framework-reference/html/web-reactive.html

https://spring.io/blog/2016/06/07/notes-on-reactive-programming-part-i-the-reactive-landscape

事件驅(qū)動(dòng)和消息驅(qū)動(dòng)

http://www.cnblogs.com/welen/articles/5115213.html