gitadmin
/
tuoheng_gateway_move_20240715
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Sfoglia il codice sorgente

Merge branch 'develop' of gitadmin/tuoheng_gateway into master

gitadmin-patch-1
gitadmin 1 anno fa
parent
c7ce3ae2e0 747b6f6620
commit
4de2140154
13 ha cambiato i file con 324 aggiunte e 14 eliminazioni
Visualizzazione separata
Diff Options
Show Stats Download Patch File Download Diff File
  1. +40
    -0
      .gitignore
  2. +43
    -3
      src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java
  3. +30
    -0
      src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java
  4. +23
    -1
      src/main/resources/application-dev.yml
  5. +21
    -0
      src/main/resources/application-local.yml
  6. +28
    -2
      src/main/resources/application-prod.yml
  7. +29
    -2
      src/main/resources/application-test.yml
  8. +21
    -0
      target/classes/WEB-INF/classes/application-local.yml
  9. +22
    -2
      target/classes/application-dev.yml
  10. +21
    -0
      target/classes/application-local.yml
  11. +23
    -2
      target/classes/application-prod.yml
  12. +23
    -2
      target/classes/application-test.yml
  13. BIN
      target/classes/com/tuoheng/gateway/config/WebSecurityConfig.class

+ 40
- 0
.gitignore Vedi File

@@ -0,0 +1,40 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**/target/
!**/src/test/**/target/

### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache

### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr

### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
!**/src/main/**/build/
!**/src/test/**/build/

### VS Code ###
.vscode/

/.idea
/.vscode
/.svn
tuoheng-ui
target/
HELP.md

+ 43
- 3
src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java Vedi File

@@ -1,13 +1,24 @@
package com.tuoheng.gateway.config;

import com.tuoheng.gateway.constants.AuthorityConstant;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.jwt.Jwt;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
import org.springframework.security.web.server.SecurityWebFilterChain;

import java.util.List;
@@ -42,22 +53,51 @@ public class WebSecurityConfig {
permitUrlStr = permitUrls;
}

private OAuth2ResourceServerProperties.Jwt Properties;

@Autowired
public void ResourceServerConfigurer(OAuth2ResourceServerProperties Properties) {
this.Properties = Properties.getJwt();
}

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity){
String[] OAUTH_PATH = oauthUrlStr.split(",");
String[] PERMIT_PATH = permitUrlStr.split(",");
httpSecurity
.authorizeExchange()
.pathMatchers(OAUTH_PATH).authenticated()
.pathMatchers(PERMIT_PATH).permitAll()
.pathMatchers("/api/system/demo/test").hasAuthority("SCOPE_email")
.pathMatchers("/api/system/demo/admin").hasAuthority(AuthorityConstant.SCOPE_ADMIN)
.pathMatchers("/api/system/demo/dsp").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_MP)
.pathMatchers("/api/system/demo/hhz").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB)
.pathMatchers(OAUTH_PATH).hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_MP, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB)
//.pathMatchers("/api/system/**").hasAnyRole("ROLE_ADMIN", "ROLE_DSP")
//.pathMatchers(PERMIT_PATH).permitAll()
.anyExchange().permitAll()
.and()
.csrf()
.disable()
.cors();
httpSecurity.oauth2ResourceServer().jwt();
// ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwtSpec = httpSecurity.oauth2ResourceServer().jwt();
// jwtSpec.authenticationManager(getAuthenticationManager());
return httpSecurity.build();
}

ReactiveAuthenticationManager getAuthenticationManager() {
NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = new NimbusReactiveJwtDecoder(Properties.getIssuerUri());
JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager = new JwtReactiveAuthenticationManager(nimbusReactiveJwtDecoder);

JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");

JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);

ReactiveJwtAuthenticationConverterAdapter reactiveJwtAuthenticationConverterAdapter = new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);

jwtReactiveAuthenticationManager.setJwtAuthenticationConverter(reactiveJwtAuthenticationConverterAdapter);
return jwtReactiveAuthenticationManager;
}

}

+ 30
- 0
src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java Vedi File

@@ -0,0 +1,30 @@
package com.tuoheng.gateway.constants;

/**
* 安全配置常量
*/
public class AuthorityConstant {

/**
* admin 用户权限
*/
public static final String SCOPE_ADMIN = "SCOPE_admin";

/**
* dsp 用户权限
*/
public static final String SCOPE_TUOHNEG_DSP_MP = "SCOPE_tuoheng-dsp-mp";

/**
* dsp 用户权限
*/
public static final String SCOPE_TUOHNEG_DSP_WEB = "SCOPE_tuoheng-dsp-web";

/**
* 河湖长用户权限
*/
public static final String SCOPE_HHZ = "SCOPE_HHZ";



}

+ 23
- 1
src/main/resources/application-dev.yml Vedi File

@@ -3,7 +3,8 @@ spring:
oauth2:
resource-server:
jwt:
issuer-uri: http://192.168.11.11:8090
#issuer-uri: http://192.168.11.11:8090
issuer-uri: http://oidc.dev.t-aaron.com
cloud:
consul:
host: 192.168.11.13 # consul 所在服务地址
@@ -101,6 +102,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0

+ 21
- 0
src/main/resources/application-local.yml Vedi File

@@ -101,6 +101,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0

+ 28
- 2
src/main/resources/application-prod.yml Vedi File

@@ -1,4 +1,9 @@
spring:
security:
oauth2:
resource-server:
jwt:
issuer-uri: http://172.16.1.31:8090
cloud:
consul:
host: 172.16.1.31 # consul 所在服务地址
@@ -89,6 +94,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
@@ -112,5 +138,5 @@ spring:
#security放行白名单配置
security:
ignore:
# whites: /api/auth/**,/api/web/**
oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

+ 29
- 2
src/main/resources/application-test.yml Vedi File

@@ -1,4 +1,10 @@
spring:
security:
oauth2:
resource-server:
jwt:
#issuer-uri: http://192.168.11.241:8090
issuer-uri: https://oidc.test.t-aaron.com
cloud:
consul:
host: 192.168.11.242 # consul 所在服务地址
@@ -89,6 +95,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
@@ -112,5 +139,5 @@ spring:
#security放行白名单配置
security:
ignore:
# whites: /api/auth/**,/api/web/**
oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

+ 21
- 0
target/classes/WEB-INF/classes/application-local.yml Vedi File

@@ -101,6 +101,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0

+ 22
- 2
target/classes/application-dev.yml Vedi File

@@ -101,6 +101,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
@@ -125,5 +146,4 @@ spring:
security:
ignore:
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
api/portal/serviceInst/portal/getServiceInstParam/0bb1864c14b60d7f97093fe054c53b1f
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

+ 21
- 0
target/classes/application-local.yml Vedi File

@@ -101,6 +101,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0

+ 23
- 2
target/classes/application-prod.yml Vedi File

@@ -89,6 +89,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
@@ -112,5 +133,5 @@ spring:
#security放行白名单配置
security:
ignore:
# whites: /api/auth/**,/api/web/**
oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

+ 23
- 2
target/classes/application-test.yml Vedi File

@@ -89,6 +89,27 @@ spring:
- Path=/api/web/**
filters:
- StripPrefix=2
# pilot后台管理
- id: tuoheng-pilot-admin
uri: lb://tuoheng-pilot-admin
predicates:
- Path=/pilot/admin/**
filters:
- StripPrefix=2
# pilot小程序服务
- id: tuoheng-pilot-miniprogram
uri: lb://tuoheng-pilot-miniprogram
predicates:
- Path=/pilot/miniprogram/**
filters:
- StripPrefix=2
# pilot api服务
- id: tuoheng-pilot-api
uri: lb://tuoheng-pilot-api
predicates:
- Path=/pilot/web/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
@@ -112,5 +133,5 @@ spring:
#security放行白名单配置
security:
ignore:
# whites: /api/auth/**,/api/web/**
oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

BIN
target/classes/com/tuoheng/gateway/config/WebSecurityConfig.class Vedi File


Write Preview
Loading…
Annulla
Salva