9 changed files with 138 additions and 18 deletions
+ 20
- 0
src/main/java/com/tuoheng/gateway/commons/CommonsConfig.java
View File
| @@ -28,6 +28,16 @@ public class CommonsConfig { | |||
| */ | |||
| public static String waterwayPermissionUrl; | |||
| /** | |||
| * 水环境权限接口地址 | |||
| */ | |||
| public static String weptspPermissionUrl; | |||
| /** | |||
| * 大气权限接口地址 | |||
| */ | |||
| public static String airmonitorPermissionUrl; | |||
| @Value("${tuoheng.hhz-admin-perUrl}") | |||
| public void setHhzPermissionUrl(String url) { | |||
| @@ -44,4 +54,14 @@ public class CommonsConfig { | |||
| waterwayPermissionUrl = url; | |||
| } | |||
| @Value("${tuoheng.weptsp-admin-perUrl}") | |||
| public void setWeptspPermissionUrl(String url) { | |||
| weptspPermissionUrl = url; | |||
| } | |||
| @Value("${tuoheng.airmonitor-admin-perUrl}") | |||
| public void setAirmonitorPermissionUrl(String url) { | |||
| airmonitorPermissionUrl = url; | |||
| } | |||
| } | |||
+ 7
- 7
src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java
View File
| @@ -7,14 +7,10 @@ import org.springframework.beans.factory.annotation.Value; | |||
| import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties; | |||
| import org.springframework.context.annotation.Bean; | |||
| import org.springframework.context.annotation.Configuration; | |||
| import org.springframework.http.HttpMethod; | |||
| import org.springframework.security.authentication.ReactiveAuthenticationManager; | |||
| import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; | |||
| import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; | |||
| import org.springframework.security.config.web.server.ServerHttpSecurity; | |||
| import org.springframework.security.core.GrantedAuthority; | |||
| import org.springframework.security.core.authority.SimpleGrantedAuthority; | |||
| import org.springframework.security.jwt.Jwt; | |||
| import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder; | |||
| import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; | |||
| import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; | |||
| @@ -22,8 +18,6 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtRea | |||
| import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter; | |||
| import org.springframework.security.web.server.SecurityWebFilterChain; | |||
| import java.util.List; | |||
| /** | |||
| * @author chenjiandong | |||
| * @description: TODO | |||
| @@ -62,12 +56,14 @@ public class WebSecurityConfig { | |||
| } | |||
| @Bean | |||
| public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity){ | |||
| public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) { | |||
| String[] OAUTH_PATH = oauthUrlStr.split(","); | |||
| String[] hhzPermitPath = PermitPathConstant.hhzPermitUrlStr; | |||
| String[] freewayPermitPath = PermitPathConstant.freewayPermitUrlStr; | |||
| String[] waterwayPermitPath = PermitPathConstant.waterwayPermitUrlStr; | |||
| String[] dspInspectionPermitUrlStr = PermitPathConstant.dspInspectionPermitUrlStr; | |||
| String[] weptspPermitPath = PermitPathConstant.weptspPermitUrlStr; | |||
| String[] airmonitorPermitPath = PermitPathConstant.airmonitorPermitUrlStr; | |||
| httpSecurity | |||
| .authorizeExchange() | |||
| .pathMatchers(OAUTH_PATH).hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_MP, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB) | |||
| @@ -75,6 +71,8 @@ public class WebSecurityConfig { | |||
| .pathMatchers(freewayPermitPath).permitAll() | |||
| .pathMatchers(waterwayPermitPath).permitAll() | |||
| .pathMatchers(dspInspectionPermitUrlStr).permitAll() | |||
| .pathMatchers(weptspPermitPath).permitAll() | |||
| .pathMatchers(airmonitorPermitPath).permitAll() | |||
| .pathMatchers("/pilot/miniprogram/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_PILOT_MP) | |||
| .pathMatchers("/pilot/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_PILOT_ADMIN) | |||
| .pathMatchers("/hhz/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_HHZ_ADMIN) | |||
| @@ -84,6 +82,8 @@ public class WebSecurityConfig { | |||
| .pathMatchers("/oidc/admin/tenant/**", "/oidc/admin/client/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_OIDC_ADMIN) | |||
| .pathMatchers("/waterway/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_WATERWAY_ADMIN) | |||
| .pathMatchers("/waterway/miniprogram/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_WATERWAY_MP) | |||
| .pathMatchers("/weptsp/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_WEPTSP_ADMIN) | |||
| .pathMatchers("/airmonitor/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_AIRMONITOR_ADMIN) | |||
| .pathMatchers("/oidc/admin/user/**").authenticated() | |||
| .pathMatchers("/api/inspection/**").authenticated() | |||
| //.pathMatchers(PERMIT_PATH).permitAll() | |||
+ 11
- 0
src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java
View File
| @@ -47,4 +47,15 @@ public class AuthorityConstant { | |||
| public static final String SCOPE_TUOHNEG_WATERWAY_MP = "SCOPE_tuoheng-waterway-mp"; | |||
| /** | |||
| * Weptsp 用户权限 | |||
| */ | |||
| public static final String SCOPE_TUOHNEG_WEPTSP_ADMIN = "SCOPE_tuoheng-weptsp-admin"; | |||
| //public static final String SCOPE_TUOHNEG_AIRPORT_MP= "SCOPE_tuoheng-weptsp-mp"; | |||
| /** | |||
| * AirMonitor 用户权限 | |||
| */ | |||
| public static final String SCOPE_TUOHNEG_AIRMONITOR_ADMIN = "SCOPE_tuoheng-airmonitor-admin"; | |||
| //public static final String SCOPE_TUOHNEG_AIRPORT_MP= "SCOPE_tuoheng-weptsp-mp"; | |||
| } | |||
+ 8
- 0
src/main/java/com/tuoheng/gateway/constants/PermitPathConstant.java
View File
| @@ -67,4 +67,12 @@ public class PermitPathConstant { | |||
| "/api/inspection/third/test/callback/**" | |||
| }; | |||
| public static String weptspPermitUrlStr[] = { | |||
| "/weptsp/admin/download/workStreamExcel/**", | |||
| }; | |||
| public static String airmonitorPermitUrlStr[] = { | |||
| "/airmonitor/admin/airport/inspection/**", | |||
| "/airmonitor/admin/cloudbox/callback/**" | |||
| }; | |||
| } | |||
+ 30
- 8
src/main/java/com/tuoheng/gateway/utils/GatewayUrlPathUtil.java
View File
| @@ -5,8 +5,10 @@ import com.tuoheng.gateway.commons.CommonsConfig; | |||
| import io.micrometer.core.instrument.util.StringUtils; | |||
| import lombok.extern.slf4j.Slf4j; | |||
| import org.springframework.beans.factory.annotation.Autowired; | |||
| import org.springframework.http.*; | |||
| import org.springframework.http.HttpEntity; | |||
| import org.springframework.http.HttpHeaders; | |||
| import org.springframework.web.client.RestTemplate; | |||
| import java.util.ArrayList; | |||
| import java.util.List; | |||
| import java.util.Objects; | |||
| @@ -34,14 +36,19 @@ public class GatewayUrlPathUtil { | |||
| private static final String WATER_MP = "tuoheng-waterway-miniprogram"; | |||
| private static final String WSPTSP_ADMIN = "tuoheng-wsptsp-admin"; | |||
| private static final String AIRMONITOR_ADMIN = "tuoheng-airmonitor-admin"; | |||
| /** | |||
| * 获取 gateway 路由前缀,匹配url | |||
| * | |||
| * @param clientId | |||
| * @return | |||
| */ | |||
| public static String getPathByClientId(String clientId) { | |||
| String apiPath = ""; | |||
| switch (clientId){ | |||
| switch (clientId) { | |||
| case HHZ_ADMIN: | |||
| apiPath = "/hhz/admin"; | |||
| break; | |||
| @@ -60,29 +67,44 @@ public class GatewayUrlPathUtil { | |||
| case WATER_MP: | |||
| apiPath = "/waterway/miniprogram"; | |||
| break; | |||
| case WSPTSP_ADMIN: | |||
| apiPath = "/wsptsp/admin"; | |||
| break; | |||
| case AIRMONITOR_ADMIN: | |||
| apiPath = "/airmonitor/admin"; | |||
| break; | |||
| default: | |||
| break; | |||
| } | |||
| return apiPath; | |||
| } | |||
| /** | |||
| * 根据 clientId 从业务系统获取 permission - role 数据 | |||
| * | |||
| * @return | |||
| */ | |||
| public static List<Integer> getRoleIdByApiUrlPermission(String clientId, String apiUrl, String token){ | |||
| public static List<Integer> getRoleIdByApiUrlPermission(String clientId, String apiUrl, String token) { | |||
| log.info("getRoleIdByApiUrlPermission -start, clientId:{},apiUrl:{}", clientId, apiUrl); | |||
| List<Integer> resList = new ArrayList<>(); | |||
| String url = ""; | |||
| if(clientId.equals(HHZ_ADMIN) || clientId.equals(HHZ_MP)){ | |||
| if (clientId.equals(HHZ_ADMIN) || clientId.equals(HHZ_MP)) { | |||
| url = CommonsConfig.hhzPermissionUrl; | |||
| } | |||
| if(clientId.equals(FREEWAY_ADMIN) || clientId.equals(FREEWAY_MP)){ | |||
| if (clientId.equals(FREEWAY_ADMIN) || clientId.equals(FREEWAY_MP)) { | |||
| url = CommonsConfig.freewayPermissionUrl; | |||
| } | |||
| if(clientId.equals(WATER_ADMIN) || clientId.equals(WATER_MP)){ | |||
| if (clientId.equals(WATER_ADMIN) || clientId.equals(WATER_MP)) { | |||
| url = CommonsConfig.waterwayPermissionUrl; | |||
| } | |||
| if (clientId.equals(WSPTSP_ADMIN)) { | |||
| url = CommonsConfig.weptspPermissionUrl; | |||
| } | |||
| if (clientId.equals(AIRMONITOR_ADMIN)) { | |||
| url = CommonsConfig.airmonitorPermissionUrl; | |||
| } | |||
| log.info("getRoleIdByApiUrlPermission -url:{},token:{}", url, token); | |||
| if(StringUtils.isNotBlank(url)){ | |||
| if (StringUtils.isNotBlank(url)) { | |||
| HttpHeaders resultRequestHeader = new HttpHeaders(); | |||
| resultRequestHeader.add("Authorization", "Bearer " + token); | |||
| JSONObject json = new JSONObject(); | |||
| @@ -92,7 +114,7 @@ public class GatewayUrlPathUtil { | |||
| log.info("getRoleIdByApiUrlPermission - result:{}", result); | |||
| JSONObject jsonObject = JSONObject.parseObject(result); | |||
| Object obj = jsonObject.get("data"); | |||
| if(!Objects.isNull(obj)){ | |||
| if (!Objects.isNull(obj)) { | |||
| for (Object o : (List<?>) obj) { | |||
| resList.add(Integer.class.cast(o)); | |||
| } | |||
+ 24
- 2
src/main/resources/application-dev.yml
View File
| @@ -210,7 +210,27 @@ spring: | |||
| - Path=/waterway/web/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # weptsp admin服务 | |||
| - id: tuoheng-weptsp-admin | |||
| uri: lb://tuoheng-weptsp-admin | |||
| predicates: | |||
| - Path=/weptsp/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # airmonitor admin服务 | |||
| - id: tuoheng-airmonitor-admin | |||
| uri: lb://tuoheng-airmonitor-admin | |||
| predicates: | |||
| - Path=/airmonitor/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # 机场平台 admin服务 | |||
| - id: tuoheng_airport_admin | |||
| uri: lb://tuoheng_airport_admin | |||
| predicates: | |||
| - Path=/airport/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # Redis数据源 | |||
| redis: | |||
| # 缓存库默认索引0 | |||
| @@ -241,4 +261,6 @@ security: | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://192.168.11.11:9055/permission/getRoleIdList | |||
| freeway-admin-perUrl: http://192.168.11.11:9117/permission/getRoleIdList | |||
| waterway-admin-perUrl: http://192.168.11.11:9120/permission/getRoleIdList | |||
| waterway-admin-perUrl: http://192.168.11.11:9120/permission/getRoleIdList | |||
| weptsp-admin-perUrl: http://192.168.11.11:9140/permission/getRoleIdList | |||
| airmonitor-admin-perUrl: http://192.168.11.11:9130/permission/getRoleIdList | |||
+ 7
- 0
src/main/resources/application-local.yml
View File
| @@ -178,6 +178,13 @@ spring: | |||
| - Path=/hhz/api/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # 机场平台 admin服务 | |||
| - id: tuoheng_airport_admin | |||
| uri: lb://tuoheng_airport_admin | |||
| predicates: | |||
| - Path=/airport/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # Redis数据源 | |||
| redis: | |||
| # 缓存库默认索引0 | |||
+ 7
- 0
src/main/resources/application-prod.yml
View File
| @@ -202,6 +202,13 @@ spring: | |||
| - Path=/waterway/web/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # 机场平台 admin服务 | |||
| - id: tuoheng_airport_admin | |||
| uri: lb://tuoheng_airport_admin | |||
| predicates: | |||
| - Path=/airport/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # Redis数据源 | |||
| redis: | |||
| # 缓存库默认索引0 | |||
+ 24
- 1
src/main/resources/application-test.yml
View File
| @@ -203,6 +203,27 @@ spring: | |||
| - Path=/waterway/web/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # weptsp admin服务 | |||
| - id: tuoheng-weptsp-admin | |||
| uri: lb://tuoheng-weptsp-admin | |||
| predicates: | |||
| - Path=/weptsp/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # airmonitor admin服务 | |||
| - id: tuoheng-airmonitor-admin | |||
| uri: lb://tuoheng-airmonitor-admin | |||
| predicates: | |||
| - Path=/airmonitor/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # 机场平台 admin服务 | |||
| - id: tuoheng_airport_admin | |||
| uri: lb://tuoheng_airport_admin | |||
| predicates: | |||
| - Path=/airport/admin/** | |||
| filters: | |||
| - StripPrefix=2 | |||
| # Redis数据源 | |||
| redis: | |||
| # 缓存库默认索引0 | |||
| @@ -233,4 +254,6 @@ security: | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://172.15.1.21:9055/permission/getRoleIdList | |||
| freeway-admin-perUrl: https://freeway-test.t-aaron.com/permission/getRoleIdList | |||
| waterway-admin-perUrl: https://waterway-test.t-aaron.com/permission/getRoleIdList | |||
| waterway-admin-perUrl: https://waterway-test.t-aaron.com/permission/getRoleIdList | |||
| weptsp-admin-perUrl: https://weptsp-test.t-aaron.com/permission/getRoleIdList | |||
| airmonitor-admin-perUrl: https://airmonitor-test.t-aaron.com/permission/getRoleIdList | |||
Loading…