Merge branch 'release' of gitadmin/tuoheng_gateway into develop

.gitignore

@@ -0,0 +1,40 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+/.idea
+/.vscode
+/.svn
+tuoheng-ui
+target/
+HELP.md

src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java

@@ -1,13 +1,24 @@
 package com.tuoheng.gateway.config;
 
+import com.tuoheng.gateway.constants.AuthorityConstant;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
+import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
 import java.util.List;
@@ -42,22 +53,51 @@ public class WebSecurityConfig {
         permitUrlStr = permitUrls;
     }
 
+    private OAuth2ResourceServerProperties.Jwt Properties;
+
+    @Autowired
+    public void ResourceServerConfigurer(OAuth2ResourceServerProperties Properties) {
+        this.Properties = Properties.getJwt();
+    }
+
     @Bean
     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity){
         String[] OAUTH_PATH = oauthUrlStr.split(",");
         String[] PERMIT_PATH = permitUrlStr.split(",");
         httpSecurity
                 .authorizeExchange()
-                .pathMatchers(OAUTH_PATH).authenticated()
-                .pathMatchers(PERMIT_PATH).permitAll()
-                .pathMatchers("/api/system/demo/test").hasAuthority("SCOPE_email")
+                .pathMatchers("/api/system/demo/admin").hasAuthority(AuthorityConstant.SCOPE_ADMIN)
+                .pathMatchers("/api/system/demo/dsp").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_MP)
+                .pathMatchers("/api/system/demo/hhz").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB)
+                .pathMatchers(OAUTH_PATH).hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN,  AuthorityConstant.SCOPE_TUOHNEG_DSP_MP, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB)
+                //.pathMatchers("/api/system/**").hasAnyRole("ROLE_ADMIN", "ROLE_DSP")
+                //.pathMatchers(PERMIT_PATH).permitAll()
                 .anyExchange().permitAll()
                 .and()
                 .csrf()
                 .disable()
                 .cors();
         httpSecurity.oauth2ResourceServer().jwt();
+//        ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwtSpec = httpSecurity.oauth2ResourceServer().jwt();
+//        jwtSpec.authenticationManager(getAuthenticationManager());
         return httpSecurity.build();
     }
 
+    ReactiveAuthenticationManager getAuthenticationManager() {
+        NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = new NimbusReactiveJwtDecoder(Properties.getIssuerUri());
+        JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager = new JwtReactiveAuthenticationManager(nimbusReactiveJwtDecoder);
+
+        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
+        jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
+        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");
+
+        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
+        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
+
+        ReactiveJwtAuthenticationConverterAdapter reactiveJwtAuthenticationConverterAdapter = new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
+
+        jwtReactiveAuthenticationManager.setJwtAuthenticationConverter(reactiveJwtAuthenticationConverterAdapter);
+        return jwtReactiveAuthenticationManager;
+    }
+
 }

src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java

@@ -0,0 +1,30 @@
+package com.tuoheng.gateway.constants;
+
+/**
+ * 安全配置常量
+ */
+public class AuthorityConstant {
+
+    /**
+     * admin 用户权限
+     */
+    public static final String SCOPE_ADMIN = "admin";
+
+    /**
+     * dsp 用户权限
+     */
+    public static final String SCOPE_TUOHNEG_DSP_MP = "SCOPE_tuoheng-dsp-mp";
+
+    /**
+     * dsp 用户权限
+     */
+    public static final String SCOPE_TUOHNEG_DSP_WEB = "SCOPE_tuoheng-dsp-web";
+
+    /**
+     * 河湖长用户权限
+     */
+    public static final String SCOPE_HHZ = "SCOPE_HHZ";
+
+
+
+}

src/main/resources/application-dev.yml

@@ -101,6 +101,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0

src/main/resources/application-local.yml

@@ -101,6 +101,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0

src/main/resources/application-prod.yml

@@ -1,4 +1,9 @@
 spring:
+  security:
+    oauth2:
+      resource-server:
+        jwt:
+          issuer-uri: http://192.168.11.241:8090
   cloud:
     consul:
       host: 172.16.1.31 # consul 所在服务地址
@@ -89,6 +94,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+      # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+      # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+      # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0
@@ -112,5 +138,5 @@ spring:
 #security放行白名单配置
 security:
   ignore:
-#    whites: /api/auth/**,/api/web/**
-    oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

src/main/resources/application-test.yml

@@ -1,4 +1,9 @@
 spring:
+  security:
+    oauth2:
+      resource-server:
+        jwt:
+          issuer-uri: http://192.168.11.241:8090
   cloud:
     consul:
       host: 192.168.11.242 # consul 所在服务地址
@@ -89,6 +94,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0
@@ -112,5 +138,5 @@ spring:
 #security放行白名单配置
 security:
   ignore:
-#    whites: /api/auth/**,/api/web/**
-    oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

target/classes/WEB-INF/classes/application-local.yml

@@ -101,6 +101,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0

target/classes/application-dev.yml

@@ -101,6 +101,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0
@@ -125,5 +146,4 @@ spring:
 security:
   ignore:
     permitUrls: /api/system/demo/msg
-    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
-    api/portal/serviceInst/portal/getServiceInstParam/0bb1864c14b60d7f97093fe054c53b1f
+    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

target/classes/application-local.yml

@@ -101,6 +101,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0

target/classes/application-prod.yml

@@ -89,6 +89,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+      # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+      # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+      # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0
@@ -112,5 +133,5 @@ spring:
 #security放行白名单配置
 security:
   ignore:
-#    whites: /api/auth/**,/api/web/**
-    oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList

target/classes/application-test.yml

@@ -89,6 +89,27 @@ spring:
             - Path=/api/web/**
           filters:
             - StripPrefix=2
+        # pilot后台管理
+        - id: tuoheng-pilot-admin
+          uri: lb://tuoheng-pilot-admin
+          predicates:
+            - Path=/pilot/admin/**
+          filters:
+            - StripPrefix=2
+        # pilot小程序服务
+        - id: tuoheng-pilot-miniprogram
+          uri: lb://tuoheng-pilot-miniprogram
+          predicates:
+            - Path=/pilot/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # pilot api服务
+        - id: tuoheng-pilot-api
+          uri: lb://tuoheng-pilot-api
+          predicates:
+            - Path=/pilot/web/**
+          filters:
+            - StripPrefix=2
   # Redis数据源
   redis:
     # 缓存库默认索引0
@@ -112,5 +133,5 @@ spring:
 #security放行白名单配置
 security:
   ignore:
-#    whites: /api/auth/**,/api/web/**
-    oauthUrls: /api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList