devbox
weixin_40725706
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

全网最全的微服务+Outh2套餐,Gateway整合Oauth2!(入门到精通,附源码)满足你的味蕾需要(三)

作者:weixin_40725706 | 2024-02-15 12:02:47

gateway整合oauth2

上篇文章主要讲解Oauth2模块、user-service模块、feign模块,那么作为重中之重的gateway,我们将其做成资源服务器来进行开发。

一、资源服务器的实现方式

资源服务器在实际开发有两种实现方式:

(1)gateway做网关转发,不做资源服务器,由各个微服务模块自己去做资源服务器;

(2)gateway做网关转发 并且 资源服务器

前者方案使得每一个微服务模块都需要导入oauth2相关依赖,并且做处理,过于繁琐且耦合高。

所以本文章在接下来介绍,也就是文章的重点,并且会介绍到如何解决通过gateway去认证授权,跳转到oauth2认证授权后,跳转不回或重定向不到gatway的bug。

二、gateway模块

 1、模块结构

2、pom

  1.     <dependencies>
  2.         <dependency>
  3.             <groupId>cn.hutool</groupId>
  4.             <artifactId>hutool-all</artifactId>
  5.         </dependency>
  6.         <dependency>
  7.             <groupId>org.springframework.security</groupId>
  8.             <artifactId>spring-security-oauth2-jose</artifactId>
  9.         </dependency>
  10.         <dependency>
  11.             <groupId>org.springframework.security</groupId>
  12.             <artifactId>spring-security-oauth2-resource-server</artifactId>
  13.         </dependency>
  14.         <dependency>
  15.             <groupId>org.springframework.boot</groupId>
  16.             <artifactId>spring-boot-starter-web</artifactId>
  17.         </dependency>
  18.         <dependency>
  19.             <groupId>org.springframework.cloud</groupId>
  20.             <artifactId>spring-cloud-starter-oauth2</artifactId>
  21.         </dependency>
  22.         <dependency>
  23.             <groupId>org.springframework.cloud</groupId>
  24.             <artifactId>spring-cloud-starter-gateway</artifactId>
  25.         </dependency>
  26.         <dependency>
  27.             <groupId>com.alibaba.cloud</groupId>
  28.             <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
  29.         </dependency>
  30.  
  31.         <!--加载bootstrap 文件-->
  32.         <dependency>
  33.             <groupId>org.springframework.cloud</groupId>
  34.             <artifactId>spring-cloud-starter-bootstrap</artifactId>
  35.         </dependency>
  36.         <!--客户端负载均衡loadbalancer-->
  37.         <dependency>
  38.             <groupId>org.springframework.cloud</groupId>
  39.             <artifactId>spring-cloud-starter-loadbalancer</artifactId>
  40.         </dependency>
  41.         <dependency>
  42.             <groupId>org.projectlombok</groupId>
  43.             <artifactId>lombok</artifactId>
  44.         </dependency>
  45.         <dependency>
  46.             <groupId>com.white</groupId>
  47.             <artifactId>common</artifactId>
  48.             <version>1.0</version>
  49.             <scope>compile</scope>
  50.         </dependency>
  51.  
  52.     </dependencies>

3、bootstrap

  1. server:
  2.   port: 10000
  3.  
  4. spring:
  5.   application:
  6.     name: gateway
  7.   profiles:
  8.     active: dev
  9.   cloud:
  10.     gateway:
  11.       routes:
  12.         - id: user
  13.           uri: lb://user-service  # 客户端负载均衡 loadbalancer
  14.           predicates:
  15.             - Path=/user/**,/admin/**
  16.         - id: order
  17.           uri: lb://order-service
  18.           predicates:
  19.             - Path=/order/**
  20.         - id: oauth
  21.           uri: lb://oauth-service
  22.           predicates:
  23.             - Path=/uaa/**
  24.     nacos:
  25.       discovery:
  26.         server-addr: localhost:8848
  27.   redis:
  28.     host: 127.0.0.1
  29.     port: 6379
  30.   security:
  31.     oauth2:
  32.       resourceserver:
  33.         jwt:
  34.           #配置RSA的公钥访问地址  端口对应上篇文章的oauth2模块服务的端口
  35.           jwk-set-uri: 'http://localhost:8101/uaa/rsa/publicKey'
  36.   main:
  37.     web-application-type: reactive

4.GatewayApp启动类

  1. @SpringBootApplication(exclude= {DataSourceAutoConfiguration.class})
  2. @EnableGlobalMethodSecurity(prePostEnabled = true)
  3. public class GatewayApp
  4. {
  5.     public static void main( String[] args )
  6.     {
  7.  
  8.         SpringApplication.run(GatewayApp.class,args);
  9.     }
  10. }

5.IgnoreUrlsConfig

  1. package com.white.gateway.config;
  2.  
  3. import org.springframework.stereotype.Component;
  4.  
  5. import java.util.ArrayList;
  6. import java.util.List;
  7.  
  8. @Component
  9. public class IgnoreUrlsConfig {
  10.     public List<String> getUrls() {
  11.         ArrayList<String> objects = new ArrayList<>();
  12.         objects.add("/uaa/**");
  13.         objects.add("/user/**");
  14.         return objects;
  15.     }
  16. }

6.IgnoreUrlsRemoveJwtFilter

  1. package com.white.gateway.filter;
  2.  
  3. import com.white.gateway.config.IgnoreUrlsConfig;
  4. import org.springframework.beans.factory.annotation.Autowired;
  5. import org.springframework.http.server.reactive.ServerHttpRequest;
  6. import org.springframework.stereotype.Component;
  7. import org.springframework.util.AntPathMatcher;
  8. import org.springframework.util.PathMatcher;
  9. import org.springframework.web.server.ServerWebExchange;
  10. import org.springframework.web.server.WebFilter;
  11. import org.springframework.web.server.WebFilterChain;
  12. import reactor.core.publisher.Mono;
  13. import var.TokenVar;
  14.  
  15. import java.net.URI;
  16. import java.util.List;
  17.  
  18. /**
  19.  * 白名单路径访问时需要移除JWT请求头
  20.  */
  21. @Component
  22. public class IgnoreUrlsRemoveJwtFilter implements WebFilter {
  23.     @Autowired
  24.     private IgnoreUrlsConfig ignoreUrlsConfig;
  25.  
  26.     @Override
  27.     public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
  28.         ServerHttpRequest request = exchange.getRequest();
  29.         URI uri = request.getURI();
  30.         PathMatcher pathMatcher = new AntPathMatcher();
  31.  
  32.         //白名单路径移除JWT请求头
  33.         List<String> ignoreUrls = ignoreUrlsConfig.getUrls();
  34.         for (String ignoreUrl : ignoreUrls) {
  35.             if (pathMatcher.match(ignoreUrl, uri.getPath())) {
  36.                 request = request.mutate().header(TokenVar.TOKEN_HEAD, "").build();
  37.                 exchange = exchange.mutate().request(request).build();
  38.  
  39.                 return chain.filter(exchange);
  40.             }
  41.         }
  42.  
  43.         return chain.filter(exchange);
  44.     }
  45. }

7.AuthGlobalFilter

注意:这里拦截了路径为/oauth/authorize,在其进行跳转的时候构建响应包装类,解决通过gateway去oauth认证时,oauth成功登录后跳转不回gateway网关的bug。

  1. package com.white.gateway.filter;
  2.  
  3. import cn.hutool.core.util.StrUtil;
  4. import cn.hutool.json.JSONUtil;
  5. import cn.hutool.json.JSONObject;
  6. import com.alibaba.cloud.commons.lang.StringUtils;
  7. import com.nimbusds.jose.JWSObject;
  8. import org.reactivestreams.Publisher;
  9. import org.springframework.beans.factory.annotation.Autowired;
  10. import org.springframework.cloud.gateway.filter.GatewayFilterChain;
  11. import org.springframework.cloud.gateway.filter.GlobalFilter;
  12. import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
  13. import org.springframework.core.Ordered;
  14. import org.springframework.core.io.buffer.DataBuffer;
  15. import org.springframework.data.redis.core.RedisTemplate;
  16. import org.springframework.http.HttpStatus;
  17. import org.springframework.http.server.reactive.ServerHttpRequest;
  18. import org.springframework.http.server.reactive.ServerHttpResponse;
  19. import org.springframework.http.server.reactive.ServerHttpResponseDecorator;
  20. import org.springframework.stereotype.Component;
  21. import org.springframework.web.server.ServerWebExchange;
  22. import reactor.core.publisher.Mono;
  23. import var.TokenVar;
  24.  
  25. import java.text.ParseException;
  26. import java.util.Objects;
  27.  
  28. /**
  29.  * 将登录用户的JWT转化成用户信息的全局过滤器
  30.  */
  31. @Component
  32. public class AuthGlobalFilter implements GlobalFilter, Ordered {
  33.     @Autowired
  34.     private RedisTemplate redisTemplate;
  35.  
  36.     @Override
  37.     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
  38.         //TODO
  39.         String path = exchange.getRequest().getPath().value();
  40.         System.out.println("拦截到的路径:::" + path);
  41.         if (path.contains("/oauth/authorize") || path.contains("/auth/authorize") || path.contains("/auth/loginBySms")) {
  42.             //构建响应包装类
  43.             HttpResponseDecorator responseDecorator = new HttpResponseDecorator(exchange.getRequest(), exchange.getResponse(), "http://localhost:10000");
  44.             return chain
  45.                     .filter(exchange.mutate().response(responseDecorator).build());
  46.         }
  47.  
  48.  
  49.         //认证信息从Header 或 请求参数 中获取
  50.         ServerHttpRequest serverHttpRequest = exchange.getRequest();
  51.         String token = serverHttpRequest.getHeaders().getFirst(TokenVar.TOKEN_HEAD);
  52.         if (Objects.isNull(token)) {
  53.             token = serverHttpRequest.getQueryParams().getFirst(TokenVar.TOKEN_HEAD);
  54.         }
  55.  
  56.         if (StrUtil.isEmpty(token)) {
  57.             return chain.filter(exchange);
  58.         }
  59.         try {
  60.             //从token中解析用户信息并设置到Header中去
  61.             String realToken = token.replace(TokenVar.TOKEN_PREFIX, "");
  62.             JWSObject jwsObject = JWSObject.parse(realToken);
  63.             String userStr = jwsObject.getPayload().toString();
  64.  
  65.             // 黑名单token(登出、修改密码)校验
  66.             JSONObject jsonObject = JSONUtil.parseObj(userStr);
  67.             String jti = jsonObject.getStr("jti");
  68.  
  69.             Boolean isBlack = redisTemplate.hasKey(TokenVar.TOKEN_BLACKLIST_PREFIX + jti);
  70.             if (isBlack) {
  71.  
  72.             }
  73.  
  74.             // 存在token且不是黑名单,request写入JWT的载体信息
  75.             ServerHttpRequest request = serverHttpRequest.mutate().header(TokenVar.USER_TOKEN_HEADER, userStr).build();
  76.             exchange = exchange.mutate().request(request).build();
  77.         } catch (ParseException e) {
  78.             e.printStackTrace();
  79.         }
  80.  
  81.         return chain.filter(exchange);
  82.     }
  83.  
  84.     public class HttpResponseDecorator extends ServerHttpResponseDecorator {
  85.  
  86.         private String proxyUrl;
  87.  
  88.         private ServerHttpRequest request;
  89.  
  90.         public HttpResponseDecorator(ServerHttpRequest request, ServerHttpResponse delegate, String proxyUrl) {
  91.             super(delegate);
  92.             this.request = request;
  93.             this.proxyUrl = proxyUrl;
  94.         }
  95.  
  96.         @Override
  97.         public Mono<Void> writeWith(Publisher<? extends DataBuffer> body) {
  98.             HttpStatus status = this.getStatusCode();
  99.             if (status.equals(HttpStatus.FOUND)) {
  100.                 String domain = "";
  101.                 if (StringUtils.isBlank(proxyUrl)) {
  102.                     domain = request.getURI().getScheme() + "://" + request.getURI().getAuthority();
  103.                 } else {
  104.                     domain = proxyUrl;
  105.                 }
  106.                 String location = getHeaders().getFirst("Location");
  107.                 String replaceLocation = location.replaceAll("^((ht|f)tps?):\\/\\/(\\d{1,3}.){3}\\d{1,3}(:\\d+)?", domain);
  108.                 getHeaders().set("Location", replaceLocation);
  109.             }
  110.             this.getStatusCode();
  111.             return super.writeWith(body);
  112.         }
  113.     }
  114.  
  115.     @Override
  116.     public int getOrder() {
  117.         return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER - 1;
  118.     }
  119. }

8.ResourceServerManager

注意:这里的鉴权采用了对redis数据进行读取后,匹配当前的路径和请求方式是否与redis数据中一致,在此前提下判断当前的token是否与redis中存放的身份权限一致或包含其中,如果包含或一致才可以放行去请求资源,否则请求资源失败。

至于redis的数据从哪来,下面程序中是模拟添加了一个,实际开发中,在MySQL数据库创建一张相应的请求方式+路径,以及请求时用户必须要有的权限是什么的数据表,通过初次查询缓存到redis中,之后就可以通过redis进行数据读取了,内存速度快。

  1. package com.white.gateway.config;
  2.  
  3. import cn.hutool.core.collection.CollectionUtil;
  4. import cn.hutool.core.convert.Convert;
  5. import cn.hutool.core.util.StrUtil;
  6. import jdk.nashorn.internal.runtime.GlobalConstants;
  7. import lombok.AllArgsConstructor;
  8. import lombok.extern.slf4j.Slf4j;
  9. import org.springframework.beans.factory.annotation.Autowired;
  10. import org.springframework.data.redis.core.RedisTemplate;
  11. import org.springframework.data.redis.core.StringRedisTemplate;
  12. import org.springframework.http.HttpMethod;
  13. import org.springframework.http.server.reactive.ServerHttpRequest;
  14. import org.springframework.security.authorization.AuthorizationDecision;
  15. import org.springframework.security.authorization.ReactiveAuthorizationManager;
  16. import org.springframework.security.core.Authentication;
  17. import org.springframework.security.core.GrantedAuthority;
  18. import org.springframework.security.web.server.authorization.AuthorizationContext;
  19. import org.springframework.stereotype.Component;
  20. import org.springframework.util.AntPathMatcher;
  21. import org.springframework.util.PathMatcher;
  22. import reactor.core.publisher.Mono;
  23.  
  24. import java.util.ArrayList;
  25. import java.util.List;
  26. import java.util.Map;
  27. /**
  28.  * @ResourceServerManager.java的作用:鉴权管理器的相关配置
  29.  *                                      负责被ResourceServerConfig.java文件引用
  30.  * @author: white文
  31.  * @time: 2023/5/30 0:57
  32.  */
  33. @Component
  34. @AllArgsConstructor
  35. @Slf4j
  36. public class ResourceServerManager implements ReactiveAuthorizationManager<AuthorizationContext> {
  37.  
  38.     @Autowired
  39.     private RedisTemplate redisTemplate;
  40.     @Override
  41.     public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
  42.         ServerHttpRequest request = authorizationContext.getExchange().getRequest();
  43.         if (request.getMethod() == HttpMethod.OPTIONS) { // 预检请求放行
  44.             return Mono.just(new AuthorizationDecision(true));
  45.         }
  46.         PathMatcher pathMatcher = new AntPathMatcher();
  47.         String method = request.getMethodValue();
  48.         String path = request.getURI().getPath();
  49.         String restfulPath = method + ":" + path; // RESTFul接口权限设计: https://www.cnblogs.com/haoxianrui/p/14961707.html
  50.         String token = request.getHeaders().getFirst("Authorization");
  51.  
  52.  
  53.         // 如果token为空 或 不是以"bearer "为前缀 则无效并且需要鉴权
  54.         if (!StrUtil.isNotBlank(token) || !StrUtil.startWithIgnoreCase(token, "Bearer ") ) {
  55.             log.info("token为空 或 不是以 bearer 为前缀 则无效并且需要鉴权");
  56.             return Mono.just(new AuthorizationDecision(false));
  57.         }
  58.         log.info("鉴权开始");
  59.  
  60.         /**
  61.          * 鉴权开始
  62.          *
  63.          * 缓存取 [URL权限-角色集合] 规则数据
  64.          * urlPermRolesRules = [{'key':'GET:/admin/*','value':['ADMIN','TEST']},...]
  65.          */
  66.         Map<String, Object> urlPermRolesRules = redisTemplate.opsForHash().entries("auth:resourceRolesMap");
  67.         if (urlPermRolesRules.isEmpty()) {
  68.             log.info("空的,我手动加一些上去");
  69.             ArrayList<String> objects = new ArrayList<>();
  70.             objects.add("TEST");
  71.             objects.add("USER");
  72.             redisTemplate.opsForHash().put("auth:resourceRolesMap","GET:/admin/*",objects);
  73.             urlPermRolesRules = redisTemplate.opsForHash().entries("auth:resourceRolesMap");
  74.         }
  75.  
  76.         // 根据请求路径获取有访问权限的角色列表
  77.         List<String> authorizedRoles = new ArrayList<>(); // 拥有访问权限的角色
  78.         boolean requireCheck = false; // 是否需要鉴权,默认未设置拦截规则不需鉴权
  79.  
  80.         for (Map.Entry<String, Object> permRoles : urlPermRolesRules.entrySet()) {
  81.             String perm = permRoles.getKey();
  82.             System.out.println("路径:"+perm+"  值:"+permRoles.getValue().toString());
  83.             // 判断传过来的 方法:路径 是否在redis缓存中
  84.             if (pathMatcher.match(perm, restfulPath)) {
  85.                 List<String> roles = Convert.toList(String.class, permRoles.getValue());
  86.                 // 加入授权数组中
  87.                 authorizedRoles.addAll(roles);
  88.                 if (requireCheck == false) {
  89.                     requireCheck = true;
  90.                 }
  91.             }
  92.         }
  93.         // 没有设置拦截规则放行
  94.         if (requireCheck == false) {
  95.             return Mono.just(new AuthorizationDecision(true));
  96.         }
  97.  
  98.         // 判断JWT中携带的用户角色是否有权限访问
  99.         Mono<AuthorizationDecision> authorizationDecisionMono = mono
  100.                 .filter(Authentication::isAuthenticated)
  101.                 .flatMapIterable(Authentication::getAuthorities)
  102.                 .map(GrantedAuthority::getAuthority)
  103.                 .any(authority -> {
  104.                     String roleCode = StrUtil.removePrefix(authority,"ROLE_");// ROLE_ADMIN移除前缀ROLE_得到用户的角色编码ADMIN
  105.                     if (String.valueOf("ADMIN").equals(roleCode)) {
  106.                         return true; // 如果是超级管理员则放行
  107.                     }
  108.                     boolean hasAuthorized = CollectionUtil.isNotEmpty(authorizedRoles) && authorizedRoles.contains(roleCode);
  109.                     return hasAuthorized;
  110.                 })
  111.                 .map(AuthorizationDecision::new)
  112.                 .defaultIfEmpty(new AuthorizationDecision(false));
  113.         return authorizationDecisionMono;
  114.     }
  115. }
  116.  
  117.

9.ResourceServerConfig

在该文件下,如果想实现 token无效或者已过期自定义响应(ServerAuthenticationEntryPoint 和 自定义未授权响应(ServerAccessDeniedHandler) 的话,可以自定义配置返回前端的相关配置,以下代码没做实现,采用程序默认返回给前端的401,如下效果:

  1. package com.white.gateway.config;
  2.  
  3. import cn.hutool.core.convert.Convert;
  4. import cn.hutool.core.util.ArrayUtil;
  5. import com.white.gateway.filter.IgnoreUrlsRemoveJwtFilter;
  6. import lombok.Setter;
  7. import lombok.SneakyThrows;
  8. import lombok.extern.slf4j.Slf4j;
  9. import org.springframework.beans.factory.annotation.Autowired;
  10. import org.springframework.context.annotation.Bean;
  11. import org.springframework.context.annotation.Configuration;
  12. import org.springframework.core.convert.converter.Converter;
  13. import org.springframework.security.authentication.AbstractAuthenticationToken;
  14. import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
  15. import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
  16. import org.springframework.security.config.web.server.ServerHttpSecurity;
  17. import org.springframework.security.oauth2.jwt.Jwt;
  18. import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
  19. import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
  20. import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
  21. import org.springframework.security.web.server.SecurityWebFilterChain;
  22. import reactor.core.publisher.Mono;
  23.  
  24. import java.security.interfaces.RSAPublicKey;
  25. import java.util.List;
  26.  
  27. /**
  28.  * 资源服务器配置
  29.  */
  30.  
  31. @Configuration
  32. @EnableWebFluxSecurity
  33. @Slf4j
  34. public class ResourceServerConfig {
  35.  
  36.     @Autowired
  37.     private ResourceServerManager resourceServerManager;
  38.  
  39.     @Autowired
  40.     private IgnoreUrlsConfig ignoreUrlsConfig;
  41.  
  42.     @Autowired
  43.     private IgnoreUrlsRemoveJwtFilter ignoreUrlsRemoveJwtFilter;
  44.  
  45.     @Bean
  46.     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
  47.         http
  48.                 .oauth2ResourceServer()
  49.                 .jwt()
  50.                 .jwtAuthenticationConverter(jwtAuthenticationConverter());
  51.  
  52.         //TODO 对白名单路径,直接移除JWT请求头
  53.         http.addFilterBefore(ignoreUrlsRemoveJwtFilter, SecurityWebFiltersOrder.AUTHENTICATION);
  54.  
  55.         http.authorizeExchange()
  56.                 //白名单配置
  57.                 .pathMatchers(Convert.toStrArray(ignoreUrlsConfig.getUrls())).permitAll()
  58.                 //鉴权管理器配置
  59.                 .anyExchange().access(resourceServerManager)
  60.                 .and().csrf().disable();
  61.  
  62.         return http.build();
  63.     }
  64.  
  65.     /**
  66.      * @link https://blog.csdn.net/qq_24230139/article/details/105091273
  67.      * ServerHttpSecurity没有将jwt中authorities的负载部分当做Authentication
  68.      * 需要把jwt的Claim中的authorities加入
  69.      * 方案:重新定义权限管理器,默认转换器JwtGrantedAuthoritiesConverter
  70.      */
  71.     @Bean
  72.     public Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter() {
  73.         JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
  74.         jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
  75.         jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");
  76.  
  77.         JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
  78.         jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
  79.         return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
  80.     }
  81.  
  82. }

10.RedisConfig

  1. package com.white.gateway.config;
  2.  
  3. import com.fasterxml.jackson.annotation.JsonAutoDetect;
  4. import com.fasterxml.jackson.annotation.PropertyAccessor;
  5. import com.fasterxml.jackson.databind.ObjectMapper;
  6. import org.springframework.cache.annotation.CachingConfigurerSupport;
  7. import org.springframework.cache.annotation.EnableCaching;
  8. import org.springframework.context.annotation.Bean;
  9. import org.springframework.context.annotation.Configuration;
  10. import org.springframework.data.redis.connection.RedisConnectionFactory;
  11. import org.springframework.data.redis.core.RedisTemplate;
  12. import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
  13. import org.springframework.data.redis.serializer.StringRedisSerializer;
  14.  
  15. import javax.annotation.Resource;
  16.  
  17. /*
  18.  * Redis配置
  19.  * 解决redis在业务逻辑处理层RedisCon上不出错,缓存序列化问题
  20.  * @author: white
  21.  * */
  22. @Configuration
  23. @EnableCaching
  24. public class RedisConfig extends CachingConfigurerSupport {
  25.     @Resource
  26.     RedisConnectionFactory redisConnectionFactory;
  27.     @Bean
  28.     public RedisTemplate<String,Object> redisTemplate(){
  29.         System.out.println("gateway 读取redis配置");
  30.         RedisTemplate<String,Object> redisTemplate=new RedisTemplate<>();
  31.         redisTemplate.setConnectionFactory(redisConnectionFactory);
  32. //Json序列化配置
  33.         //1、String的序列化
  34.         StringRedisSerializer stringRedisSerializer=new StringRedisSerializer();
  35.         // key采用String的序列化方式
  36.         redisTemplate.setKeySerializer(stringRedisSerializer);
  37.         // hash的key也采用String的序列化方式
  38.         redisTemplate.setHashKeySerializer(stringRedisSerializer);
  39.  
  40.         //2、json解析任意的对象(Object),变成json序列化
  41.         Jackson2JsonRedisSerializer<Object> serializer=new Jackson2JsonRedisSerializer<Object>(Object.class);
  42.         ObjectMapper mapper=new ObjectMapper(); //用ObjectMapper进行转义
  43.         mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
  44.         //该方法是指定序列化输入的类型,就是将数据库里的数据按照一定类型存储到redis缓存中。
  45.         mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL);
  46.         serializer.setObjectMapper(mapper);
  47.  
  48.         // value序列化方式采用jackson
  49.         redisTemplate.setValueSerializer(serializer);
  50.         // hash的value序列化方式采用jackson
  51.         redisTemplate.setHashValueSerializer(serializer);
  52.  
  53.         return redisTemplate;
  54.     }
  55. }

11、TokenVar

  1. package var;
  2.  
  3. public interface TokenVar {
  4.     public static final String APP_SECRET ="white";
  5.     public static final String TOKEN_HEAD="Authorization"; // 认证信息Http请求头
  6.  
  7.     public static final String TOKEN_PREFIX = "Bearer "; //  JWT令牌前缀
  8.     /**
  9.      * JWT存储权限前缀
  10.      */
  11.     String AUTHORITY_PREFIX = "ROLE_";
  12.  
  13.     /**
  14.      * JWT存储权限属性
  15.      */
  16.     String AUTHORITY_CLAIM_NAME = "authorities";
  17.  
  18.     /**
  19.      * 后台client_id
  20.      */
  21.     String ADMIN_CLIENT_ID = "api-admin";
  22.  
  23.     /**
  24.      * 前端client_id
  25.      */
  26.     String PORTAL_CLIENT_ID = "api-portal";
  27.  
  28.     /**
  29.      * 后台接口路径匹配
  30.      */
  31.     String ADMIN_URL_PATTERN = "/admin/**";
  32.  
  33.     /**
  34.      * Redis缓存权限规则key
  35.      */
  36.     String RESOURCE_ROLES_MAP_KEY = "auth:resourceRolesMap";
  37.  
  38.     /**
  39.      * 用户信息Http请求头
  40.      */
  41.     String USER_TOKEN_HEADER = "user";
  42.  
  43.     /**
  44.      * 黑名单
  45.      */
  46.     String TOKEN_BLACKLIST_PREFIX = "blacklist";
  47. }

 三、测试

与第二篇文章的测试相同,只不过我们将地址的端口改成10000,意思是通过网关去请求oauth认证授权。

1、请求授权码

http://localhost:10000/uaa/oauth/authorize?client_id=123&response_type=code&scop=all&redirect_uri=http://localhost:10000

自动跳转到:http://localhost:10000/uaa/login

2、请求令牌

3、验证令牌

4、刷新令牌

 5.请求资源,不带token

在前面的过滤中,我们仅仅对/user/**,/uaa/**两个路径进行白名单路径设置,而在user-service模块中,小编还设置一个/admin/**的一个路径,该路径没有被设置进白名单,并且在redis的设置中,该路径需要权限为:admin

现在不带token来请求/admin/1,如下,结果为401:

 6.请求资源,带有token

现在我们带着token,并且token中的用户信息权限为admin

四、进一步调优

到此,gateway+oauth整合完成了,接下来会在评论区出下一章,下一章会针对oauth的推出登录如何解决以及如何整合第三方应用进行登录(如:gitee平台)。

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/84442
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号