gateway 引入 webclient,实现对 oauth2 接口的调用
This commit is contained in:
parent
6d9195ac83
commit
e5fed46ae1
@ -0,0 +1,16 @@
|
|||||||
|
package cn.iocoder.yudao.gateway.config;
|
||||||
|
|
||||||
|
import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalancerExchangeFilterFunction;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.web.reactive.function.client.WebClient;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
public class TmpConfiguration {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public WebClient webClient(ReactorLoadBalancerExchangeFilterFunction lbFunction) {
|
||||||
|
return WebClient.builder().filter(lbFunction).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -1,16 +1,26 @@
|
|||||||
package cn.iocoder.yudao.gateway.filter;
|
package cn.iocoder.yudao.gateway.filter;
|
||||||
|
|
||||||
|
import cn.hutool.core.util.StrUtil;
|
||||||
|
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
|
||||||
|
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
|
||||||
|
import cn.iocoder.yudao.gateway.util.SecurityFrameworkUtils;
|
||||||
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
|
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
|
||||||
|
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
|
||||||
|
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenRespDTO;
|
||||||
|
import com.fasterxml.jackson.core.type.TypeReference;
|
||||||
|
import com.google.common.net.HttpHeaders;
|
||||||
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
||||||
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
||||||
import org.springframework.core.Ordered;
|
import org.springframework.core.Ordered;
|
||||||
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
import org.springframework.web.reactive.function.client.WebClient;
|
||||||
import org.springframework.web.server.ServerWebExchange;
|
import org.springframework.web.server.ServerWebExchange;
|
||||||
import reactor.core.publisher.Mono;
|
import reactor.core.publisher.Mono;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
import java.util.function.Function;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Token 过滤器,验证 token 的有效性
|
* Token 过滤器,验证 token 的有效性
|
||||||
@ -22,20 +32,62 @@ import java.util.function.Consumer;
|
|||||||
@Component // TODO 芋艿:要改成 configuration
|
@Component // TODO 芋艿:要改成 configuration
|
||||||
public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
|
public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
|
||||||
|
|
||||||
|
// @Resource
|
||||||
|
// private OAuth2TokenApi oauth2TokenApi;
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private OAuth2TokenApi oauth2TokenApi;
|
private WebClient webClient;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
public Mono<Void> filter(final ServerWebExchange exchange, GatewayFilterChain chain) {
|
||||||
exchange = exchange.mutate().request(r -> r.headers(new Consumer<HttpHeaders>() {
|
String token = SecurityFrameworkUtils.obtainAuthorization(exchange);
|
||||||
@Override
|
// 情况一,如果没有 Token 令牌,则直接继续 filter
|
||||||
public void accept(HttpHeaders headers) {
|
if (StrUtil.isEmpty(token)) {
|
||||||
headers.set("user-id", "1");
|
|
||||||
}
|
|
||||||
})).build();
|
|
||||||
return chain.filter(exchange);
|
return chain.filter(exchange);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// exchange = exchange.mutate().request(r -> r.headers(new Consumer<HttpHeaders>() {
|
||||||
|
// @Override
|
||||||
|
// public void accept(HttpHeaders headers) {
|
||||||
|
// headers.set("user-id", "1");
|
||||||
|
// }
|
||||||
|
// })).build();
|
||||||
|
|
||||||
|
|
||||||
|
// return Mono.fromCallable(new Callable<CommonResult<OAuth2AccessTokenCheckRespDTO>>() {
|
||||||
|
// @Override
|
||||||
|
// public CommonResult<OAuth2AccessTokenCheckRespDTO> call() throws Exception {
|
||||||
|
//// return oauth2TokenApi.checkAccessToken("1234");
|
||||||
|
// return CommonResult.success(new OAuth2AccessTokenCheckRespDTO().setUserId(1L));
|
||||||
|
// }
|
||||||
|
// }).subscribeOn(Schedulers.boundedElastic()).flatMap(new Function<CommonResult<OAuth2AccessTokenCheckRespDTO>, Mono<Void>>() {
|
||||||
|
// @Override
|
||||||
|
// public Mono<Void> apply(CommonResult<OAuth2AccessTokenCheckRespDTO> oAuth2AccessTokenCheckRespDTOCommonResult) {
|
||||||
|
// return chain.filter(exchange);
|
||||||
|
// }
|
||||||
|
// });
|
||||||
|
|
||||||
|
// 情况二,如果有 Token 令牌,则解析对应 userId、userType、tenantId 等字段,并通过 通过 Header 转发给服务
|
||||||
|
// TODO 芋艿:tenant-id
|
||||||
|
String tenantId = exchange.getRequest().getHeaders().getFirst("tenant-id");
|
||||||
|
return webClient.get()
|
||||||
|
.uri(OAuth2TokenApi.URL_CHECK, uriBuilder -> uriBuilder.queryParam("accessToken", token).build())
|
||||||
|
.header("tenant-id", tenantId)
|
||||||
|
.retrieve().bodyToMono(String.class) // 发起请求,设置 body 为 String 结果
|
||||||
|
// 处理请求的结果
|
||||||
|
.flatMap((Function<String, Mono<Void>>) body -> chain.filter(buildNewServerWebExchange(exchange, body)));
|
||||||
|
}
|
||||||
|
|
||||||
|
private ServerWebExchange buildNewServerWebExchange(ServerWebExchange exchange, String body) {
|
||||||
|
// 校验 Token 令牌失败,则直接返回
|
||||||
|
CommonResult<?> result = JsonUtils.parseObject(body, CommonResult.class);
|
||||||
|
if (result == null || result.isError()) {
|
||||||
|
return exchange;
|
||||||
|
}
|
||||||
|
// 创建新的 exchange 对象
|
||||||
|
return exchange.mutate().request(builder -> builder.header("login-user", result.getData().toString())).build();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getOrder() {
|
public int getOrder() {
|
||||||
return -100; // 和 Spring Security Filter 的顺序对齐
|
return -100; // 和 Spring Security Filter 的顺序对齐
|
||||||
|
@ -14,27 +14,33 @@ import org.springframework.web.bind.annotation.*;
|
|||||||
|
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
@FeignClient(name = "system-server") // TODO 芋艿:fallbackFactory =
|
@FeignClient(name = ApiConstants.NAME) // TODO 芋艿:fallbackFactory =
|
||||||
@Api(tags = "RPC 服务 - OAuth2.0 令牌")
|
@Api(tags = "RPC 服务 - OAuth2.0 令牌")
|
||||||
public interface OAuth2TokenApi {
|
public interface OAuth2TokenApi {
|
||||||
|
|
||||||
String API_PREFIX = ApiConstants.API_PREFIX + "/oauth2/token";
|
String PREFIX = ApiConstants.PREFIX + "/oauth2/token";
|
||||||
|
|
||||||
@PostMapping(API_PREFIX + "/create")
|
/**
|
||||||
|
* 校验 Token 的 URL 地址,主要是提供给 Gateway 使用
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("HttpUrlsUsage")
|
||||||
|
String URL_CHECK = "http://" + ApiConstants.NAME + PREFIX + "/check";
|
||||||
|
|
||||||
|
@PostMapping(PREFIX + "/create")
|
||||||
@ApiOperation("创建访问令牌")
|
@ApiOperation("创建访问令牌")
|
||||||
CommonResult<OAuth2AccessTokenRespDTO> createAccessToken(@Valid @RequestBody OAuth2AccessTokenCreateReqDTO reqDTO);
|
CommonResult<OAuth2AccessTokenRespDTO> createAccessToken(@Valid @RequestBody OAuth2AccessTokenCreateReqDTO reqDTO);
|
||||||
|
|
||||||
@GetMapping(API_PREFIX + "/check")
|
@GetMapping(PREFIX + "/check")
|
||||||
@ApiOperation("校验访问令牌")
|
@ApiOperation("校验访问令牌")
|
||||||
@ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, dataTypeClass = String.class, example = "tudou")
|
@ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, dataTypeClass = String.class, example = "tudou")
|
||||||
CommonResult<OAuth2AccessTokenCheckRespDTO> checkAccessToken(@RequestParam("accessToken") String accessToken);
|
CommonResult<OAuth2AccessTokenCheckRespDTO> checkAccessToken(@RequestParam("accessToken") String accessToken);
|
||||||
|
|
||||||
@DeleteMapping(API_PREFIX + "/remove")
|
@DeleteMapping(PREFIX + "/remove")
|
||||||
@ApiOperation("移除访问令牌")
|
@ApiOperation("移除访问令牌")
|
||||||
@ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, dataTypeClass = String.class, example = "tudou")
|
@ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, dataTypeClass = String.class, example = "tudou")
|
||||||
CommonResult<OAuth2AccessTokenRespDTO> removeAccessToken(@RequestParam("accessToken") String accessToken);
|
CommonResult<OAuth2AccessTokenRespDTO> removeAccessToken(@RequestParam("accessToken") String accessToken);
|
||||||
|
|
||||||
@PutMapping(API_PREFIX + "/refresh")
|
@PutMapping(PREFIX + "/refresh")
|
||||||
@ApiOperation("刷新访问令牌")
|
@ApiOperation("刷新访问令牌")
|
||||||
@ApiImplicitParams({
|
@ApiImplicitParams({
|
||||||
@ApiImplicitParam(name = "refreshToken", value = "刷新令牌", required = true, dataTypeClass = String.class, example = "haha"),
|
@ApiImplicitParam(name = "refreshToken", value = "刷新令牌", required = true, dataTypeClass = String.class, example = "haha"),
|
||||||
|
@ -7,8 +7,15 @@ package cn.iocoder.yudao.module.system.enums;
|
|||||||
*/
|
*/
|
||||||
public class ApiConstants {
|
public class ApiConstants {
|
||||||
|
|
||||||
public static final String API_PREFIX = "/rpc-api/system";
|
/**
|
||||||
|
* 服务名
|
||||||
|
*
|
||||||
|
* 注意,需要保证和 spring.application.name 保持一致
|
||||||
|
*/
|
||||||
|
public static final String NAME = "system-server";
|
||||||
|
|
||||||
public static final String API_VERSION = "1.0.0";
|
public static final String PREFIX = "/rpc-api/system";
|
||||||
|
|
||||||
|
public static final String VERSION = "1.0.0";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -7,20 +7,18 @@ import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenRespDTO;
|
|||||||
import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
|
import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
|
||||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||||
import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
|
import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
|
||||||
import io.swagger.annotations.Api;
|
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import org.apache.dubbo.config.annotation.DubboService;
|
import org.apache.dubbo.config.annotation.DubboService;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
|
||||||
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
||||||
import static cn.iocoder.yudao.module.system.enums.ApiConstants.API_VERSION;
|
import static cn.iocoder.yudao.module.system.enums.ApiConstants.VERSION;
|
||||||
|
|
||||||
@RestController // 提供 RESTful API 接口,给 Feign 调用
|
@RestController // 提供 RESTful API 接口,给 Feign 调用
|
||||||
@DubboService(version = API_VERSION) // 提供 Dubbo RPC 接口,给 Dubbo Consumer 调用
|
@DubboService(version = VERSION) // 提供 Dubbo RPC 接口,给 Dubbo Consumer 调用
|
||||||
@Validated
|
@Validated
|
||||||
public class OAuth2TokenApiImpl implements OAuth2TokenApi {
|
public class OAuth2TokenApiImpl implements OAuth2TokenApi {
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ Authorization: Bearer {{token}}
|
|||||||
tenant-id: {{adminTenentId}}
|
tenant-id: {{adminTenentId}}
|
||||||
|
|
||||||
### 请求 /list-menus 接口 => 成功
|
### 请求 /list-menus 接口 => 成功
|
||||||
GET {{systemBaseUrl}}/system/list-menus
|
GET {{systemBaseUrl}}/system/auth/list-menus
|
||||||
Authorization: Bearer {{token}}
|
#Authorization: Bearer {{token}}
|
||||||
#Authorization: Bearer a6aa7714a2e44c95aaa8a2c5adc2a67a
|
Authorization: Bearer 81e64ecd759a410ca54d3f00bdeb4574
|
||||||
tenant-id: {{adminTenentId}}
|
tenant-id: {{adminTenentId}}
|
||||||
|
@ -50,7 +50,7 @@ public class SecurityConfiguration {
|
|||||||
registry.antMatchers("/actuator").anonymous()
|
registry.antMatchers("/actuator").anonymous()
|
||||||
.antMatchers("/actuator/**").anonymous();
|
.antMatchers("/actuator/**").anonymous();
|
||||||
// RPC 服务的安全配置
|
// RPC 服务的安全配置
|
||||||
registry.antMatchers(ApiConstants.API_PREFIX + "/**").anonymous();
|
registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user