1. system 提供 OAuth2TokenApi 接口
2. gateway 通过 feign 引入 OAuth2TokenApi 接口
This commit is contained in:
parent
94d62b8d79
commit
e89ef5496c
@ -16,6 +16,13 @@
|
||||
<url>https://github.com/YunaiV/yudao-cloud</url>
|
||||
|
||||
<dependencies>
|
||||
<!-- 业务组件 -->
|
||||
<dependency>
|
||||
<groupId>cn.iocoder.cloud</groupId>
|
||||
<artifactId>yudao-module-system-api</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Gateway 网关相关 -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
@ -28,6 +35,11 @@
|
||||
<artifactId>spring-cloud-starter-loadbalancer</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-openfeign</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Registry 注册中心相关 -->
|
||||
<dependency>
|
||||
<groupId>com.alibaba.cloud</groupId>
|
||||
|
@ -1,9 +1,14 @@
|
||||
package cn.iocoder.yudao.gateway;
|
||||
|
||||
import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.cloud.openfeign.EnableFeignClients;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableFeignClients(clients = {
|
||||
OAuth2TokenApi.class
|
||||
}) // TODO 芋艿:需要改下
|
||||
public class GatewayServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
@ -0,0 +1,45 @@
|
||||
package cn.iocoder.yudao.gateway.filter;
|
||||
|
||||
import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
||||
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
/**
|
||||
* Token 过滤器,验证 token 的有效性
|
||||
* 1. 验证通过时,将 userId、userType、tenantId 通过 Header 转发给服务
|
||||
* 2. 验证不通过,还是会转发给服务。因为,接口是否需要登录的校验,还是交给服务自身处理
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@Component // TODO 芋艿:要改成 configuration
|
||||
public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
|
||||
|
||||
@Resource
|
||||
private OAuth2TokenApi oauth2TokenApi;
|
||||
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
||||
exchange = exchange.mutate().request(r -> r.headers(new Consumer<HttpHeaders>() {
|
||||
@Override
|
||||
public void accept(HttpHeaders headers) {
|
||||
headers.set("user-id", "1");
|
||||
}
|
||||
})).build();
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getOrder() {
|
||||
return -100; // 和 Spring Security Filter 的顺序对齐
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,39 @@
|
||||
package cn.iocoder.yudao.gateway.util;
|
||||
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
|
||||
/**
|
||||
* 安全服务工具类
|
||||
*
|
||||
* copy from yudao-spring-boot-starter-security 的 SecurityFrameworkUtils 类
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
public class SecurityFrameworkUtils {
|
||||
|
||||
public static final String AUTHORIZATION_HEADER = "Authorization";
|
||||
|
||||
public static final String AUTHORIZATION_BEARER = "Bearer";
|
||||
|
||||
private SecurityFrameworkUtils() {}
|
||||
|
||||
/**
|
||||
* 从请求中,获得认证 Token
|
||||
*
|
||||
* @param exchange 请求
|
||||
* @return 认证 Token
|
||||
*/
|
||||
public static String obtainAuthorization(ServerWebExchange exchange) {
|
||||
String authorization = exchange.getRequest().getHeaders().getFirst(AUTHORIZATION_HEADER);
|
||||
if (!StringUtils.hasText(authorization)) {
|
||||
return null;
|
||||
}
|
||||
int index = authorization.indexOf(AUTHORIZATION_BEARER + " ");
|
||||
if (index == -1) { // 未找到
|
||||
return null;
|
||||
}
|
||||
return authorization.substring(index + 7).trim();
|
||||
}
|
||||
|
||||
}
|
@ -29,6 +29,13 @@
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
|
||||
<!-- RPC 远程调用相关 -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-openfeign</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
@ -3,6 +3,9 @@ package cn.iocoder.yudao.module.system.api.auth;
|
||||
import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
|
||||
import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCreateReqDTO;
|
||||
import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
|
||||
import org.springframework.cloud.openfeign.FeignClient;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
import javax.validation.Valid;
|
||||
|
||||
@ -11,6 +14,7 @@ import javax.validation.Valid;
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@FeignClient(name = "system-server") // TODO 芋艿:fallbackFactory =
|
||||
public interface OAuth2TokenApi {
|
||||
|
||||
/**
|
||||
@ -19,6 +23,7 @@ public interface OAuth2TokenApi {
|
||||
* @param reqDTO 访问令牌的创建信息
|
||||
* @return 访问令牌的信息
|
||||
*/
|
||||
@GetMapping("/tmp")
|
||||
OAuth2AccessTokenRespDTO createAccessToken(@Valid OAuth2AccessTokenCreateReqDTO reqDTO);
|
||||
|
||||
/**
|
||||
@ -27,7 +32,8 @@ public interface OAuth2TokenApi {
|
||||
* @param accessToken 访问令牌
|
||||
* @return 访问令牌的信息
|
||||
*/
|
||||
OAuth2AccessTokenCheckRespDTO checkAccessToken(String accessToken);
|
||||
@GetMapping("/app-api/check")
|
||||
OAuth2AccessTokenCheckRespDTO checkAccessToken(@RequestParam("accessToken") String accessToken);
|
||||
|
||||
/**
|
||||
* 移除访问令牌
|
||||
@ -35,6 +41,7 @@ public interface OAuth2TokenApi {
|
||||
* @param accessToken 访问令牌
|
||||
* @return 访问令牌的信息
|
||||
*/
|
||||
@GetMapping("/tmp2")
|
||||
OAuth2AccessTokenRespDTO removeAccessToken(String accessToken);
|
||||
|
||||
/**
|
||||
@ -44,6 +51,8 @@ public interface OAuth2TokenApi {
|
||||
* @param clientId 客户端编号
|
||||
* @return 访问令牌的信息
|
||||
*/
|
||||
OAuth2AccessTokenRespDTO refreshAccessToken(String refreshToken, String clientId);
|
||||
@GetMapping("/tmp3")
|
||||
OAuth2AccessTokenRespDTO refreshAccessToken(@RequestParam("refreshToken") String refreshToken,
|
||||
@RequestParam("clientId") String clientId);
|
||||
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||
import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
||||
@ -15,7 +16,7 @@ import javax.annotation.Resource;
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@Service
|
||||
@RestController
|
||||
public class OAuth2TokenApiImpl implements OAuth2TokenApi {
|
||||
|
||||
@Resource
|
||||
|
Loading…
Reference in New Issue
Block a user