认证服务改为通过feign进行调用
This commit is contained in:
ajaxfan
@ -2,6 +2,8 @@ feign.hystrix.enabled=true
|
|||||||
feign.client.config.default.retryer=feign.Retryer.Default
|
feign.client.config.default.retryer=feign.Retryer.Default
|
||||||
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=600000
|
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=600000
|
||||||
|
|
||||||
|
server.max-http-header-size=2048576
|
||||||
|
|
||||||
# document center id
|
# document center id
|
||||||
document.center.service.id=core-service-document-center
|
document.center.service.id=core-service-document-center
|
||||||
document.center.ip-address=http://10.242.31.158:8801/
|
document.center.ip-address=http://10.238.25.112:8100/doc/
|
||||||
@ -30,5 +30,10 @@
|
|||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
<artifactId>commons-lang3</artifactId>
|
<artifactId>commons-lang3</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.chinaunicom.ebtp</groupId>
|
||||||
|
<artifactId>mall-ebtp-cloud-feign-starter</artifactId>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</project>
|
</project>
|
||||||
|
|||||||
@ -1,11 +1,15 @@
|
|||||||
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
||||||
|
|
||||||
|
import org.springframework.cloud.openfeign.EnableFeignClients;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.PropertySource;
|
import org.springframework.context.annotation.PropertySource;
|
||||||
import org.springframework.web.client.RestTemplate;
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
|
@EnableFeignClients(basePackages = "com.chinaunicom.mall.ebtp.cloud.security.starter")
|
||||||
|
@ComponentScan(basePackages = "com.chinaunicom.mall.ebtp.cloud.security.starter")
|
||||||
@PropertySource("classpath:security-configuration.properties")
|
@PropertySource("classpath:security-configuration.properties")
|
||||||
public class SecurityStarterConfiguration {
|
public class SecurityStarterConfiguration {
|
||||||
|
|
||||||
|
|||||||
@ -0,0 +1,27 @@
|
|||||||
|
package com.chinaunicom.mall.ebtp.cloud.security.starter.client;
|
||||||
|
|
||||||
|
import org.springframework.cloud.openfeign.FeignClient;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.fallback.UserCenterClientFallback;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 连接山分的文档中心服务
|
||||||
|
*
|
||||||
|
* @author Ajaxfan
|
||||||
|
*/
|
||||||
|
@FeignClient(name = "${mall-ebtp.userinfo.id}", fallback = UserCenterClientFallback.class)
|
||||||
|
public interface UserCenterClient {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 通过附件id查询明细
|
||||||
|
*
|
||||||
|
* @param fileId
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
@RequestMapping(method = RequestMethod.GET, value = "v1/userinfo/get")
|
||||||
|
SecurityUser getUserInfo();
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,20 @@
|
|||||||
|
package com.chinaunicom.mall.ebtp.cloud.security.starter.fallback;
|
||||||
|
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.client.UserCenterClient;
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
@Slf4j
|
||||||
|
@Component
|
||||||
|
public class UserCenterClientFallback implements UserCenterClient {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public SecurityUser getUserInfo() {
|
||||||
|
log.error("Feign connect timeout.");
|
||||||
|
return new SecurityUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -4,7 +4,6 @@ import java.io.IOException;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import java.util.stream.Stream;
|
|
||||||
|
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
@ -14,18 +13,12 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
import org.apache.commons.lang3.RegExUtils;
|
import org.apache.commons.lang3.RegExUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.ApplicationContext;
|
|
||||||
import org.springframework.core.env.Environment;
|
|
||||||
import org.springframework.http.HttpEntity;
|
|
||||||
import org.springframework.http.HttpHeaders;
|
|
||||||
import org.springframework.http.HttpMethod;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.web.client.RestTemplate;
|
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.client.UserCenterClient;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||||
@ -40,10 +33,8 @@ import lombok.extern.slf4j.Slf4j;
|
|||||||
@Slf4j
|
@Slf4j
|
||||||
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
private @Autowired RestTemplate restTemplate;
|
private @Autowired UserCenterClient client;
|
||||||
private @Autowired ApplicationContext context;
|
|
||||||
|
|
||||||
private final String token_url_config_format = "user.auth.resource.userinfo.%s";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param request
|
* @param request
|
||||||
@ -83,14 +74,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
||||||
HttpHeaders headers = new HttpHeaders();
|
SecurityUser securityUser = client.getUserInfo();
|
||||||
// 设置安全头
|
|
||||||
headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", token));
|
|
||||||
|
|
||||||
ResponseEntity<SecurityUser> entity = restTemplate.exchange(getTokenURI(), HttpMethod.GET,
|
|
||||||
new HttpEntity<String>(headers), SecurityUser.class);
|
|
||||||
|
|
||||||
SecurityUser securityUser = entity.getBody();
|
|
||||||
|
|
||||||
// 根据当前角色设定权限列表
|
// 根据当前角色设定权限列表
|
||||||
List<RoleCodeAuthority> authorities = securityUser.getAuthorityList().stream()
|
List<RoleCodeAuthority> authorities = securityUser.getAuthorityList().stream()
|
||||||
@ -101,27 +85,4 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
authorities);
|
authorities);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* 用户信息接口地址
|
|
||||||
*
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
private String getTokenURI() {
|
|
||||||
Environment env = context.getEnvironment();
|
|
||||||
|
|
||||||
String config = Stream.of(env.getActiveProfiles()).findFirst().map(first -> first).orElseGet(() -> "default");
|
|
||||||
|
|
||||||
return StringUtils.getIfEmpty(env.getProperty(format(config.toLowerCase())), () -> {
|
|
||||||
return env.getProperty(format("default"));
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param text
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
private String format(String text) {
|
|
||||||
return String.format(token_url_config_format, text);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,5 +1,3 @@
|
|||||||
user.auth.resource.userinfo.default=http://10.242.31.158:8100/core-service-ebtp-userinfo/v1/userinfo/get
|
user.auth.csrf.disable=true
|
||||||
user.auth.resource.userinfo.uat=http://10.242.31.158:8100/core-service-ebtp-userinfo/v1/userinfo/get
|
|
||||||
user.auth.resource.userinfo.test=http://10.242.37.148:8100/core-service-ebtp-userinfo/v1/userinfo/get
|
mall-ebtp.userinfo.id=core-service-ebtp-userinfo
|
||||||
user.auth.resource.userinfo.pro=http://10.238.25.112:8100/core-service-ebtp-userinfo/v1/userinfo/get
|
|
||||||
user.auth.csrf.disable=true
|
|
||||||
Reference in New Issue
Block a user