🎉 2.5.1.RELEASE 更新网关动态鉴权

This commit is contained in:
smallchill 2019-10-13 00:42:13 +08:00
parent 20407b41bf
commit d00dee6b88
30 changed files with 391 additions and 46 deletions

View File

@ -1,5 +1,5 @@
<p align="center">
<img src="https://img.shields.io/badge/Release-V2.5.0-green.svg" alt="Downloads">
<img src="https://img.shields.io/badge/Release-V2.5.1-green.svg" alt="Downloads">
<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status">
<img src="https://img.shields.io/badge/license-Apache%202-blue.svg" alt="Build Status">
<img src="https://img.shields.io/badge/Spring%20Cloud-Greenwich.SR3-blue.svg" alt="Coverage Status">

View File

@ -8,7 +8,7 @@
<parent>
<artifactId>SpringBlade</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<artifactId>blade-auth</artifactId>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>SpringBlade</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>SpringBlade</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@ -77,6 +77,12 @@
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
<version>${alibaba.cloud.version}</version>
</dependency>
<!-- JWT -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<!--Swagger-->
<dependency>
<groupId>io.springfox</groupId>

View File

@ -19,6 +19,7 @@ package org.springblade.gateway.config;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springblade.gateway.handler.SwaggerResourceHandler;
import org.springblade.gateway.props.AuthProperties;
import org.springblade.gateway.props.RouteProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
@ -40,7 +41,7 @@ import reactor.core.publisher.Mono;
@Slf4j
@Configuration
@AllArgsConstructor
@EnableConfigurationProperties(RouteProperties.class)
@EnableConfigurationProperties({RouteProperties.class, AuthProperties.class})
public class RouterFunctionConfiguration {
private final SwaggerResourceHandler swaggerResourceHandler;
@ -48,7 +49,7 @@ public class RouterFunctionConfiguration {
@Bean
public RouterFunction routerFunction() {
return RouterFunctions.route(RequestPredicates.GET("/swagger-resources")
.and(RequestPredicates.accept(MediaType.ALL)), swaggerResourceHandler);
.and(RequestPredicates.accept(MediaType.ALL)), swaggerResourceHandler);
}

View File

@ -0,0 +1,97 @@
/**
* Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springblade.gateway.filter;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Claims;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springblade.gateway.props.AuthProperties;
import org.springblade.gateway.provider.AuthProvider;
import org.springblade.gateway.provider.ResponseProvider;
import org.springblade.gateway.utils.JwtUtil;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import java.nio.charset.StandardCharsets;
/**
* 鉴权认证
*
* @author Chill
*/
@Slf4j
@Component
@AllArgsConstructor
public class AuthFilter implements GlobalFilter, Ordered {
private AuthProperties authProperties;
private ObjectMapper objectMapper;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
String path = exchange.getRequest().getURI().getPath();
if (isSkip(path)) {
return chain.filter(exchange);
}
ServerHttpResponse resp = exchange.getResponse();
String headerToken = exchange.getRequest().getHeaders().getFirst(AuthProvider.AUTH_KEY);
String paramToken = exchange.getRequest().getQueryParams().getFirst(AuthProvider.AUTH_KEY);
if (StringUtils.isAllBlank(headerToken, paramToken)) {
return unAuth(resp, "缺失令牌,鉴权失败");
}
String auth = StringUtils.isBlank(headerToken) ? paramToken : headerToken;
String token = JwtUtil.getToken(auth);
Claims claims = JwtUtil.parseJWT(token);
if (claims == null) {
return unAuth(resp, "请求未授权");
}
return chain.filter(exchange);
}
private boolean isSkip(String path) {
return AuthProvider.getDefaultSkipUrl().stream().map(url -> url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT)).anyMatch(path::contains)
|| authProperties.getSkipUrl().stream().map(url -> url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT)).anyMatch(path::contains);
}
private Mono<Void> unAuth(ServerHttpResponse resp, String msg) {
resp.setStatusCode(HttpStatus.UNAUTHORIZED);
resp.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
String result = "";
try {
result = objectMapper.writeValueAsString(ResponseProvider.unAuth(msg));
} catch (JsonProcessingException e) {
log.error(e.getMessage(), e);
}
DataBuffer buffer = resp.bufferFactory().wrap(result.getBytes(StandardCharsets.UTF_8));
return resp.writeWith(Flux.just(buffer));
}
@Override
public int getOrder() {
return -100;
}
}

View File

@ -15,6 +15,7 @@
*/
package org.springblade.gateway.handler;
import org.springblade.gateway.provider.ResponseProvider;
import org.springframework.boot.autoconfigure.web.ErrorProperties;
import org.springframework.boot.autoconfigure.web.ResourceProperties;
import org.springframework.boot.autoconfigure.web.reactive.error.DefaultErrorWebExceptionHandler;
@ -25,7 +26,6 @@ import org.springframework.http.HttpStatus;
import org.springframework.web.reactive.function.server.*;
import org.springframework.web.server.ResponseStatusException;
import java.util.HashMap;
import java.util.Map;
/**
@ -53,7 +53,7 @@ public class ErrorExceptionHandler extends DefaultErrorWebExceptionHandler {
if (error instanceof ResponseStatusException) {
code = ((ResponseStatusException) error).getStatus().value();
}
return response(code, this.buildMessage(request, error));
return ResponseProvider.response(code, this.buildMessage(request, error));
}
/**
@ -97,19 +97,4 @@ public class ErrorExceptionHandler extends DefaultErrorWebExceptionHandler {
return message.toString();
}
/**
* 构建返回的JSON数据格式
*
* @param status 状态码
* @param errorMessage 异常信息
* @return
*/
public static Map<String, Object> response(int status, String errorMessage) {
Map<String, Object> map = new HashMap<>(16);
map.put("code", status);
map.put("message", errorMessage);
map.put("data", null);
return map;
}
}

View File

@ -0,0 +1,41 @@
/*
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* Neither the name of the dreamlu.net developer nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
* Author: Chill 庄骞 (smallchill@163.com)
*/
package org.springblade.gateway.props;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import java.util.ArrayList;
import java.util.List;
/**
* 权限过滤
*
* @author Chill
*/
@Data
@RefreshScope
@ConfigurationProperties("blade.secure")
public class AuthProperties {
/**
* 放行API集合
*/
private final List<String> skipUrl = new ArrayList<>();
}

View File

@ -0,0 +1,56 @@
/**
* Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springblade.gateway.provider;
import org.springblade.core.launch.constant.TokenConstant;
import java.util.ArrayList;
import java.util.List;
/**
* 鉴权配置
*
* @author Chill
*/
public class AuthProvider {
public static String TARGET = "/**";
public static String REPLACEMENT = "";
public static String AUTH_KEY = TokenConstant.HEADER;
private static List<String> defaultSkipUrl = new ArrayList<>();
static {
defaultSkipUrl.add("/example");
defaultSkipUrl.add("/token/**");
defaultSkipUrl.add("/actuator/health/**");
defaultSkipUrl.add("/v2/api-docs/**");
defaultSkipUrl.add("/v2/api-docs-ext/**");
defaultSkipUrl.add("/auth/**");
defaultSkipUrl.add("/log/**");
defaultSkipUrl.add("/menu/routes");
defaultSkipUrl.add("/menu/auth-routes");
defaultSkipUrl.add("/error/**");
defaultSkipUrl.add("/assets/**");
}
/**
* 默认无需鉴权的API
*/
public static List<String> getDefaultSkipUrl() {
return defaultSkipUrl;
}
}

View File

@ -0,0 +1,83 @@
/**
* Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springblade.gateway.provider;
import java.util.HashMap;
import java.util.Map;
/**
* 请求响应返回
*
* @author Chill
*/
public class ResponseProvider {
/**
* 成功
*
* @param message 信息
* @return
*/
public static Map<String, Object> success(String message) {
return response(200, message);
}
/**
* 失败
*
* @param message 信息
* @return
*/
public static Map<String, Object> fail(String message) {
return response(400, message);
}
/**
* 未授权
*
* @param message 信息
* @return
*/
public static Map<String, Object> unAuth(String message) {
return response(401, message);
}
/**
* 服务器异常
*
* @param message 信息
* @return
*/
public static Map<String, Object> error(String message) {
return response(500, message);
}
/**
* 构建返回的JSON数据格式
*
* @param status 状态码
* @param message 信息
* @return
*/
public static Map<String, Object> response(int status, String message) {
Map<String, Object> map = new HashMap<>(16);
map.put("code", status);
map.put("message", message);
map.put("data", null);
return map;
}
}

View File

@ -0,0 +1,70 @@
/**
* Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springblade.gateway.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
/**
* JwtUtil
*
* @author Chill
*/
public class JwtUtil {
public static String SIGN_KEY = "BladeX";
public static String BEARER = "bearer";
public static Integer AUTH_LENGTH = 7;
public static String BASE64_SECURITY = Base64.getEncoder().encodeToString(SIGN_KEY.getBytes(StandardCharsets.UTF_8));
/**
* 获取token串
*
* @param auth token
* @return String
*/
public static String getToken(String auth) {
if ((auth != null) && (auth.length() > AUTH_LENGTH)) {
String headStr = auth.substring(0, 6).toLowerCase();
if (headStr.compareTo(BEARER) == 0) {
auth = auth.substring(7);
return auth;
}
}
return null;
}
/**
* 解析jsonWebToken
*
* @param jsonWebToken token串
* @return Claims
*/
public static Claims parseJWT(String jsonWebToken) {
try {
return Jwts.parser()
.setSigningKey(Base64.getDecoder().decode(JwtUtil.BASE64_SECURITY))
.parseClaimsJws(jsonWebToken).getBody();
} catch (Exception ex) {
return null;
}
}
}

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-ops</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -6,7 +6,7 @@
<parent>
<groupId>org.springblade</groupId>
<artifactId>blade-ops</artifactId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-ops</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@ -29,6 +29,12 @@
<groupId>org.springblade</groupId>
<artifactId>blade-core-cloud</artifactId>
<version>${blade.tool.version}</version>
<exclusions>
<exclusion>
<groupId>org.springblade</groupId>
<artifactId>blade-core-secure</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springblade</groupId>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-ops</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-ops</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>SpringBlade</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service-api</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service-api</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service-api</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service-api</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,13 +5,13 @@
<parent>
<artifactId>SpringBlade</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>blade-service-api</artifactId>
<name>${project.artifactId}</name>
<version>2.5.0</version>
<version>2.5.1</version>
<packaging>pom</packaging>
<description>SpringBlade 微服务API集合</description>

View File

@ -6,7 +6,7 @@
<parent>
<groupId>org.springblade</groupId>
<artifactId>blade-service</artifactId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -5,7 +5,7 @@
<parent>
<artifactId>blade-service</artifactId>
<groupId>org.springblade</groupId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>

View File

@ -7,12 +7,12 @@
<parent>
<groupId>org.springblade</groupId>
<artifactId>SpringBlade</artifactId>
<version>2.5.0</version>
<version>2.5.1</version>
</parent>
<artifactId>blade-service</artifactId>
<name>${project.artifactId}</name>
<version>2.5.0</version>
<version>2.5.1</version>
<packaging>pom</packaging>
<description>SpringBlade 微服务集合</description>

View File

@ -5,12 +5,12 @@
<groupId>org.springblade</groupId>
<artifactId>SpringBlade</artifactId>
<version>2.5.0</version>
<version>2.5.1</version>
<packaging>pom</packaging>
<properties>
<blade.tool.version>2.5.0</blade.tool.version>
<blade.project.version>2.5.0</blade.project.version>
<blade.tool.version>2.5.1</blade.tool.version>
<blade.project.version>2.5.1</blade.project.version>
<java.version>1.8</java.version>
<swagger.version>2.9.2</swagger.version>

View File

@ -1,2 +1,2 @@
REGISTER=192.168.0.157/blade
TAG=2.5.0
TAG=2.5.1

View File

@ -1,7 +1,7 @@
version: '3'
services:
nacos:
image: nacos/nacos-server:0.9.0
image: nacos/nacos-server:1.1.3
hostname: "nacos-standalone"
environment:
- MODE=standalone