Cloud Admin服务权限指南
Request的Header中携带这两个key。
Authorization : 用户认证token
x-client-token : 服务认证token
- 自行配置
Spring Boot工程 - 依赖鉴权基础包
<dependency>
<groupId>com.github.wxiaoqi</groupId>
<artifactId>ace-auth-client</artifactId>
<version>2.0-SNAPSHOT</version>
</dependency>
- 启动类添加注解
@EnableFeignClients({"com.github.wxiaoqi.security.auth.client.feign"})
@EnableAceAuthClient
- 配置拦截器
@Configuration("admimWebConfig")
@Primary
public class WebConfiguration implements WebMvcConfigurer {
@Bean
GlobalExceptionHandler getGlobalExceptionHandler() {
return new GlobalExceptionHandler();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 配置服务认证拦截器
registry.addInterceptor(getServiceAuthRestInterceptor()). addPathPatterns(getIncludePathPatterns());
// 配置用户认证拦截器
registry.addInterceptor(getUserAuthRestInterceptor()). addPathPatterns(getIncludePathPatterns());
}
@Bean
ServiceAuthRestInterceptor getServiceAuthRestInterceptor() {
return new ServiceAuthRestInterceptor();
}
@Bean
UserAuthRestInterceptor getUserAuthRestInterceptor() {
return new UserAuthRestInterceptor();
}
/**
* 需要用户和服务认证判断的路径
* @return
*/
private ArrayList<String> getIncludePathPatterns() {
ArrayList<String> list = new ArrayList<>();
String[] urls = {
"/element/**",
"/gateLog/**",
"/group/**",
"/groupType/**",
"/menu/**",
"/user/**",
"/api/permissions",
"/api/user/un/**"
};
Collections.addAll(list, urls);
return list;
}
}
- application.yml
# 必须配置
feign:
httpclient:
enabled: false
okhttp:
enabled: true
auth:
# 依赖鉴权中心服务名
serviceId: ace-auth
# 用户鉴权header,默认不变
user:
token-header: Authorization
client:
# 配置上述服务创建的工程ace-service-test
id: ace-service-test
secret: ii7asfs
# 用户鉴权header,默认不变
token-header: x-client-token
在路由模块,进行网关路由配置,这样才能方面前端通过网关访问到后端的服务。
一般是在调用方上进行授权,比如:gate是网关,会调用内部核心的服务。因此需要在gate上授权刚才创建的服务:ace-service-test。而其他未经授权的服务,是不能访问ace-service-test这个核心服务的。
