文章目錄
- 創建聚合工程
- 專案架構
- 工程結構
- 創建工程
- 配置專案工程
- jt-cloud-sso
- jt-sso-common
- jt-sso-auth
- pom.xml
- bootstrap.yml
- 啟動類
- jt-sso-resource
- pom.xml
- bootstrap.yml
- 啟動類
- jt-sso-gateway
- pom.xml
- bootstrap.yml
- 啟動類
- jt-sso- ui
- pom.xml
- application.yml
- 啟動類
- 工程業務代碼實作
- jt-sso-common
- 代碼結構
- 問題分析
- jt-sso-auth
- 代碼結構
- AuthController
- 問題分析
- jt-sso-resource
- 代碼結構
- RestTemplate服務呼叫
- Feign方式服務呼叫
- 問題分析
- jt-sso-gateway
- 跨域設計
- jt-sso- ui
- 代碼結構
- 總結(summary)
創建聚合工程
專案架構
工程結構
創建工程
第一步:創建parent工程,例如:
第二步:創建jt-sso-auth工程
第三步:創建jt-sso-resource工程
第四步:創建jt-sso-gateway工程
第五步:創建jt-sso-ui工程
配置專案工程
jt-cloud-sso
打開工程pom檔案,添加依賴配置,代碼如下:
<dependencyManagement>
<!--Spring Framework與SpringBoot的關系
Spring框架是資源整合框架,基于IOC思想進行資源整合.SpringBoot基于Spring框架,
用于簡化Spring框架整合資源的工程,同時為微服務工程創建和配置提供了更加便利條件
-->
<dependencies>
<!--Spring Boot依賴(spring-boot-starter-parent)
思考:05-jt-sca工程中依賴的添加方式-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.3.2.RELEASE</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!--Spring Cloud 依賴(定義了微服務規范)-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.SR8</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!--Spring Cloud Alibaba依賴(基于spring微服務規范做了具體落地實作)-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-alibaba-dependencies</artifactId>
<version>2.2.5.RELEASE</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
jt-sso-common
打開工程pom檔案,添加依賴配置,代碼如下:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<!--provided 表示這個依賴只在編譯階段有效-->
<scope>provided</scope>
</dependency>
</dependencies>
jt-sso-auth
pom.xml
<dependencies>
<!--spring web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- jwt -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<!--mysql-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!--mybatis-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.0</version>
</dependency>
<!--spring cloud alibaba nacos discovery -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<!--spring cloud alibaba nacos config -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<!--jt-common-->
<dependency>
<groupId>com.jt</groupId>
<artifactId>jt-sso-common</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
</dependencies>
bootstrap.yml
在resource目錄下創建bootstrap.yml組態檔,代碼如下:
server:
port: 8081
spring:
application:
name: jt-sso-auth
datasource:
url: jdbc:mysql:///jt_security?serverTimezone=Asia/Shanghai&characterEncoding=utf8
username: root
password: root
cloud:
nacos:
discovery:
server-addr: localhost:8848
config:
server-addr: localhost:8848
file-extension: yml
logging:
level:
com.jt: debug
啟動類
package com.jt.sso;
@SpringBootApplication
public class AuthApplication {
public static void main(String[] args) {
SpringApplication.run(AuthApp.class,args);
}
}
jt-sso-resource
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<dependency>
<groupId>com.jt</groupId>
<artifactId>jt-sso-common</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
</dependencies>
bootstrap.yml
server:
port: 8090
spring:
application:
name: jt-sso-resource
cloud:
nacos:
discovery:
server-addr: localhost:8848
config:
server-addr: localhost:8848
file-extension: yml
logging:
level:
com.jt: debug
啟動類
package com.jt;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@SpringBootApplication
public class ResourceApplication {
public static void main(String[] args) {
SpringApplication.run(ResourceApplication.class,args);
}
}
jt-sso-gateway
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
</dependencies>
bootstrap.yml
server:
port: 9000
spring:
application:
name: jt-sso-gateway
cloud:
nacos:
discovery: #服務發現
server-addr: localhost:8848
config: #服務配置
server-addr: localhost:8848
file-extension: yml
gateway:
discovery:
locator:
enabled: true #開啟基于服務名查找服務實體
routes:
- id: router01
uri: lb://jt-sso-auth #jt-sso-auth 服務名
predicates:
- Path=/auth/login
filters:
- StripPrefix=1 #去掉請求path中的第一層目錄
啟動類
package com.jt;
@SpringBootApplication
public class GatewayApplication {
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class,args);
}
}
jt-sso- ui
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
application.yml
server:
port: 80
啟動類
package com.jt;
@SpringBootApplication
public class UIApplication {
public static void main(String[] args) {
SpringApplication.run(UIApplication.class,args);
}
}
工程業務代碼實作
jt-sso-common
代碼結構
說明:途中代碼可從前面寫過的單點登陸系統去拷貝,
問題分析
這個工程中添加的web依賴,為什么添加scope元素的值為provided.
jt-sso-auth
代碼結構
說明:途中代碼可從前面寫過的單點登陸系統去拷貝,
AuthController
創建AuthController物件用于對外提供令牌的決議任務,代碼如下:
package com.jt.sso.controller;
@RestController
public class AuthController {
@GetMapping("/auth/info")
public Map<String,Object> getAuthentication(String token){
System.out.println("token==="+token);
Claims claims=JwtUtils.getClaimsFromToken(token);
boolean flag=claims.getExpiration().before(new Date());
String username=(String)claims.get("username");
List<String> list=(List<String>)
claims.get("authorities");
Map<String,Object> map=new HashMap<>();
map.put("expired",flag);
map.put("username",username);
map.put("authorities",list);
return map;
}
}
定義完這個controller以后,需要修改SpringConfig類中的configure(HttpSecurity http)方法, 對決議令牌的/auth/info這個路徑進行放行,例如
...
http.authorizeRequests()
.antMatchers("/auth/info")
.permitAll()
.anyRequest()//所有請求->對應任意資源
.authenticated();//必須認證
問題分析
jt-sso-resource
代碼結構
RestTemplate服務呼叫
第一步:在啟動類中,初始化一個RestTemplate物件,例如:
@Bean
@LoadBalanced
public RestTemplate restTemplate(){
return new RestTemplate();
}
第二步:在TokenInterceptor中添加如下代碼,初始化RestTemplate物件
private RestTemplate restTemplate;
public TokenInterceptor(RestTemplate restTemplate) {
this.restTemplate = restTemplate;
}
第三步:修改preHandle方法,基于RestTemplate進行遠程服務呼叫,代碼如下:
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response,
Object handler) throws Exception {
//1.從請求中獲取token物件(如何獲取取決于你傳遞token的方式:header,params)
String token=request.getHeader("token");
//2.驗證token是否存在
if(token==null||"".equals(token))
throw new RuntimeException("請先登錄");//WebUtils.writeJsonToClient
//3.驗證token是否過期,決議token中的認證和權限資訊(一般存盤在jwt格式中的負載部分)
//基于restTemplate進行遠程服務呼叫
String url="http://jt-sso-auth/auth/info?token="+token;
Map<String,Object> map= restTemplate.getForObject(url,Map.class);
Boolean expired=(Boolean)map.get("expired");
if(expired)throw new RuntimeException("登錄超時");
String username=(String)map.get("username");
List<String> list=(List<String>)map.get("authorities");
//4.封裝和存盤認證和權限資訊
//4.1構建UserDetail物件(用戶身份的象征-類似于一張名片,微信的二維碼)
UserDetails userDetails=User.builder()
.username(username)
.password("")
.authorities(list.toArray(new String[]{}))
.build();
//4.2構建Security權限互動物件(記住,固定寫法)
PreAuthenticatedAuthenticationToken authToken=
new PreAuthenticatedAuthenticationToken(
userDetails,//用戶身份
userDetails.getPassword(),
userDetails.getAuthorities());
//4.3將權限互動物件與當前請求進行系結
authToken.setDetails(new WebAuthenticationDetails(request));
//5.4.將認證后的token存盤到Security背景關系(會話物件)
SecurityContextHolder.getContext().setAuthentication(authToken);
return true;
}
第四步:在攔截器的配置類中,修改如下代碼:
@Autowired
private RestTemplate restTemplate;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new TokenInterceptor(restTemplate))
//配置要攔截的url
.addPathPatterns("/**");//doCreate,doUpdate,doDelete
}
第五步:啟動工程基于postman進行訪問測驗
Feign方式服務呼叫
第一步:添加Feign依賴
org.springframework.cloud
spring-cloud-starter-openfeign
第二步:在啟動類上添加啟動Feign應用注解
@EnableFeignClients
第三步:定義feign遠程呼叫介面
package com.jt.res.service;
@FeignClient(name = "jt-sso-auth",contextId = "remoteAuthService")
public interface RemoteAuthService {
//@GetMapping中的地址為jt-sso-auth服務中的一個地址
@GetMapping("/auth/info")
public Map<String,Object> getAuthentication(
@RequestParam("token") String token);
}
第四步:在TokenInterceptor中定義RemoteAuthService屬性及構造方法,代碼如下:
private RemoteAuthService remoteAuthService;
public TokenInterceptor(RemoteAuthService remoteAuthService) {
this.remoteAuthService = remoteAuthService;
}
第五步:修改攔截器的preHandle方法,基于Feign進行遠程服務呼叫,代碼如下:
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//1.從請求中獲取token物件(如何獲取取決于你傳遞token的方式:header,params)
String token=request.getHeader("token");
//2.驗證token是否存在
if(token==null||"".equals(token)) throw new RuntimeException("請先登錄");//WebUtils.writeJsonToClient
//3.驗證token是否過期,決議token中的認證和權限資訊(一般存盤在jwt格式中的負載部分)
//去認證中心獲取這些資料?(作業-RestTemplate或者Feign)
//基于feign方式進行遠程服務呼叫
Map<String,Object> map=remoteAuthService.getAuthentication(token);
Boolean expired=(Boolean)map.get("expired");
if(expired)throw new RuntimeException("登錄超時");
String username=(String)map.get("username");
List<String> list=(List<String>)map.get("authorities");
//4.封裝和存盤認證和權限資訊
//4.1構建UserDetail物件(用戶身份的象征-類似于一張名片,微信的二維碼)
UserDetails userDetails=User.builder()
.username(username)
.password("")
.authorities(list.toArray(new String[]{}))
.build();
//4.2構建Security權限互動物件(記住,固定寫法)
PreAuthenticatedAuthenticationToken authToken=
new PreAuthenticatedAuthenticationToken(
userDetails,//用戶身份
userDetails.getPassword(),
userDetails.getAuthorities());
//4.3將權限互動物件與當前請求進行系結
authToken.setDetails(new WebAuthenticationDetails(request));
//5.4.將認證后的token存盤到Security背景關系(會話物件)
SecurityContextHolder.getContext().setAuthentication(authToken);
return true;
}
第六步:在攔截器的配置類中,修改如下代碼:
@Autowired
private RemoteAuthService remoteAuthService;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new TokenInterceptor(remoteAuthService))
//配置要攔截的url
.addPathPatterns("/**");//doCreate,doUpdate,doDelete
}
第七步:啟動工程基于postman進行訪問測驗
問題分析
- 依賴注入問題(spring只為它管理的物件指定屬性賦值)
- Feign方式和RestTemplate 方式服務呼叫程序,
jt-sso-gateway
跨域設計
當客戶端基于ajax訪問服務端資源時,因為跨域問題不能直接訪問,我們可以在服務端通過過濾器,打開跨域訪問,例如:
package com.jt.gateway.config;
@Configuration
public class CorsFilterConfig {
@Bean
public CorsWebFilter corsFilter(){
System.out.println("corsWebFilter()");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
CorsConfiguration corsConfiguration = new CorsConfiguration();
//1.配置跨域
//允許哪種請求頭跨域
corsConfiguration.addAllowedHeader("*");
//允許哪種方法型別跨域 get post delete put
corsConfiguration.addAllowedMethod("*");
// 允許哪些請求源跨域
corsConfiguration.addAllowedOrigin("*");
// 是否攜帶cookie跨域
corsConfiguration.setAllowCredentials(true);
//允許跨域的路徑
source.registerCorsConfiguration("/**",corsConfiguration);
return new CorsWebFilter(source);
}
}
第六步:在攔截器的配置類中,修改如下代碼:
jt-sso- ui
代碼結構
將以前做單點登錄系統時,ui工程中的static目錄拷貝到當前專案,然后修改login.html,index.html中訪問網關的url,最后對static目錄進行rebuild,然后啟動專案進行訪問測驗.
總結(summary)
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/291916.html
標籤:其他