7、新建ResourceServerConfig.java资源服务器配置,放开public_key的读取权限
@Override @SneakyThrows public void configure(HttpSecurity http) { http.headers().frameOptions().disable(); http.formLogin() .and() .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .and() .authorizeRequests() .antMatchers( "/oauth/public_key").permitAll() .anyRequest().authenticated() .and() .csrf().disable(); }8、在gitegg-service-system新建InitResourceRolesCacheRunner.java实现CommandLineRunner接口,用于系统启动时加载RBAC权限配置信息到缓存
package com.gitegg.service.system.component; import java.util.*; import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.CommandLineRunner; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.stereotype.Component; import com.gitegg.platform.base.constant.AuthConstant; import com.gitegg.service.system.entity.Resource; import com.gitegg.service.system.service.IResourceService; import cn.hutool.core.collection.CollectionUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; /** * 容器启动完成加载资源权限数据到缓存 */ @Slf4j @RequiredArgsConstructor(onConstructor_ = @Autowired) @Component public class InitResourceRolesCacheRunner implements CommandLineRunner { private final RedisTemplate redisTemplate; private final IResourceService resourceService; /** * 是否开启租户模式 */ @Value(("${tenant.enable}")) private Boolean enable; @Override public void run(String... args) { log.info("InitResourceRolesCacheRunner running"); // 查询系统角色和权限的关系 List<resource> resourceList = resourceService.queryResourceRoleIds(); // 判断是否开启了租户模式,如果开启了,那么角色权限需要按租户进行分类存储 if (enable) { Map<long, list<resource="">> resourceListMap = resourceList.stream().collect(Collectors.groupingBy(Resource::getTenantId)); resourceListMap.forEach((key, value) -> { String redisKey = AuthConstant.TENANT_RESOURCE_ROLES_KEY + key; redisTemplate.delete(redisKey); addRoleResource(redisKey, value); System.out.println(redisTemplate.opsForHash().entries(redisKey).size()); }); } else { redisTemplate.delete(AuthConstant.RESOURCE_ROLES_KEY); addRoleResource(AuthConstant.RESOURCE_ROLES_KEY, resourceList); } } private void addRoleResource(String key, List<resource> resourceList) { Map<string, list<string="">> resourceRolesMap = new TreeMap<>(); Optional.ofNullable(resourceList).orElse(new ArrayList<>()).forEach(resource -> { // roleId -> ROLE_{roleId} List<string> roles = Optional.ofNullable(resource.getRoleIds()).orElse(new ArrayList<>()).stream() .map(roleId -> AuthConstant.AUTHORITY_PREFIX + roleId).collect(Collectors.toList()); if (CollectionUtil.isNotEmpty(roles)) { resourceRolesMap.put(resource.getResourceUrl(), roles); } }); redisTemplate.opsForHash().putAll(key, resourceRolesMap); } }9、新建网关服务gitegg-gateway,作为Oauth2的资源服务、客户端服务使用,对访问微服务的请求进行转发、统一校验认证和鉴权操作,引入相关依赖
<!--?xml version="1.0" encoding="UTF-8"?--> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://maven.apache.org/POM/4.0.0 "> <parent> <artifactid>GitEgg-Cloud</artifactid> <groupid>com.gitegg.cloud</groupid> <version>1.0-SNAPSHOT</version> </parent> <modelversion>4.0.0</modelversion> <artifactid>gitegg-gateway</artifactid> <dependencies> <dependency> <groupid>com.gitegg.platform</groupid> <artifactid>gitegg-platform-base</artifactid> <version>${gitegg.project.version}</version> </dependency> <!-- Nacos 服务注册发现 --> <dependency> <groupid>com.alibaba.cloud</groupid> <artifactid>spring-cloud-starter-alibaba-nacos-discovery</artifactid> </dependency> <!-- Nacos 分布式配置 --> <dependency> <groupid>com.alibaba.cloud</groupid> <artifactid>spring-cloud-starter-alibaba-nacos-config</artifactid> </dependency> <!-- OpenFeign 微服务调用解决方案 --> <dependency> <groupid>org.springframework.cloud</groupid> <artifactid>spring-cloud-starter-openfeign</artifactid> </dependency> <dependency> <groupid>com.gitegg.platform</groupid> <artifactid>gitegg-platform-oauth2</artifactid> <version>${gitegg.project.version}</version> </dependency> <!-- gitegg cache自定义扩展 --> <dependency> <groupid>com.gitegg.platform</groupid> <artifactid>gitegg-platform-cache</artifactid> <version>${gitegg.project.version}</version> </dependency> <dependency> <groupid>org.springframework.cloud</groupid> <artifactid>spring-cloud-starter-gateway</artifactid> </dependency> <dependency> <groupid>io.springfox</groupid> <artifactid>springfox-swagger2</artifactid> </dependency> <dependency> <groupid>com.github.xiaoymin</groupid> <artifactid>knife4j-spring-ui</artifactid> </dependency> </dependencies> </project>