spring-cloud-starter-oauth2,Spring Cloud OAuth2

  spring-cloud-starter-oauth2,Spring Cloud OAuth2

  

目录

springcloudoauth 2 feig遇到的坑客户端模式基于springsecuritysspringcloud微服务增加oauth2权限后假装调用报空一般是这样实现的

 

  

spring cloud oauth2 feign 遇到的坑

关于oauth2相关的内容这里不重复描述,在春天的云中在管理内部美国石油学会(美国石油协会)时鉴权相信有很多人会有疑问,这里描述两种比较低的的用法,由于公司内部使用的是阿里云贴敷术这里仅仅是记录一下,如果有更好的用法在请赐教,不喜勿喷!

 

  

客户端模式

提供三方jar包

 

  这里需要抽一个冲突包,需要用到假装的为服务端直接利用专家模式引入假装即可

  依赖项依赖项groupIdorg.springframework.cloud/groupId artifactId spring-cloud-starter-feign/artifactId/依赖项依赖项groupIdcom.netflix.feign/groupId artifactId假装正常http/artifactId版本8 .18 .0/版本/依赖项依赖项groupIdorg.springframework.cloud/groupId artifactId spring-cloud-starter-oauth 2/artifactId/依赖项/依赖项核心类

  customhystrixconcurrencystrategy。javaoauth 2客户端属性。javao auth 2 feignautoconfiguration。javao auth 2 feignrequestinterceptor。javapackage com。PAAs云。安全。假装;进口龙目岛。数据;导入org。spring框架。靴子。语境。属性。配置属性;/* * * Oauth 2类客户端属性作者paascloud.net @ Gmail。com */@ Data @ configuration properties(前缀= PAAs cloud。oauth 2。客户’)公共类oauth 2客户端属性{私有字符串id;私有字符串accessTokenUrl私有字符串标识符私有字符串客户端秘密私有字符串clientAuthenticationScheme}包com。PAAs云。安全。假装;导入com。网飞。海斯特里克斯。策略。hystrix插件;导入com。网飞。hy strix。策略。并发性。hystrixconcurrencystrategy导入com。网飞。hy strix。策略。并发性。hystrixrequestcontext导入org。spring框架。刻板印象。组件;导入Java。util。并发。可赎回;/***类自定义高起鳞癣并发策略。* * @作者帕斯克劳德.

  net @gmail.com */@Componentpublic class CustomHystrixConcurrencyStrategy extends HystrixConcurrencyStrategy {    /**     * Instantiates a new Custom hystrix concurrency strategy.     */    public CustomHystrixConcurrencyStrategy() {        HystrixPlugins.getInstance().registerConcurrencyStrategy(this);    }    /**     * Wrap callable callable.     *     * @param <T>      the type parameter     * @param callable the callable     *     * @return the callable     */    @Override    public <T> Callable<T> wrapCallable(Callable<T> callable) {        return new HystrixContextWrapper<T>(callable);    }    /**     * The class Hystrix context wrapper.     *     * @param <V> the type parameter     *     * @author paascloud.net @gmail.com     */    public static class HystrixContextWrapper<V> implements Callable<V> {        private HystrixRequestContext hystrixRequestContext;        private Callable<V> delegate;        /**         * Instantiates a new Hystrix context wrapper.         *         * @param delegate the delegate         */        HystrixContextWrapper(Callable<V> delegate) {        this.hystrixRequestContext = HystrixRequestContext.getContextForCurrentThread();            this.delegate = delegate;        }        /**         * Call v.         *         * @return the v         *         * @throws Exception the exception         */        @Override        public V call() throws Exception {            HystrixRequestContext existingState = HystrixRequestContext.getContextForCurrentThread();            try {                HystrixRequestContext.setContextOnCurrentThread(this.hystrixRequestContext);                return this.delegate.call();            } finally {                HystrixRequestContext.setContextOnCurrentThread(existingState);            }        }    }}

package com.paascloud.security.feign;import feign.Logger;import feign.RequestInterceptor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.boot.context.properties.EnableConfigurationProperties;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.http.client.Netty4ClientHttpRequestFactory;import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;import org.springframework.security.oauth2.client.OAuth2RestTemplate;import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;import org.springframework.security.oauth2.common.AuthenticationScheme;/** * The class O auth 2 feign auto configuration. * * @author paascloud.net @gmail.com */@Configuration@EnableConfigurationProperties(Oauth2ClientProperties.class)public class OAuth2FeignAutoConfiguration {    private final Oauth2ClientProperties oauth2ClientProperties;    /**     * Instantiates a new O auth 2 feign auto configuration.     *     * @param oauth2ClientProperties the oauth 2 client properties     */    @Autowired    public OAuth2FeignAutoConfiguration(Oauth2ClientProperties oauth2ClientProperties) {        this.oauth2ClientProperties = oauth2ClientProperties;    }    /**     * Resource details client credentials resource details.     *     * @return the client credentials resource details     */    @Bean("paascloudClientCredentialsResourceDetails")    public ClientCredentialsResourceDetails resourceDetails() {        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();        details.setId(oauth2ClientProperties.getId());        details.setAccessTokenUri(oauth2ClientProperties.getAccessTokenUrl());        details.setClientId(oauth2ClientProperties.getClientId());        details.setClientSecret(oauth2ClientProperties.getClientSecret());        details.setAuthenticationScheme(AuthenticationScheme.valueOf(oauth2ClientProperties.getClientAuthenticationScheme()));        return details;    }    /**     * O auth 2 rest template o auth 2 rest template.     *     * @return the o auth 2 rest template     */    @Bean("paascloudOAuth2RestTemplate")    public OAuth2RestTemplate oAuth2RestTemplate() {        final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails(), new DefaultOAuth2ClientContext());        oAuth2RestTemplate.setRequestFactory(new Netty4ClientHttpRequestFactory());        return oAuth2RestTemplate;    }    /**     * Oauth 2 feign request interceptor request interceptor.     *     * @param oAuth2RestTemplate the o auth 2 rest template     *     * @return the request interceptor     */    @Bean    public RequestInterceptor oauth2FeignRequestInterceptor(@Qualifier("paascloudOAuth2RestTemplate") OAuth2RestTemplate oAuth2RestTemplate) {        return new OAuth2FeignRequestInterceptor(oAuth2RestTemplate);    }    /**     * Feign logger level logger . level.     *     * @return the logger . level     */    @Bean    Logger.Level feignLoggerLevel() {        return Logger.Level.FULL;    }}
package com.paascloud.security.feign;import feign.RequestInterceptor;import feign.RequestTemplate;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.security.oauth2.client.OAuth2RestTemplate;import org.springframework.util.Assert;/** * The class O auth 2 feign request interceptor. * * @author paascloud.net @gmail.com */public class OAuth2FeignRequestInterceptor implements RequestInterceptor {    private static final String AUTHORIZATION_HEADER = "Authorization";    private static final String BEARER_TOKEN_TYPE = "bearer";    private final OAuth2RestTemplate oAuth2RestTemplate;    /**     * Instantiates a new O auth 2 feign request interceptor.     *     * @param oAuth2RestTemplate the o auth 2 rest template     */    OAuth2FeignRequestInterceptor(OAuth2RestTemplate oAuth2RestTemplate) {        Assert.notNull(oAuth2RestTemplate, "Context can not be null");        this.oAuth2RestTemplate = oAuth2RestTemplate;    }    /**     * Apply.     *     * @param template the template     */    @Override    public void apply(RequestTemplate template) {        template.header(AUTHORIZATION_HEADER, String.format("%s %s", BEARER_TOKEN_TYPE,  oAuth2RestTemplate.getAccessToken().toString()));    }}

调用端配置

 

  引入maven依赖

  

<dependency>            <groupId>com.liuzm.paascloud.common</groupId>            <artifactId>paascloud-security-feign</artifactId>            <version>1.0-SNAPSHOT</version></dependency>

@FeignClient加入configuration属性

 

  

/** * The interface Mdc product feign api. * @author paascloud.net@gmail.com */@FeignClient(value = "paascloud-provider-mdc", configuration = OAuth2FeignAutoConfiguration.class, fallback = MdcProductFeignHystrix.class)public interface MdcProductFeignApi {    /**     * Update product stock by id int.     *     * @param productDto the product dto     *     * @return the int     */    @RequestMapping(value = "/api/product/updateProductStockById", method = RequestMethod.POST)    int updateProductStockById(@RequestBody ProductDto productDto);}

认证服务器配置

 

  

@Override    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {        clients.withClientDetails(restClientDetailsService);    }
package com.paascloud.provider.security;import com.paascloud.security.core.properties.OAuth2ClientProperties;import com.paascloud.security.core.properties.SecurityProperties;import org.apache.commons.lang3.ArrayUtils;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;import org.springframework.security.oauth2.provider.ClientDetails;import org.springframework.security.oauth2.provider.ClientDetailsService;import org.springframework.security.oauth2.provider.ClientRegistrationException;import org.springframework.stereotype.Component;import javax.annotation.PostConstruct;/** * The class Rest client details service. * * @author paascloud.net @gmail.com */@Component("restClientDetailsService")public class RestClientDetailsServiceImpl implements ClientDetailsService {    private ClientDetailsService clientDetailsService;    @Autowired    private SecurityProperties securityProperties;    /**     * Init.     */    @PostConstruct    public void init() {        InMemoryClientDetailsServiceBuilder builder = new InMemoryClientDetailsServiceBuilder();        if (ArrayUtils.isNotEmpty(securityProperties.getOauth2().getClients())) {            for (OAuth2ClientProperties client : securityProperties.getOauth2().getClients()) {                builder.withClient(client.getClientId())                        .secret(client.getClientSecret())                        .authorizedGrantTypes("refresh_token", "password", "client_credentials")                        .accessTokenValiditySeconds(client.getAccessTokenValidateSeconds())                        .refreshTokenValiditySeconds(2592000)                        .scopes(client.getScope());            }        }        try {            clientDetailsService = builder.build();        } catch (Exception e) {            e.printStackTrace();        }    }    /**     * Load client by client id client details.     *     * @param clientId the client id     *     * @return the client details     *     * @throws ClientRegistrationException the client registration exception     */    @Override    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {        return  clientDetailsService.loadClientByClientId(clientId);    }}

bootstrap.yml配置

 

  

security:    oauth2:      tokenStore: jwt      clients[0]:        clientId: paascloud-client-uac        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[1]:        clientId: paascloud-browser        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[2]:        clientId: paascloud-client-gateway        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[3]:        clientId: paascloud-client-zipkin        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[4]:        clientId: paascloud-client-mdc        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[5]:        clientId: paascloud-client-omc        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"      clients[6]:        clientId: paascloud-client-opc        clientSecret: paascloudClientSecret        accessTokenValidateSeconds: 7200        scope: "*"

到此客户端模式配置完成!

 

  

 

  

基于spring security

开放权限,利用url规范来规划客户端的url不通过auth2鉴权,这里唯一的区别是在feign拦截器里处理的逻辑改一下,代码如下

 

  

@Autowiredprivate OAuth2ClientContext context;@Override    public void apply(RequestTemplate template) {        if(context.getAccessToken() != null && context.getAccessToken().getValue() != null && OAuth2AccessToken.BEARER_TYPE.equalsIgnoreCase(context.getAccessToken().getTokenType()) ){            template.header("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, context.getAccessToken().getValue()));        }    }

 

  

spring cloud微服务增加oauth2权限后 feign调用报null

在授权服务里,用户通过用户名密码,或者手机和验证码等方式登陆之后,在http头里会有授权的标识,在客户端调用时,需要添加当时有效的token才可以正常访问被授权的页面。

 

  

Content-Type:application/jsonAuthorization:Bearer d79c064c-8675-4047-a119-fac692e447e8

而在业务层里,服务与服务之间使用feign来实现调用,而授权的代码我们可以通过拦截器实现,在feign请求之前,把当前服务的token添加到目标服务的请求头就可以了

 

  

 

  

一般是这样实现的

/** * 发送FeignClient设置Header信息. * http://www.itmuch.com/spring-cloud-sum/hystrix-threadlocal/ * Hystrix传播ThreadLocal对象 */@Componentpublic class TokenFeignClientInterceptor implements RequestInterceptor {  /**   * token放在请求头.   *   * @param requestTemplate 请求参数   */  @Override  public void apply(RequestTemplate requestTemplate) {    RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();    if (requestAttributes != null) {      HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();      requestTemplate.header("Authorization", request.getHeader("Authorization"));    }  }}

上面的拦截器代码没有什么问题,也很好理解,但事实上,当你的feign开启了hystrix功能,如果开启了,需要把hystrix

郑重声明:本文由网友发布,不代表盛行IT的观点,版权归原作者所有,仅为传播更多信息之目的,如有侵权请联系,我们将第一时间修改或删除,多谢。

相关文章阅读

  • spring编程式事务处理,spring编程事务
  • spring编程式事务处理,spring编程事务,详解Spring学习之编程式事务管理
  • spring的核心功能模块有几个,列举一些重要的spring模块
  • spring的核心功能模块有几个,列举一些重要的spring模块,七个Spring核心模块详解
  • spring注解和springmvc的注解,SpringMVC常用注解
  • spring注解和springmvc的注解,SpringMVC常用注解,详解springmvc常用5种注解
  • spring实现ioc的四种方法,spring的ioc的三种实现方式
  • spring实现ioc的四种方法,spring的ioc的三种实现方式,简单实现Spring的IOC原理详解
  • spring事务失效问题分析及解决方案怎么做,spring 事务失效情况
  • spring事务失效问题分析及解决方案怎么做,spring 事务失效情况,Spring事务失效问题分析及解决方案
  • spring5.0新特性,spring4新特性
  • spring5.0新特性,spring4新特性,spring5新特性全面介绍
  • spring ioc以及aop原理,springmvc aop原理
  • spring ioc以及aop原理,springmvc aop原理,深入浅析Spring 的aop实现原理
  • Spring cloud网关,spring cloud zuul作用
  • 留言与评论(共有 条评论)
       
    验证码: