当前位置：首页 > news >正文

查看一个网站的备案人业务员自己做网站

news 2025/10/18 18:54:24

查看一个网站的备案人,业务员自己做网站,建设公司网站要注意什么,四川住房和城乡建设厅网站电话前言之前虽然单独讲过Security Client和Resource Server的对接#xff0c;但是都是基于Spring webmvc的#xff0c;Gateway这种非阻塞式的网关是基于webflux的#xff0c;对于集成Security相关内容略有不同#xff0c;且涉及到代理其它微服务#xff0c;所以会稍微比较麻…前言之前虽然单独讲过Security Client和Resource Server的对接但是都是基于Spring webmvc的Gateway这种非阻塞式的网关是基于webflux的对于集成Security相关内容略有不同且涉及到代理其它微服务所以会稍微比较麻烦些今天就带大家来实现Gateway网关对接OAuth2认证服务。 Gateway对接说明身份问题在本次示例中网关既是客户端(OAuth2 Client Server)又是资源服务(OAuth2 Resource Server)Client服务负责认证Resource负责鉴权这样如果有在浏览器直接访问网关的需要可以直接在浏览器由框架引导完成OAuth2认证过程。框架版本与架构说明架构图 Spring Cloud依赖版本框架版本号Spring Boot3.1.0Nacos Server2.2.1Spring Cloud2022.0.4Spring Cloud Alibaba2022.0.0.0Spring Security6.1.0Spring OAuth2 Client6.1.0Spring OAuth2 Resource Server6.1.0 读者可以自选版本使用作为对接方版本问题不大不确定Spring Cloud Alibaba 在部署时会不会有Spring Boot的版本限制如果3.1.x无法使用请降级至3.0.10版本开发时测试都是没问题的。网关集成认证服务请求流程图说明用户请求受限资源网关检测没有认证信息通过RedirectServerAuthenticationEntryPoint处理并发起OAuth2登录授权申请授权申请到达认证服务认证服务检测到未登录重定向至登录页面并展示给用户用户登录成功后请求重定向至授权申请接口通过校验后携带Token重定向至回调地址(redirect_uri)注意这里回调地址要设置为网关的地址htttp://{网关ip}:{网关port}/login/oauth2/code/{registrationId}后边的/login/oauth2/code/{registrationId}路径是固定的这是框架(Security OAuth2 Client)自带的端点请求到达网关由OAuth2LoginAuthenticationWebFilter拦截并调用父类AuthenticationWebFilter的filter方法进行处理AuthenticationWebFilter调用OidcAuthorizationCodeReactiveAuthenticationManager或OAuth2LoginReactiveAuthenticationManager类处理(由授权申请的scope决定包含openid就走OidcAuthorizationCodeReactiveAuthenticationManager否则走另一个)在获取AccessToken成功以后调用ReactiveOAuth2UserService获取用户信息获取到用户信息后会解析并将认证信息保存至ReactiveSecurityContextHolder中完成这一系列的认证之后会重定向至最一开始请求的受限资源这时候就能获取到认证信息了如果访问的是被网关代理的服务则会通过令牌中继(TokenRelay)携带token访问这就是网关通过认证服务获取认证信息的一个流程基本上只需要添加配置文件即可由框架引导进行OAuth2认证流程。开始编码前置条件搭建好标准OAuth2认证服务搭建nacos服务项目结构 gateway-example # 父模块│ ├─gateway-client-example # 网关│ ├─normal-resource-example # webmvc资源服务│ ├─webflux-resource-example # webflux资源服务│ └─pom.xml # 公共依赖依赖管理创建一个空的maven项目引入Spring Boot、Spring Cloud、Spring Cloud Alibaba如下 ?xml version1.0 encodingUTF-8? project xmlnshttp://maven.apache.org/POM/4.0.0 xmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsdmodelVersion4.0.0/modelVersionparentgroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-parent/artifactIdversion3.1.0/versionrelativePath/ !-- lookup parent from repository --/parentgroupIdcom.example/groupIdartifactIdgateway-example/artifactIdversion0.0.1/versionpackagingpom/packagingnamegateway-example/namedescriptiongateway-example/descriptionmodulesmodulegateway-client-example/modulemodulenormal-resource-example/modulemodulewebflux-resource-example/module/modulespropertiesjava.version17/java.version!-- 修复漏洞 --snakeyaml.version2.0/snakeyaml.version!-- Spring Cloud版本号 --spring-cloud.version2022.0.4/spring-cloud.version!-- Spring Cloud Alibaba版本号 --spring-cloud-alibaba.version2022.0.0.0/spring-cloud-alibaba.version/propertiesdependencies!-- Lombok --dependencygroupIdorg.projectlombok/groupIdartifactIdlombok/artifactIdoptionaltrue/optional/dependency!-- Spring Boot 测试依赖 --dependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-test/artifactIdscopetest/scope/dependency!-- 服务注册与发现 --dependencygroupIdcom.alibaba.cloud/groupIdartifactIdspring-cloud-starter-alibaba-nacos-discovery/artifactId/dependency!-- 配置中心 --dependencygroupIdcom.alibaba.cloud/groupIdartifactIdspring-cloud-starter-alibaba-nacos-config/artifactId/dependency!-- 资源服务器starter --dependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-oauth2-resource-server/artifactId/dependency/dependenciesdependencyManagementdependenciesdependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-dependencies/artifactIdversion${spring-cloud.version}/versiontypepom/typescopeimport/scope/dependencydependencygroupIdcom.alibaba.cloud/groupIdartifactIdspring-cloud-alibaba-dependencies/artifactIdversion${spring-cloud-alibaba.version}/versiontypepom/typescopeimport/scope/dependency/dependencies/dependencyManagement/project 里边的modules标签是在新建module时自动添加的创建网关gateway-client-example模块 Spring Cloud 相关依赖已经在parent模块中引入所以该模块只需要引入Gateway、Client依赖pom如下 ?xml version1.0 encodingUTF-8? project xmlnshttp://maven.apache.org/POM/4.0.0xmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsdmodelVersion4.0.0/modelVersionparentgroupIdcom.example/groupIdartifactIdgateway-example/artifactIdversion0.0.1/version/parentartifactIdgateway-client-example/artifactIdnamegateway-client-example/namedescriptiongateway-client-example/descriptiondependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-oauth2-client/artifactId/dependencydependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-webflux/artifactId/dependencydependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-starter-gateway/artifactId/dependencydependencygroupIdio.projectreactor/groupIdartifactIdreactor-test/artifactIdscopetest/scope/dependency!-- 负载均衡依赖 --dependencygroupIdorg.springframework.cloud/groupIdartifactIdspring-cloud-starter-loadbalancer/artifactId/dependency/dependenciesbuildpluginsplugingroupIdorg.springframework.boot/groupIdartifactIdspring-boot-maven-plugin/artifactIdconfigurationexcludesexcludegroupIdorg.projectlombok/groupIdartifactIdlombok/artifactId/exclude/excludes/configuration/plugin/plugins/build/project编写客户端配置 package com.example.config;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;import java.util.Collection; import java.util.HashSet; import java.util.Set;/*** 客户端配置** author vains*/ Configuration public class ClientServerConfig {/*** 解析用户权限信息当在浏览器中直接访问接口框架自动调用OIDC流程登录时会用到该配置** return GrantedAuthoritiesMapper*/Beanpublic GrantedAuthoritiesMapper userAuthoritiesMapper() {return (authorities) - {SetGrantedAuthority mappedAuthorities new HashSet();authorities.forEach(authority - {if (authority instanceof OAuth2UserAuthority oAuth2UserAuthority) {// 从认证服务获取的用户信息中提取权限信息Object userAuthorities oAuth2UserAuthority.getAttributes().get(authorities);if (userAuthorities instanceof Collection? collection) {// 转为SimpleGrantedAuthority的实例并插入mappedAuthorities中collection.stream().filter(a - a instanceof String).map(String::valueOf).map(SimpleGrantedAuthority::new).forEach(mappedAuthorities::add);}}});return mappedAuthorities;};}} 该配置会在获取到用户信息后解析用户的权限信息详见文档编写网关资源服务配置 package com.example.config;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter; import org.springframework.security.web.server.SecurityWebFilterChain; import reactor.core.publisher.Mono;/*** 资源服务器配置** author vains*/ Configuration EnableWebFluxSecurity EnableReactiveMethodSecurity public class ResourceServerConfig {/*** 配置认证相关的过滤器链** param http Spring Security的核心配置类* return 过滤器链*/Beanpublic SecurityWebFilterChain defaultSecurityFilterChain(ServerHttpSecurity http) {// 禁用csrf与corshttp.csrf(ServerHttpSecurity.CsrfSpec::disable);http.cors(ServerHttpSecurity.CorsSpec::disable);// 开启全局验证http.authorizeExchange((authorize) - authorize//全部需要认证.anyExchange().authenticated());// 开启OAuth2登录http.oauth2Login(Customizer.withDefaults());// 设置当前服务为资源服务解析请求头中的tokenhttp.oauth2ResourceServer((resourceServer) - resourceServer// 使用jwt.jwt(jwt - jwt// 请求中携带token访问时会触发该解析器适配器.jwtAuthenticationConverter(grantedAuthoritiesExtractor()))/*// xhr请求未携带Token处理.authenticationEntryPoint(this::authenticationEntryPoint)// 权限不足处理.accessDeniedHandler(this::accessDeniedHandler)// Token解析失败处理.authenticationFailureHandler(this::failureHandler)*/);return http.build();}/*** 自定义jwt解析器设置解析出来的权限信息的前缀与在jwt中的key** return jwt解析器适配器 ReactiveJwtAuthenticationConverterAdapter*/public ConverterJwt, MonoAbstractAuthenticationToken grantedAuthoritiesExtractor() {JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter new JwtGrantedAuthoritiesConverter();// 设置解析权限信息的前缀设置为空是去掉前缀grantedAuthoritiesConverter.setAuthorityPrefix();// 设置权限信息在jwt claims中的keygrantedAuthoritiesConverter.setAuthoritiesClaimName(authorities);JwtAuthenticationConverter jwtAuthenticationConverter new JwtAuthenticationConverter();jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);}} 需要注意的是开启方法级别鉴权的注解变了webflux的注解和webmvc的注解不一样并且过滤器链也换成SecurityWebFilterChain了jwt自定义解析器的方式也不一致实现方式见上方代码说明文档如下 EnableReactiveMethodSecurity注解文档 Jwt解析器适配器详见文档编写application.yml添加nacos配置 spring:cloud:nacos:serverAddr: 127.0.0.1:8848config:import:- nacos:gateway.yml?refreshtrueapplication:name: gateway 在nacos中创建gateway.yml配置文件添加客户端与资源服务配置并添加其它资源服务的代理配置 server:port: 7000 spring:security:oauth2:# 资源服务器配置resourceserver:jwt:# Jwt中claims的iss属性也就是jwt的签发地址即认证服务器的根路径# 资源服务器会进一步的配置通过该地址获取公钥以解析jwtissuer-uri: http://192.168.119.1:8080client:provider:# 认证提供者,自定义名称custom-issuer:# Token签发地址(认证服务地址)issuer-uri: http://192.168.119.1:8080# 获取用户信息的地址默认的/userinfo端点需要IdToken获取为避免麻烦自定一个用户信息接口user-info-uri: ${spring.security.oauth2.client.provider.custom-issuer.issuer-uri}/useruser-name-attribute: nameregistration:messaging-client-oidc:# oauth认证提供者配置和上边配置的认证提供者关联起来provider: custom-issuer# 客户端名称自定义client-name: gateway# 客户端id从认证服务申请的客户端idclient-id: messaging-client# 客户端秘钥client-secret: 123456# 客户端认证方式client-authentication-method: client_secret_basic# 获取Token使用的授权流程authorization-grant-type: authorization_code# 回调地址这里设置为Spring Security Client默认实现使用code换取token的接口当前服务(gateway网关)的地址redirect-uri: http://127.0.0.1:7000/login/oauth2/code/messaging-client-oidcscope:- message.read- message.write- openid- profilecloud:gateway:default-filters:# 令牌中继- TokenRelay# 代理路径代理至服务后会去除第一个路径的内容- StripPrefix1routes:# 资源服务代理配置- id: resourceuri: lb://resourcepredicates:- Path/resource/**# 资源服务代理配置- id: webfluxuri: lb://webflux-resourcepredicates:- Path/webflux/**注意配置文件中令牌中继(TokenRelay)的配置就是添加一个filterTokenRelay; 当网关引入spring-boot-starter-oauth2-client依赖并设置spring.security.oauth2.client.*属性时会自动创建一个TokenRelayGatewayFilterFactory过滤器它会从认证信息中获取access token并放入下游请求的请求头中。详见Gateway关于TokenRelay的文档项目结构创建webmvc资源服务模块normal-resource-example 在pom.xml中添加web依赖如下 ?xml version1.0 encodingUTF-8? project xmlnshttp://maven.apache.org/POM/4.0.0xmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsdmodelVersion4.0.0/modelVersionparentgroupIdcom.example/groupIdartifactIdgateway-example/artifactIdversion0.0.1/version/parentartifactIdnormal-resource-example/artifactIdnamenormal-resource-example/namedescriptionnormal-resource-example/descriptiondependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-web/artifactId/dependency/dependenciesbuildpluginsplugingroupIdorg.springframework.boot/groupIdartifactIdspring-boot-maven-plugin/artifactIdconfigurationexcludesexcludegroupIdorg.projectlombok/groupIdartifactIdlombok/artifactId/exclude/excludes/configuration/plugin/plugins/build/project创建资源服务器配置添加自定义jwt解析器 package com.example.config;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;/*** 资源服务器配置** author vains*/ Configuration EnableWebSecurity EnableMethodSecurity(jsr250Enabled true, securedEnabled true) public class ResourceServerConfig {/*** 自定义jwt解析器设置解析出来的权限信息的前缀与在jwt中的key** return jwt解析器 JwtAuthenticationConverter*/Beanpublic JwtAuthenticationConverter jwtAuthenticationConverter() {JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter new JwtGrantedAuthoritiesConverter();// 设置解析权限信息的前缀设置为空是去掉前缀grantedAuthoritiesConverter.setAuthorityPrefix();// 设置权限信息在jwt claims中的keygrantedAuthoritiesConverter.setAuthoritiesClaimName(authorities);JwtAuthenticationConverter jwtAuthenticationConverter new JwtAuthenticationConverter();jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);return jwtAuthenticationConverter;}} 编写application.yml添加nacos配置 spring:cloud:nacos:serverAddr: 127.0.0.1:8848config:import:- nacos:resource.yml?refreshtrueapplication:name: resource在nacos中创建resource.yml配置文件添加资源服务配置 server:port: 7100spring:security:oauth2:# 资源服务器配置resourceserver:jwt:# Jwt中claims的iss属性也就是jwt的签发地址即认证服务器的根路径# 资源服务器会进一步的配置通过该地址获取公钥以解析jwtissuer-uri: http://192.168.119.1:8080注意端口不能与网关和认证服务重复模块结构创建webflux资源服务模块 pom.xml添加webflux依赖如下 ?xml version1.0 encodingUTF-8? project xmlnshttp://maven.apache.org/POM/4.0.0xmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsdmodelVersion4.0.0/modelVersionparentgroupIdcom.example/groupIdartifactIdgateway-example/artifactIdversion0.0.1/version/parentartifactIdwebflux-resource-example/artifactIdnamewebflux-resource-example/namedescriptionwebflux-resource-example/descriptiondependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-webflux/artifactId/dependency/dependenciesbuildpluginsplugingroupIdorg.springframework.boot/groupIdartifactIdspring-boot-maven-plugin/artifactIdconfigurationexcludesexcludegroupIdorg.projectlombok/groupIdartifactIdlombok/artifactId/exclude/excludes/configuration/plugin/plugins/build /project创建资源服务配置并且添加jwt解析器适配器跟网关的资源服务配置差不多如下 package com.example.config;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter; import org.springframework.security.web.server.SecurityWebFilterChain; import reactor.core.publisher.Mono;/*** 资源服务器配置** author vains*/ Configuration EnableWebFluxSecurity EnableReactiveMethodSecurity public class ResourceServerConfig {/*** 配置认证相关的过滤器链** param http Spring Security的核心配置类* return 过滤器链*/Beanpublic SecurityWebFilterChain defaultSecurityFilterChain(ServerHttpSecurity http) {// 禁用csrf与corshttp.csrf(ServerHttpSecurity.CsrfSpec::disable);http.cors(ServerHttpSecurity.CorsSpec::disable);// 开启全局验证http.authorizeExchange((authorize) - authorize//全部需要认证.anyExchange().authenticated());// 设置当前服务为资源服务解析请求头中的tokenhttp.oauth2ResourceServer((resourceServer) - resourceServer// 使用jwt.jwt(jwtSpec - jwtSpec// 设置jwt解析器适配器.jwtAuthenticationConverter(grantedAuthoritiesExtractor())));return http.build();}/*** 自定义jwt解析器设置解析出来的权限信息的前缀与在jwt中的key** return jwt解析器适配器 ReactiveJwtAuthenticationConverterAdapter*/public ConverterJwt, MonoAbstractAuthenticationToken grantedAuthoritiesExtractor() {JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter new JwtGrantedAuthoritiesConverter();// 设置解析权限信息的前缀设置为空是去掉前缀grantedAuthoritiesConverter.setAuthorityPrefix();// 设置权限信息在jwt claims中的keygrantedAuthoritiesConverter.setAuthoritiesClaimName(authorities);JwtAuthenticationConverter jwtAuthenticationConverter new JwtAuthenticationConverter();jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);}} 编写application.yml添加nacos配置 spring:cloud:nacos:serverAddr: 127.0.0.1:8848config:import:- nacos:webflux.yml?refreshtrueapplication:name: webflux-resourcenacos中添加webflux.yml配置文件并添加资源服务配置 server:port: 7200spring:security:oauth2:# 资源服务器配置resourceserver:jwt:# Jwt中claims的iss属性也就是jwt的签发地址即认证服务器的根路径# 资源服务器会进一步的配置通过该地址获取公钥以解析jwtissuer-uri: http://192.168.119.1:8080与webmvc的资源服务的配置是一样的注意端口不能与其它服务端口冲突模块结构在三个模块中添加测试类一式三份 webmvc测试接口 package com.example.controller;import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController;/*** 测试接口** author vains*/ RestController public class TestController {GetMapping(/test01)PreAuthorize(hasAnyAuthority(message.write))public String test01() {return test01;}GetMapping(/test02)PreAuthorize(hasAnyAuthority(test02))public String test02() {return test02;}GetMapping(/app)PreAuthorize(hasAnyAuthority(app))public String app() {return app;}} webflux测试接口 package com.example.controller;import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import reactor.core.publisher.Mono;/*** 测试接口** author vains*/ RestController public class TestController {GetMapping(/test01)PreAuthorize(hasAnyAuthority(message.write))public MonoString test01() {return Mono.just(test01);}GetMapping(/test02)PreAuthorize(hasAnyAuthority(test02))public MonoString test02() {return Mono.just(test02);}GetMapping(/app)PreAuthorize(hasAnyAuthority(app))public MonoString app() {return Mono.just(app);}} 测试前置条件启动认证服务启动nacosnacos中都有相关配置启动项目依次启动三个服务顺序无所谓在postman中直接访问网关接口或代理的服务接口被重定向至登录了携带X-Requested-With请求头访问代表当前是xhr请求响应401框架有区分是浏览器请求还是xhr请求对于浏览器请求会重定向到页面对于xhr请求默认会响应401状态码可自己实现异常处理这里错误信息在请求头中是因为没有重写异常处理网关资源服务配置代码中有注释。在浏览器中访问网关接口或代理的服务接口访问浏览器打开地址http://127.0.0.1:7000/resource/app 请求到达网关后检测到未登录会引导用户进行OAuth2认证流程登录后提交登录提交后认证服务重定向授权申请接口校验通过后会生成code并携带code重定向至回调地址注意这里的回调地址是网关的服务地址由网关中的OAuth2 Client处理如图网关会根据code换取token获取token后根据token获取用户信息并调用网关客户端配置中自定义的userAuthoritiesMapper解析权限信息。访问权限不足的接口响应403并将错误信息放入响应头中使用token访问网关过期token 响应401并在响应头中提示token已过期错误token 响应401并在响应头中提示token无法解析权限不足token 响应403并提示权限不足正常请求响应200并正确响应接口信息写在最后本文带大家简单实现了Spring Cloud Gateway对接认证服务Gateway中添加客户端主要是为了如果代理服务有静态资源(html、css、image)时可以直接发起OAuth2授权流程在浏览器登录后直接访问同时也是开启令牌中继的必要依赖引入Resource Server依赖是当需要对网关的接口鉴权时可以直接使用如果网关只负责转发应该是可以去掉资源服务相关依赖和配置的由各个被代理的微服务对自己的接口进行鉴权。这些东西在之前基本都是讲过的内容所以本文很多地方都是一笔带过的如果某些地方不清楚可以针对性的翻翻之前的文章也可以在评论区中提出。如果有什么问题或者需要补充的请在评论区指出谢谢。附录 Gitee仓库地址 Gateway令牌中继文档 OAuth2登录后用户权限解析文档 webflux开启方法鉴权EnableReactiveMethodSecurity注解说明文档 webflux的Jwt解析器适配器说明文档 webflux对接OAuth2 Client文档 webflux对接OAuth2 Resource Server文档

查看全文

http://www.yingshimen.cn/news/52753/