api网关项目负责转发请求、过滤token等；tao-oms淘宝接口;oms-api公共项目包括登录处理；其他项目暂时没用

api/pom.xml

@@ -61,6 +61,25 @@
 <!--            <version>4.13.2</version>-->
 <!--            <scope>test</scope>-->
 <!--        </dependency>-->
+        <!-- Token生成与解析-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.3</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.3</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.12.3</version>
+            <scope>runtime</scope>
+        </dependency>
     </dependencies>
     <dependencyManagement>
         <dependencies>

api/src/main/java/com/qihang/api/Api.java

@@ -3,6 +3,7 @@ package com.qihang.api;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.context.annotation.Bean;
 
 /**
  * Hello world!
@@ -17,4 +18,9 @@ public class Api
         System.out.println( "Hello World! Api" );
         SpringApplication.run(Api.class, args);
     }
+
+//    @Bean
+//    public TokenFilter tokenFilter() {
+//        return new TokenFilter();
+//    }
 }

api/src/main/java/com/qihang/api/TokenFilter.java

@@ -0,0 +1,33 @@
+package com.qihang.api;
+
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.http.HttpStatus;
+import org.springframework.util.StringUtils;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+@Configuration
+public class TokenFilter implements GlobalFilter, Ordered {
+    private static final String TOKEN_HEADER = "Authorization";
+    private static final String TOKEN_PREFIX = "Bearer ";
+    private static final String SECRET_KEY = "mysecretkey235200303325adjjeddd";
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+        String token = exchange.getRequest().getHeaders().getFirst(TOKEN_HEADER);
+        System.out.println("Token:"+token);
+        // TODO: 统一鉴权处理
+        if(!StringUtils.hasText(token)){
+            exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
+            return exchange.getResponse().setComplete();
+        }
+        return chain.filter(exchange);
+    }
+
+    @Override
+    public int getOrder() {
+        return -10000;
+    }
+}

api/src/main/resources/application.yaml

@@ -1,13 +1,12 @@
 server:
   port: 8080
-
 spring:
   application:
     name: api-service
-  security:
+#  security:
-    user:
+#    user:
-      name: admin
+#      name: admin
-      password: password
+#      password: password
     basic:
       enabled: true
   cloud:
@@ -22,11 +21,20 @@ spring:
           enabled: true
       routes:
         - id: tao_oms_route
-          uri: lb://tao-oms  # lb 表示从 nacos 中按照名称获取微服务,并遵循负载均衡策略，user-service 对应用户微服务应用名
+          uri: lb://tao-oms
           predicates:
-            - Path=/tao-service/**  # 使用断言
+            - Path=/api/tao-service/**
           filters:
-            - StripPrefix=1       # 使用过滤器
+            - StripPrefix=2
+        - id: oms_api_route
+          uri: lb://oms-api
+          predicates:
+            - Path=/api/oms-api/**
+          filters:
+            - StripPrefix=2
+#            - TokenFilter
+#      default-filters:
+#        - TokenFilter
 #            - name: Security   # 添加安全过滤器
 #              args:
 #                springSecurityFilterChain: # 配置Spring Security过滤器链

oms-api/pom.xml

@@ -26,6 +26,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <spring-boot.version>3.0.2</spring-boot.version>
         <spring-cloud-alibaba.version>2022.0.0.0</spring-cloud-alibaba.version>
+        <jwt.version>0.11.5</jwt.version>
     </properties>
 
     <dependencies>
@@ -116,9 +117,23 @@
         <!-- Token生成与解析-->
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt</artifactId>
+            <artifactId>jjwt-api</artifactId>
-            <version>0.9.1</version>
+            <version>${jwt.version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>${jwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>${jwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
         <!-- 解析客户端操作系统、浏览器等 -->
         <dependency>
             <groupId>eu.bitwalker</groupId>

oms-api/src/main/java/com/qihang/oms/api/OmsApi.java

@@ -2,13 +2,11 @@ package com.qihang.oms.api;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.ComponentScans;
 import org.springframework.web.client.RestTemplate;
 
 /**
@@ -19,12 +17,12 @@ import org.springframework.web.client.RestTemplate;
 @EnableDiscoveryClient
 @ComponentScan(basePackages={"com.qihang"})
 @SpringBootApplication
-public class Api
+public class OmsApi
 {
     public static void main( String[] args )
     {
         System.out.println( "Hello World!" );
-        SpringApplication.run(Api.class, args);
+        SpringApplication.run(OmsApi.class, args);
     }
 
     @Bean

oms-api/src/main/java/com/qihang/oms/api/security/JwtAuthenticationTokenFilter.java

@@ -41,9 +41,16 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
             throws ServletException, IOException
     {
-        String token = request.getHeader(TOKEN_HEADER);
+//        String token = exchange.getRequest().getHeaders().getFirst(TOKEN_HEADER);
+        String token = request.getHeader("Authorization");
+
         log.info("intercept " + request.getRequestURI());
         log.info("token: " + token);
+        if(request.getRequestURI().equals("/login")){
+            // 登录页面，放行
+            chain.doFilter(request, response);
+            return;
+        }
         LoginUser loginUser = tokenService.getLoginUser(request);
         if (loginUser !=null )
         {
@@ -51,6 +58,9 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
             UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
             authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
             SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+        }else {
+            fallback(" 授权过期！",response);
+            return;
         }
         chain.doFilter(request, response);
     }

oms-core/pom.xml

@@ -19,7 +19,8 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <spring-boot.version>3.0.2</spring-boot.version>
-        <jwt.version>0.9.1</jwt.version>
+        <jwt.version>0.11.5</jwt.version>
+        <spring-cloud-alibaba.version>2022.0.0.0</spring-cloud-alibaba.version>
     </properties>
 
     <dependencies>
@@ -46,20 +47,19 @@
             <artifactId>spring-tx</artifactId>
             <version>6.0.4</version>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-redis</artifactId>
         </dependency>
-
+        <dependency>
-        <!--        <dependency>-->
+            <groupId>com.alibaba.cloud</groupId>
-<!--            <groupId>javax.validation</groupId>-->
+            <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
-<!--            <artifactId>validation-api</artifactId>-->
+        </dependency>
-<!--            <version>2.0.1.Final</version>-->
+        <!--SpringCloud Alibaba nacos 服务发现依赖-->
-<!--        </dependency>-->
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>jakarta.servlet</groupId>
@@ -68,8 +68,22 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+            <version>1.2.21</version>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>8.0.33</version>
+        </dependency>
 
-
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+            <version>3.5.5</version>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
@@ -91,9 +105,23 @@
         <!-- Token生成与解析-->
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt</artifactId>
+            <artifactId>jjwt-api</artifactId>
             <version>${jwt.version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>${jwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>${jwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
         <dependency>
             <groupId>com.alibaba.fastjson2</groupId>
             <artifactId>fastjson2</artifactId>
@@ -121,6 +149,13 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>com.alibaba.cloud</groupId>
+                <artifactId>spring-cloud-alibaba-dependencies</artifactId>
+                <version>${spring-cloud-alibaba.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 </project>

oms-core/src/main/java/com/qihang/core/OmsCoreApplication.java

@@ -3,23 +3,20 @@ package com.qihang.core;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.annotation.EnableCaching;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.web.client.RestTemplate;
 
 /**
  * Hello world!
  *
  */
 @EnableCaching
-@ComponentScan(basePackages = "com.qihang")
+//@ComponentScan(basePackages = "com.qihang")
 @SpringBootApplication
-public class App
+public class OmsCoreApplication
 {
     public static void main( String[] args )
     {
         System.out.println( "Hello World!" );
-        SpringApplication.run(App.class, args);
+        SpringApplication.run(OmsCoreApplication.class, args);
     }
 
 }

oms-core/src/main/java/com/qihang/core/config/SecurityConfig.java

@@ -1,81 +1,49 @@
-//package com.qihang.core.config;
+package com.qihang.core.config;
-//
+
-//import com.qihang.core.security.AuthenticationEntryPointImpl;
+import com.qihang.core.security.AuthenticationEntryPointImpl;
-//import com.qihang.core.security.LogoutSuccessHandlerImpl;
+import com.qihang.core.security.LogoutSuccessHandlerImpl;
-//import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.beans.factory.annotation.Value;
+import org.springframework.beans.factory.annotation.Value;
-//import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Configuration;
-//import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpMethod;
-//import org.springframework.security.config.annotation.SecurityBuilder;
+import org.springframework.security.config.annotation.SecurityBuilder;
-//import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-//import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
+import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-//import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.config.http.SessionCreationPolicy;
-//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-//import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.SecurityFilterChain;
-//
+
-//@Configuration
+@Configuration
-//@EnableWebSecurity
+@EnableWebSecurity
-//@EnableMethodSecurity
+@EnableMethodSecurity
-//public class SecurityConfig  {
+public class SecurityConfig  {
-//    @Value("${auth.whitelist:/login}")
+    @Autowired
-//    private String[] URL_WHITELIST;
+    private AuthenticationEntryPointImpl unauthorizedHandler;
-//
+    @Autowired
-//    @Autowired
+    private LogoutSuccessHandlerImpl logoutSuccessHandler;
-//    private AuthenticationEntryPointImpl unauthorizedHandler;
+    @Bean
-//    @Autowired
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-//    private LogoutSuccessHandlerImpl logoutSuccessHandler;
+        http
-//    @Bean
+                .csrf().disable()
-//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+                .authorizeRequests()
-////        http
+                .anyRequest().authenticated()
-////                // CSRF禁用，因为不使用session
+                .and()
-////                .csrf().disable()
+                .formLogin()
-////                .authorizeRequests()
+                .and()
-////                .anyRequest().authenticated()
+                .httpBasic();
-////                .and()
+
-////                .formLogin()
+        return http.build();
-////                .and()
+    }
-////                .httpBasic();
+
-//        // CSRF禁用，因为不使用session
+    /**
-//        http.csrf().disable()
+     * 强散列哈希加密实现
-//                // 禁用HTTP响应标头
+     */
-//                .headers().cacheControl().disable().and()
+    @Bean
-//                // 认证失败处理类
+    public BCryptPasswordEncoder bCryptPasswordEncoder()
-////                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+    {
-//                // 基于token，所以不需要session
+        return new BCryptPasswordEncoder();
-//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+    }
-//                // 过滤请求
+}
-//                .authorizeRequests()
-//                .formLogin(form -> form.
-//                        loginProcessingUrl("/login")
-//                        .usernameParameter("username")
-//                        .passwordParameter("password")
-//                        .successHandler(unauthorizedHandler)
-////                        .failureHandler(unauthorizedHandler))
-//                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-//                .antMatchers("/login", "/register", "/captchaImage").permitAll()
-//                // 静态资源，可匿名访问
-//                .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
-//                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
-//                .antMatchers("/test/**").permitAll()
-//                .antMatchers("/preview/**").permitAll()
-//                .antMatchers("/h2-console/**").permitAll()
-//                .antMatchers("/taoapi2/**").permitAll()
-//                // 除上面外的所有请求全部需要鉴权认证
-//                .anyRequest().authenticated()
-//                .and()
-//                .headers().frameOptions().disable();
-//        return http.build();
-//    }
-//
-//    /**
-//     * 强散列哈希加密实现
-//     */
-//    @Bean
-//    public BCryptPasswordEncoder bCryptPasswordEncoder()
-//    {
-//        return new BCryptPasswordEncoder();
-//    }
-//}

oms-core/src/main/java/com/qihang/core/controller/HomeController.java

@@ -0,0 +1,13 @@
+package com.qihang.core.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class HomeController {
+
+    @GetMapping("/home")
+    public String home(){
+        return "oms-core:home";
+    }
+}

oms-core/src/main/java/com/qihang/core/security/SecurityUser.java

@@ -10,8 +10,8 @@ import java.util.Collection;
  * TODO
  *
  * @Description
- * @Author laizhenghua
+ * @Author
- * @Date 2023/6/29 22:49
+ * @Date
  **/
 public class SecurityUser implements UserDetails {
     private SysUser userEntity;

oms-core/src/main/java/com/qihang/core/security/TokenService.java

@@ -30,15 +30,15 @@ import java.util.concurrent.TimeUnit;
 public class TokenService
 {
     // 令牌自定义标识
-    @Value("${token.header}")
+    @Value("${token.header:'Authorization'}")
     private String header;
 
     // 令牌秘钥
-    @Value("${token.secret}")
+    @Value("${token.secret:'mysecretkey235200303325adjjeddd'}")
     private String secret;
 
     // 令牌有效期（默认30分钟）
-    @Value("${token.expireTime}")
+    @Value("${token.expireTime:30}")
     private int expireTime;
 
     protected static final long MILLIS_SECOND = 1000;

oms-core/src/main/resources/application.properties

@@ -1,4 +0,0 @@
-spring.redis.host=localhost
-spring.redis.port=6379
-spring.redis.password=
-spring.redis.database=0

oms-core/src/main/resources/application.yaml

@@ -0,0 +1,14 @@
+spring:
+  cloud:
+    nacos:
+      serverAddr: 127.0.0.1:8848
+      discovery:
+        server-addr: 127.0.0.1:8848
+  config:
+    import:
+      - nacos:qihang-oms.yaml?refresh=true
+  application:
+    name: oms-core
+
+server:
+  port: 8083

oms-core/src/test/java/com/qihang/OmsCoreApplicationTest.java

@@ -7,7 +7,7 @@ import junit.framework.TestSuite;
 /**
  * Unit test for simple App.
  */
-public class AppTest 
+public class OmsCoreApplicationTest
     extends TestCase
 {
     /**
@@ -15,7 +15,7 @@ public class AppTest
      *
      * @param testName name of the test case
      */
-    public AppTest( String testName )
+    public OmsCoreApplicationTest(String testName )
     {
         super( testName );
     }
@@ -25,7 +25,7 @@ public class AppTest
      */
     public static Test suite()
     {
-        return new TestSuite( AppTest.class );
+        return new TestSuite( OmsCoreApplicationTest.class );
     }
 
     /**

tao-oms/src/main/java/com/qihang/tao/controller/HomeController.java

@@ -1,5 +1,6 @@
 package com.qihang.tao.controller;
 
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -16,7 +17,9 @@ public class HomeController {
     private String serverName;
 
     @GetMapping(value = "/test/na")
-    public String get() {
+    public String get(HttpServletRequest request) {
+        String token = request.getHeader("Authorization");
+        System.out.println("tao-api token:"+token);
         return serverName;
     }