update

api/pom.xml

@@ -48,6 +48,14 @@
             <version>4.0.0</version>
         </dependency>
 <!--        <dependency>-->
+<!--            <groupId>org.springframework.security</groupId>-->
+<!--            <artifactId>spring-security-config</artifactId>-->
+<!--        </dependency>-->
+<!--        <dependency>-->
+<!--            <groupId>org.springframework.security</groupId>-->
+<!--            <artifactId>spring-security-web</artifactId>-->
+<!--        </dependency>-->
+<!--        <dependency>-->
 <!--            <groupId>junit</groupId>-->
 <!--            <artifactId>junit</artifactId>-->
 <!--            <version>4.13.2</version>-->

api/src/main/resources/application.yaml

@@ -4,7 +4,12 @@ server:
 spring:
   application:
     name: api-service
-
+  security:
+    user:
+      name: admin
+      password: password
+    basic:
+      enabled: true
   cloud:
     nacos:
       discovery:
@@ -19,6 +24,20 @@ spring:
         - id: tao_oms_route
           uri: lb://tao-oms  # lb 表示从 nacos 中按照名称获取微服务,并遵循负载均衡策略，user-service 对应用户微服务应用名
           predicates:
-            - Path=/tao-api/**  # 使用断言
+            - Path=/tao-service/**  # 使用断言
           filters:
             - StripPrefix=1       # 使用过滤器
+#            - name: Security   # 添加安全过滤器
+#              args:
+#                springSecurityFilterChain: # 配置Spring Security过滤器链
+#                  order: 0
+#                  securityMatcher: org.springframework.security.web.util.matcher.AntPathRequestMatcher
+#                  securityFilter: org.springframework.security.web.server.SecurityWebFilterChainFilter
+#                  securityContextRepository: org.springframework.security.web.server.context.ServerSecurityContextRepository
+#                  serverAccessDeniedHandler: org.springframework.security.web.server.access.AccessDeniedHandlerImpl
+#                  serverAuthenticationEntryPoint: org.springframework.security.web.server.authentication.BasicAuthenticationEntryPoint
+
+## 授权规则
+#security:
+#  rules:
+#    - pattern: /api/tao-service/**   # 定义需要授权的URL模式

tao-oms/pom.xml

@@ -51,13 +51,16 @@
             <groupId>com.alibaba.cloud</groupId>
             <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
         </dependency>
-
+<!--        <dependency>-->
-        <dependency>
+<!--            <groupId>org.springframework.boot</groupId>-->
-            <groupId>junit</groupId>
+<!--            <artifactId>spring-boot-starter-security</artifactId>-->
-            <artifactId>junit</artifactId>
+<!--        </dependency>-->
-            <version>4.13.2</version>
+<!--        <dependency>-->
-            <scope>test</scope>
+<!--            <groupId>junit</groupId>-->
-        </dependency>
+<!--            <artifactId>junit</artifactId>-->
+<!--            <version>4.13.2</version>-->
+<!--            <scope>test</scope>-->
+<!--        </dependency>-->
     </dependencies>
     <dependencyManagement>
         <dependencies>

tao-oms/src/main/java/com/qihang/tao/TaoOmsApplication.java

@@ -4,11 +4,13 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 /**
  * Hello world!
  *
  */
+//@EnableWebSecurity
 @EnableDiscoveryClient
 @SpringBootApplication(exclude = { DataSourceAutoConfiguration.class })
 public class TaoOmsApplication

tao-oms/src/main/resources/application.yaml

@@ -9,6 +9,17 @@ spring:
       - nacos:qihang-oms.yaml?refresh=true
   application:
     name: tao-oms
+  security:
+    user:
+      name: admin
+      password: password
+    basic:
+      enabled: true
+
+# 授权规则
+security:
+  rules:
+    - pattern: /api/**   # 定义需要授权的URL模式
 
 server:
   port: 8081