两服务之间通过auth-server校验才能进行

spring5-admin/src/main/java/com/yaozhitech/spring5/AdminApplication.java

@@ -4,7 +4,9 @@ import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 
+@EnableFeignClients
 @EnableDiscoveryClient
 @SpringBootApplication
 @MapperScan("com.yaozhitech.spring5.mapper")

spring5-auth/spring5-auth-client/src/main/java/com/yaozhitech/spring5/intercept/OkHttpTokenInterceptor.java

@@ -20,6 +20,7 @@ public class OkHttpTokenInterceptor implements RequestInterceptor{
 	@Override
 	public void apply(RequestTemplate template) {
 		template.header("x-auth-client", JwtUtils.sign(applicationName + "." + clientSecret, JwtUtils.generateSalt(), 3600));
+		template.header("x-auth-token", "gateway");
 	}
 
 }

spring5-auth/spring5-auth-client/src/main/java/com/yaozhitech/spring5/intercept/ServiceAuthRestInterceptor.java

@@ -1,19 +1,18 @@
 package com.yaozhitech.spring5.intercept;
 
-import java.util.Arrays;
-import java.util.List;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import com.yaozhitech.spring5.annotation.IgnoreClientToken;
 import com.yaozhitech.spring5.common.exception.auth.ClientForbiddenException;
-import com.yaozhitech.spring5.config.ServiceAuthConfig;
+import com.yaozhitech.spring5.provider.AuthServerProvider;
 import com.yaozhitech.spring5.utils.JwtUtils;
 
 import lombok.extern.slf4j.Slf4j;
@@ -27,13 +26,11 @@ import lombok.extern.slf4j.Slf4j;
 public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
     private Logger logger = LoggerFactory.getLogger(ServiceAuthRestInterceptor.class);
 
-//  @Autowired
-//  private ServiceAuthUtil serviceAuthUtil;
-//
-//  @Autowired
-  private ServiceAuthConfig serviceAuthConfig;
-
-  private List<String> allowedClient = Arrays.asList("admin", "order", "gateway");
+  @Autowired
+  private AuthServerProvider clientAuthProvider;
+  
+  @Value("${spring.application.name}")
+  private String applicationName;
 
   @Override
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -52,20 +49,21 @@ public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
           return super.preHandle(request, response, handler);
       }
 
-		String token = request.getHeader("x-auth-client");
+		String token = request.getHeader("x-auth-token");
 		logger.info(token);
 		
+		String client = request.getHeader("x-auth-client");
+		
 		if (token.equals("gateway")) {
 			return super.preHandle(request, response, handler);
 		}
 
 		try {
-			String uniqueName = JwtUtils.getUsername(token);
-			for (String client : allowedClient) {
-				if (client.equals(uniqueName.split("\\.")[0])) {
-					return super.preHandle(request, response, handler);
-				}
+			String uniqueName = JwtUtils.getUsername(client);
+			if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, uniqueName.split("\\.")[0], uniqueName.split("\\.")[1]))) {
+				return super.preHandle(request, response, handler);
 			}
+			
 		} catch (Exception e) {
 			log.error(e.getMessage(), e);
 			throw new ClientForbiddenException("Client verfy error");

spring5-auth/spring5-auth-client/src/main/java/com/yaozhitech/spring5/provider/AuthServerProvider.java

@@ -0,0 +1,12 @@
+package com.yaozhitech.spring5.provider;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@FeignClient(name = "auth-server")
+public interface AuthServerProvider {
+
+	@GetMapping(value = "/clientAuth/verify/")
+    Boolean verify(@RequestParam("service") String service, @RequestParam("allowClient") String allowClient, @RequestParam("secret") String secret);
+}

spring5-auth/spring5-auth-client/src/main/resources/application.yml

@@ -1,36 +0,0 @@
-server:
-  port: 8080
-
-logging:
-  level:
-    root: INFO
-    org.springframework.web: INFO
-    org.springframework.security: INFO
-#    org.springframework.boot.autoconfigure: DEBUG
-
-spring:
-  thymeleaf:
-    cache: false
-  security:
-    oauth2:
-      client:
-        registration:
-          github:
-            client-id: 7b9c752378a3d95a4529
-            client-secret: f635d8c7d44a50bdf12f2055e7e44b2bbc9c1043
-#           google:
-#             client-id: your-app-client-id
-#             client-secret: your-app-client-secret
-#           okta:
-#             client-id: fooClientIdPassword
-#             client-secret: secret
-#             scopes: read,foo
-#             authorization-grant-type: authorization_code
-#             redirect-uri-template: http://localhost:8080/login/oauth2/code/custom
-#         provider:
-#           okta:
-#             authorization-uri: http://localhost:8081/spring-security-oauth-server/oauth/authorize
-#             token-uri: http://localhost:8081/spring-security-oauth-server/oauth/token
-#             user-info-uri: http://localhost:8088/spring-security-oauth-resource/users/extra
-#             user-name-attribute: user_name
-            

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/config/ShiroConfiguration.java

@@ -112,7 +112,7 @@ public class ShiroConfiguration {
         chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); //只允许admin或manager角色的用户访问
         chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
         chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
-        chainDefinition.addPathDefinition("/**", "noSessionCreation,anon"); // 默认进行用户鉴权
+        chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
         return chainDefinition;
     }
 

spring5-auth/spring5-auth-server/src/main/resources/application.yml

@@ -1,6 +1,3 @@
-server:
-  port: 8751
-
 logging:
   level:
     root: INFO

spring5-auth/spring5-auth-server/src/main/resources/bootstrap.yml

@@ -0,0 +1,12 @@
+server:
+  port: ${SERVER_PORT:8751}
+spring:
+  application:
+    name: auth-server
+  cloud:
+    nacos:
+      discovery:
+        server-addr: ${REGISTER_HOST:192.168.99.100}:${REGISTER_PORT:8848}
+      config:
+        server-addr: ${REGISTER_HOST:192.168.99.100}:${REGISTER_PORT:8848}
+        file-extension: yml