盘古低代码平台

升级鉴权

变动清单 

pangea-demo
|
|── pom.xml  #删除原有security相关依赖包, 添加pangea-common-security依赖包
|
|—— application*.yml #删除所有的security配置,添加新的security配置
|
|—— client包 #删除security相关配置类
|
|-- config包 #删除security相关配置类
|
|-- security包 #删除security相关配置类

1.pom.xml

* 删除原有security相关依赖包,列表如下

xml
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-test</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-jwt</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-data</artifactId>
</dependency>

* 添加pangea-common-security依赖包

xml
<dependency>
    <groupId>com.hisense.pangea</groupId>
    <artifactId>pangea-common-security</artifactId>
    <version>2.2.1</version>
</dependency>

2.application*.yml

删除application.yml中的security配置

yaml
security:
    oauth2:
        resource:
            filter-order: 3

删除application-dev.yml、application-prod.yml中的security配置

yaml
security:
    client-authorization:
#            access-token-uri: http://${UAA_URL:hisense-uaa.devapp.hisense.com}/oauth/token
#            access-token-uri: http://10.19.40.113:9999/oauth/token
        access-token-uri: http://uaa/oauth/token
#            access-token-uri: http://localhost:9999/oauth/token
        token-service-id: uaa
        client-id: internal
        client-secret: internal
        
oauth2:
    signature-verification:
#        public-key-endpoint-uri: http://${UAA_URL:hisense-uaa.devapp.hisense.com}/oauth/token_key
        #public-key-endpoint-uri: http://10.19.40.113:9999/oauth/token_key
#        public-key-endpoint-uri: http://localhost:9999/oauth/token_key
        public-key-endpoint-uri: http://uaa/oauth/token_key

        #ttl for public keys to verify JWT tokens (in ms)
        ttl: 3600000
        #max. rate at which public keys will be fetched (in ms)
        public-key-refresh-rate-limit: 10000
    web-client-configuration:
        #keep in sync with UAA configuration
        client-id: web_app
        secret: changeit

在application.yml中添加以下security配置

yaml
# 认证配置
security:
  oauth2:
    client:
      client-id: pangea  #客户端ID
      client-secret: 123456 #客户端秘钥
      scope: server
    resource:
      loadBalanced: true
      token-info-uri: http://pangea-auth/auth/oauth/check_token  #token校验地址
    ignore: #放行路径
      urls:
        - /v2/api-docs

3.删除security相关配置类

security配置类清单

AuthorizedFeignClient.java
AuthorizedUserFeignClient.java
OAuth2InterceptedFeignConfiguration.java
OAuth2UserClientFeignConfiguration.java
UserFeignClientInterceptor.java
OAuth2JwtAccessTokenConverter.java
OAuth2Properties.java
SecurityConfiguration.java
OAuth2SignatureVerifierClient.java
UaaSignatureVerifierClient.java
AuthoritiesConstants.java
SecurityUtils.java
SpringSecurityAuditorAware.java

注意

以上security相关配置类如在服务中不存在,请忽略!