Springcloud microservice design plan 1: gateway+springsecurity+session sharing

Language 2023-10-05 04:23:32 views: null

Table of contents

Architecture plan

1. Plan description:

2. Architecture diagram:

3. Project structure:

4. Request process and code examples:

5. Test effect

Architecture plan

It is different from most solutions based on gateway + springsecurity + token + redis on the Internet.

This solution uses spring security's session sharing mechanism for authentication and authentication. At the same time, this solution does not integrate springsecurity into springcloud gateway, but as a common component, integrated into authentication and business type microservices.

1. Plan description:

1) Whether it is authentication microservices or other business types of microservices, the springsecurity component is used as a dependent component of each microservice.

2) Authentication microservice, use springsecurity for authentication processing

3) All other business types of microservices use springsecurity for authentication processing

4) Use the session sharing mechanism of spring security to handle front-end calls and session sharing between microservices.

2. Architecture diagram:

  Note: For service registration and discovery, use nacos. Calls between services use OpenFeign

3. Project structure:

1) Module dependencies:

  • auth-->commons-->springsecurity
  • organization-->commons-springsecurity

For detailed configuration methods such as pom.xml, yml files, or annotation configuration, please refer to my other article:

springsecurity + session sharing + redis user login, permission verification,_still the sunglasses blog-CSDN blog

 2) Microservice structure

  • WisdomsiteGateway is a gateway service. In this service, it only forwards requests and does not perform authentication and authentication. (This is different from most solutions online)
  • Auth is an authentication service. For serious requests, authentication is processed and a valid session is returned.
  • Organization is a business service.
    • If the requested business service does not have authentication, the springsecurity component of the business service will prompt the message "Not logged in for authentication" and prompt to send an authentication request.
    • If the request information of this business service carries a valid session, the spring security component will perform authentication processing.

4. Request process and code examples:

Code example:

In the organization microservice, the permission expression @PreAuthorize("hasAuthority('org:position:user:count')") method is added

@RestController
@RequestMapping("/sysmgr/position")
public class PositionController extends BaseController<Position, IPositionService> {

	@PreAuthorize("hasAuthority('org:position:user:count')")
	@GetMapping("/getUserCount")
	public FdApiResult getUserCountById(Long id){
		return userFeignService.getUserCountByPositionId(id);
	}
		
}

userFeignService.getUserCountByPositionId in the above code is an OpenFeign method. This method calls the request of the auth microservice: /api/sysmgr/user/getUserCountByPositionId

@Component
@FeignClient(value = MicroServiceConstant.AUTH_SERVICE_NAME,  path= "/api/sysmgr/user",configuration = FeignConfig.class)
public interface IUserFeignService {

    @GetMapping("/getUserCountByPositionId")
    public FdApiResult getUserCountByPositionId(@RequestParam("id") Long id);
}

I have temporarily defined this request processing in the auth microservice, but it can also be in a new microservice.

@RestController
@RequestMapping("/sysmgr/user")
@Slf4j
public class UserController extends BaseController<User, IUserService> {

	@PreAuthorize("hasAuthority('org:position:user:count')")
	@GetMapping("/getUserCountByPositionId")
	public FdApiResult getUserCountByPositionId(Long id){
		return FdApiResult.success(String.valueOf(5));
	}

}

This is just to illustrate that no matter which microservice is processing the request, as long as the @PreAuthorize("hasAuthority('org:position:user:count')") permission statement is added, the authentication effect will be achieved.

Therefore, this is equivalent to performing two org:position:user:count permission verifications. The first time is in the organization, and the second time is when openfeign requests auth, and another authentication is performed.

5. Test effect

1) Test login:

2) Test business request

Get the number of users for a certain position:

  • Effect of business request without login authentication

  • After login authentication, the effect of unauthorized business requests

  • After authenticating and logging in, the effect of authorized business requests

Guess you like

Origin blog.csdn.net/louis_lee7812/article/details/127437114
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com