添加安全验证

bd8ef4fc · 袁伟铭 · eeade8ae · bd8ef4fc · bd8ef4fc · bd8ef4fc
Commit bd8ef4fc authored Jul 10, 2023 by 袁伟铭
12 changed files
--- a/admin-server/src/main/java/com/zq/admin/modules/security/rest/AuthorizationController.java
+++ b/admin-server/src/main/java/com/zq/admin/modules/security/rest/AuthorizationController.java
@@ -32,6 +32,8 @@ import com.zq.common.annotation.rest.AnonymousGetMapping;
 import com.zq.common.annotation.rest.AnonymousPostMapping;
 import com.zq.common.config.redis.RedisUtils;
 import com.zq.common.config.security.SecurityProperties;
+import com.zq.common.context.ContextUtils;
+import com.zq.common.vo.OnlineUserDto;
 import com.zq.common.vo.ResultVo;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -124,6 +126,12 @@ public class AuthorizationController {
        return ResponseEntity.ok(SecurityUtils.getCurrentUser());
    }
+    @ApiOperation("获取当前用户")
+    @GetMapping(value = "/getCurrentUser")
+    public ResultVo<OnlineUserDto> getCurrentUser() {
+        return ResultVo.success(ContextUtils.getAdminContext());
+    }
    @ApiOperation("获取验证码")
    @AnonymousGetMapping(value = "/code")
    public ResponseEntity<Object> getCode() {

--- a/admin-server/src/main/resources/bootstrap.yml
+++ b/admin-server/src/main/resources/bootstrap.yml
@@ -8,13 +8,18 @@ spring:
      discovery:
        enabled: true
        service-id: CONFIG-SERVER
+      username: admin
+      password: 123456
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@
--- a/api-server/src/main/resources/bootstrap.yml
+++ b/api-server/src/main/resources/bootstrap.yml
@@ -8,16 +8,20 @@ spring:
      discovery:
        enabled: true
        service-id: CONFIG-SERVER
+      username: admin
+      password: 123456
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@
 feign:
  client:

--- a/config-server/pom.xml
+++ b/config-server/pom.xml
@@ -20,6 +20,11 @@
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>
+        <!--Spring boot 安全框架-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
    </dependencies>
    <build>

--- a/config-server/src/main/resources/application.yml
+++ b/config-server/src/main/resources/application.yml
@@ -5,6 +5,10 @@ spring:
    name: CONFIG-SERVER
  profiles:
    active: native  # 配置使用本地储存
+  security:
+    user:
+      name: admin
+      password: 123456
  cloud:
    config:
      server:
@@ -18,12 +22,14 @@ spring:
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@
 management:
  endpoints:

--- a/eureka-server/src/main/resources/application.yml
+++ b/eureka-server/src/main/resources/application.yml
@@ -8,20 +8,24 @@ spring:
      name: admin
      password: 123456
 eureka:
+  instance:
+    #设置使用IP注册就会优先使用IP，hostname则无效
+    prefer-ip-address: true
+    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  server:
    # 关闭自我保护机制（程序停掉了还注册的问题）
    enable-self-preservation: false
-    # 主动失效检测间隔,配置成5秒
+    # 主动检测失效间隔,配置成3秒,默认60000
-    eviction-interval-timer-in-ms: 2000
+    eviction-interval-timer-in-ms: 3000
-    # 禁用readOnlyCacheMap
+    # 禁用use-read-only-response-cache只读缓存或者减少response-cache-update-interval-ms更新缓存的时间间隔都可以更快的同步实例信息
-    use-read-only-response-cache: false
+    #    use-read-only-response-cache: false
+    # 减少readWrite 和 readOnly 同步时间间隔。
+    response-cache-update-interval-ms: 3000
  client:
-    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-    registry-fetch-interval-seconds: 10
    # 表示是否将自己注册到Eureka Server，默认为true。
    register-with-eureka: false
    # 表示是否从Eureka Server获取注册信息，默认为true。
    fetch-registry: false
-    # 设置与Eureka Server交互的地址，查询服务和注册服务都需要依赖这个地址。默认是http://localhost:8761/eureka/；多个地址可使用,分隔
+    # 设置与Eureka Server交互的地址，查询服务和注册服务都需要依赖这个地址。默认是http://127.0.0.1:8000/eureka ；多个地址可使用,分隔
    service-url:
-      defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@${spring.cloud.client.ip-address}:${server.port}/eureka/
+      defaultZone: http://admin:GXfy2021@127.0.0.1:8800/eureka/
\ No newline at end of file
--- a/file-server/src/main/resources/bootstrap.yml
+++ b/file-server/src/main/resources/bootstrap.yml
@@ -8,13 +8,18 @@ spring:
      discovery:
        enabled: true
        service-id: CONFIG-SERVER
+      username: admin
+      password: 123456
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@
--- a/gateway-server/src/main/resources/bootstrap.yml
+++ b/gateway-server/src/main/resources/bootstrap.yml
@@ -8,13 +8,18 @@ spring:
      discovery:
        enabled: true
        service-id: CONFIG-SERVER
+      username: admin
+      password: 123456
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@
            <properties>
                <profiles.active>dev</profiles.active>
                <logging.level>debug</logging.level>
-                <eureka.server.url>http://admin:123456@127.0.0.1:8800/eureka/</eureka.server.url>
+                <register.url>http://admin:123456@127.0.0.1:8800/eureka/</register.url>
            </properties>
            <activation>
                <activeByDefault>true</activeByDefault>
@@ -110,7 +110,7 @@
            <properties>
                <profiles.active>test</profiles.active>
                <logging.level>debug</logging.level>
-                <eureka.server.url>http://admin:123456@127.0.0.1:8800/eureka/</eureka.server.url>
+                <register.url>http://admin:123456@127.0.0.1:8800/eureka/</register.url>
            </properties>
        </profile>
        <profile>
@@ -119,7 +119,7 @@
            <properties>
                <profiles.active>product</profiles.active>
                <logging.level>info</logging.level>
-                <eureka.server.url>http://admin:123456@127.0.0.1:8800/eureka/</eureka.server.url>
+                <register.url>http://admin:123456@127.0.0.1:8800/eureka/</register.url>
            </properties>
        </profile>
    </profiles>

--- a/user-server/src/main/java/com/zq/user/config/TokenFilter.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenFilter.java
@@ -65,7 +65,10 @@ public class TokenFilter extends GenericFilterBean {
                ResultVo<OnlineUserDto> resultVo = adminFeignClient.getCurrentUser();
                onlineUserDto = resultVo.getData();
            } catch (Exception e) {
-                log.error(">> 获取当前用户失败：" + e.getMessage());
+                String requestUri = httpServletRequest.getRequestURI();
+                if (!"/error".equals(requestUri)) {
+                    log.error(">> 获取当前用户失败：[{}] {}", requestUri, e.getMessage());
+                }
            }
            if (onlineUserDto != null && StringUtils.isNotBlank(token)) {
                Authentication authentication = tokenProvider.getAuthentication(token);

--- a/user-server/src/main/java/com/zq/user/controller/admin/UserAdminController.java
+++ b/user-server/src/main/java/com/zq/user/controller/admin/UserAdminController.java
 package com.zq.user.controller.admin;
-import com.zq.common.annotation.AnonymousAccess;
 import com.zq.common.vo.PageVo;
 import com.zq.common.vo.ResultVo;
 import com.zq.logging.annotation.Log;
@@ -28,7 +27,7 @@ public class UserAdminController {
    private final UserService userService;
    @Log("获取用户列表")
-    @AnonymousAccess
+    // @AnonymousAccess
    @ApiOperation("获取用户列表")
    @PostMapping(value = "/getUserList")
    public ResultVo<PageVo<AppUser>> getUserList(@RequestBody FindAppUserVo vo) {

--- a/user-server/src/main/resources/bootstrap.yml
+++ b/user-server/src/main/resources/bootstrap.yml
@@ -8,13 +8,18 @@ spring:
      discovery:
        enabled: true
        service-id: CONFIG-SERVER
+      username: admin
+      password: 123456
 eureka:
  instance:
    prefer-ip-address: true
-    lease-renewal-interval-in-seconds: 2 #每间隔1s，向服务端发送一次心跳，证明自己依然"存活"
+    lease-renewal-interval-in-seconds: 5 #向服务端发送心跳间隔
-    lease-expiration-duration-in-seconds: 6 #告诉服务端，如果我2s之内没有给你发心跳，就代表我"死"了，将我踢出掉。
+    lease-expiration-duration-in-seconds: 15 #告诉服务端多少秒没收到心跳将我踢出掉。
    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
  client:
-    service-url:
+    # 客户端拉取readOnly缓存的时间间隔，默认是30s
-      defaultZone: @eureka.server.url@
+    registry-fetch-interval-seconds: 3 # 拉取注册表信息间隔时间
+    serviceUrl:
+      defaultZone: @register.url@