게이트웨이 토큰 인증
This commit is contained in:
kimscott
@@ -1,4 +1,11 @@
|
|||||||
steps:
|
steps:
|
||||||
|
- id: 'build'
|
||||||
|
name: 'gcr.io/cloud-builders/mvn'
|
||||||
|
args: [
|
||||||
|
'clean',
|
||||||
|
'package',
|
||||||
|
'-Dmaven.test.skip=true'
|
||||||
|
]
|
||||||
### Build
|
### Build
|
||||||
- id: 'build'
|
- id: 'build'
|
||||||
name: 'gcr.io/cloud-builders/docker'
|
name: 'gcr.io/cloud-builders/docker'
|
||||||
|
|||||||
28
pom.xml
28
pom.xml
@@ -15,7 +15,7 @@
|
|||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<java.version>1.8</java.version>
|
<java.version>1.8</java.version>
|
||||||
<spring-cloud.version>Greenwich.RELEASE</spring-cloud.version>
|
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@@ -28,6 +28,32 @@
|
|||||||
<groupId>org.springframework.cloud</groupId>
|
<groupId>org.springframework.cloud</groupId>
|
||||||
<artifactId>spring-cloud-starter-gateway</artifactId>
|
<artifactId>spring-cloud-starter-gateway</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<!-- Add spring security -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-webflux</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-oauth2-client</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-oauth2-jose</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-oauth2-resource-server</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security.oauth.boot</groupId>
|
||||||
|
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
|||||||
@@ -1,31 +1,31 @@
|
|||||||
//package com.example.template;
|
package com.example.template;
|
||||||
//
|
|
||||||
//import com.nimbusds.jose.jwk.JWKSet;
|
import com.nimbusds.jose.jwk.JWKSet;
|
||||||
//import com.nimbusds.jose.jwk.RSAKey;
|
import com.nimbusds.jose.jwk.RSAKey;
|
||||||
//import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
|
import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
|
||||||
//import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
//import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
//import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
//
|
|
||||||
//import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
//import java.security.Principal;
|
import java.security.Principal;
|
||||||
//import java.security.interfaces.RSAPublicKey;
|
import java.security.interfaces.RSAPublicKey;
|
||||||
//import java.util.Map;
|
import java.util.Map;
|
||||||
//
|
|
||||||
//@FrameworkEndpoint
|
@FrameworkEndpoint
|
||||||
//@RestController
|
@RestController
|
||||||
//public class JwkSetEndpointConfiguration {
|
public class JwkSetEndpointConfiguration {
|
||||||
// KeyPair keyPair;
|
KeyPair keyPair;
|
||||||
//
|
|
||||||
// public JwkSetEndpointConfiguration(KeyPair keyPair) {
|
public JwkSetEndpointConfiguration(KeyPair keyPair) {
|
||||||
// this.keyPair = keyPair;
|
this.keyPair = keyPair;
|
||||||
// }
|
}
|
||||||
//
|
|
||||||
// @GetMapping("/.well-known/jwks.json")
|
@GetMapping("/.well-known/jwks.json")
|
||||||
// @ResponseBody
|
@ResponseBody
|
||||||
// public Map<String, Object> getKey(Principal principal) {
|
public Map<String, Object> getKey(Principal principal) {
|
||||||
// RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
|
RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
|
||||||
// RSAKey key = new RSAKey.Builder(publicKey).build();
|
RSAKey key = new RSAKey.Builder(publicKey).build();
|
||||||
// return new JWKSet(key).toJSONObject();
|
return new JWKSet(key).toJSONObject();
|
||||||
// }
|
}
|
||||||
//}
|
}
|
||||||
@@ -1,42 +1,42 @@
|
|||||||
//package com.example.template;
|
package com.example.template;
|
||||||
//import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
//import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
//import org.springframework.core.io.ClassPathResource;
|
import org.springframework.core.io.ClassPathResource;
|
||||||
//import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||||
//import org.springframework.security.config.web.server.ServerHttpSecurity;
|
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||||
//import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
|
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
|
||||||
//import org.springframework.security.web.server.SecurityWebFilterChain;
|
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||||
//
|
|
||||||
//import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
//
|
|
||||||
//@Configuration
|
@Configuration
|
||||||
//@EnableWebFluxSecurity
|
@EnableWebFluxSecurity
|
||||||
//public class ResourceServerConfiguration {
|
public class ResourceServerConfiguration {
|
||||||
//
|
|
||||||
// @Bean
|
@Bean
|
||||||
// SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||||
//
|
|
||||||
// http
|
http
|
||||||
// .cors().and()
|
.cors().and()
|
||||||
// .csrf().disable()
|
.csrf().disable()
|
||||||
// .authorizeExchange()
|
.authorizeExchange()
|
||||||
// .pathMatchers("/oauth/**","/login/**","/.well-known/jwks.json").permitAll()
|
.pathMatchers("/oauth/**","/login/**","/.well-known/jwks.json").permitAll()
|
||||||
// .anyExchange().authenticated()
|
.anyExchange().authenticated()
|
||||||
// .and()
|
.and()
|
||||||
// .oauth2ResourceServer()
|
.oauth2ResourceServer()
|
||||||
// .jwt()
|
.jwt()
|
||||||
// ;
|
;
|
||||||
//
|
|
||||||
// return http.build();
|
return http.build();
|
||||||
// }
|
}
|
||||||
//
|
|
||||||
// @Bean
|
@Bean
|
||||||
// public KeyPair makeKeyPair(){
|
public KeyPair makeKeyPair(){
|
||||||
// KeyPair keyPair = new KeyStoreKeyFactory(
|
KeyPair keyPair = new KeyStoreKeyFactory(
|
||||||
// new ClassPathResource("server.jks"), "qweqwe".toCharArray())
|
new ClassPathResource("server.jks"), "qweqwe".toCharArray())
|
||||||
// .getKeyPair("uengine", "qweqwe".toCharArray());
|
.getKeyPair("uengine", "qweqwe".toCharArray());
|
||||||
// return keyPair;
|
return keyPair;
|
||||||
// }
|
}
|
||||||
//
|
|
||||||
//
|
|
||||||
//}
|
}
|
||||||
|
|||||||
@@ -5,20 +5,20 @@ server:
|
|||||||
---
|
---
|
||||||
spring:
|
spring:
|
||||||
profiles: default
|
profiles: default
|
||||||
# security:
|
security:
|
||||||
# oauth2:
|
oauth2:
|
||||||
# resourceserver:
|
resourceserver:
|
||||||
# jwt:
|
jwt:
|
||||||
# jwk-set-uri: http://localhost:8080/.well-known/jwks.json
|
jwk-set-uri: http://localhost:8080/.well-known/jwks.json
|
||||||
cloud:
|
cloud:
|
||||||
gateway:
|
gateway:
|
||||||
routes:
|
routes:
|
||||||
- id: product
|
- id: product
|
||||||
uri: http://localhost:8085
|
uri: http://localhost:8085
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/products/**
|
- Path=/product/**
|
||||||
- id: goodsㄹ
|
- id: goods
|
||||||
uri: http://localhost:8085
|
uri: http://product:8085
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/goods/**
|
- Path=/goods/**
|
||||||
- id: order
|
- id: order
|
||||||
@@ -66,15 +66,19 @@ spring:
|
|||||||
- id: product
|
- id: product
|
||||||
uri: http://product:8080
|
uri: http://product:8080
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/product/**
|
- Path=/products/**
|
||||||
|
- id: goods
|
||||||
|
uri: http://product:8080
|
||||||
|
predicates:
|
||||||
|
- Path=/goods/**
|
||||||
- id: order
|
- id: order
|
||||||
uri: http://order:8080
|
uri: http://order:8080
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/order/**
|
- Path=/orders/**
|
||||||
- id: delivery
|
- id: delivery
|
||||||
uri: http://delivery:8080
|
uri: http://delivery:8080
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/deliveries/**
|
- Path=/deliveryies/**
|
||||||
- id: marketing
|
- id: marketing
|
||||||
uri: http://marketing:8080
|
uri: http://marketing:8080
|
||||||
predicates:
|
predicates:
|
||||||
@@ -82,7 +86,15 @@ spring:
|
|||||||
- id: servicecenter
|
- id: servicecenter
|
||||||
uri: http://servicecenter:8080
|
uri: http://servicecenter:8080
|
||||||
predicates:
|
predicates:
|
||||||
- Path=/customers/**
|
- Path=/serveys/**
|
||||||
|
- id: mypage
|
||||||
|
uri: http://mypage:8080
|
||||||
|
predicates:
|
||||||
|
- Path=/users/**,/mypage/**
|
||||||
|
- id: oauth
|
||||||
|
uri: http://oauth:8080
|
||||||
|
predicates:
|
||||||
|
- Path=/oauth/**
|
||||||
globalcors:
|
globalcors:
|
||||||
corsConfigurations:
|
corsConfigurations:
|
||||||
'[/**]':
|
'[/**]':
|
||||||
@@ -93,5 +105,6 @@ spring:
|
|||||||
allowedHeaders:
|
allowedHeaders:
|
||||||
- "*"
|
- "*"
|
||||||
allowCredentials: true
|
allowCredentials: true
|
||||||
|
|
||||||
server:
|
server:
|
||||||
port: 8080
|
port: 8080
|
||||||
Reference in New Issue
Block a user