diff --git "a/docs/myserver/\346\227\201\350\267\257\347\224\261\347\275\221\345\205\263.md" "b/docs/myserver/\346\227\201\350\267\257\347\224\261\347\275\221\345\205\263.md" deleted file mode 100644 index 5ae508c52e..0000000000 --- "a/docs/myserver/\346\227\201\350\267\257\347\224\261\347\275\221\345\205\263.md" +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: 旁路由网关 -date: 2024-04-02 -author: chensino -publish: true -isOriginal: true ---- - -### 问题1. 内网主机把网关指向旁路由无法通过主路由端口转发 - -~~~markdown - -~~~ - - -参考: -[参考](https://blog.xiaoz.org/archives/19182) \ No newline at end of file diff --git a/docs/other/sono/SUC.md b/docs/other/sono/SUC.md deleted file mode 100644 index 966439ef52..0000000000 --- a/docs/other/sono/SUC.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: 客户端对接用户中心 -name: chensino -category: - - 公司业务 - ---- - -## 1、基础环境搭建 - -### 1.1 引入依赖 - -~~~xml - - org.springframework.security.oauth.boot - spring-security-oauth2-autoconfigure - 2.1.2.RELEASE - -~~~ - -### 1.2 配置 - -#### 1.2.1 application.yml - -~~~yaml -security: - oauth2: - client: - client-id: pig - client-secret: pig - user-authorization-uri: http://localhost:3000/oauth/authorize - access-token-uri: http://localhost:3000/oauth/token - scope: server - resource: - loadBalanced: true - token-info-uri: http://localhost:3000/oauth/check_token -~~~ - -#### 1.2.2 Security配置demo - -~~~java - -@Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) -@EnableOAuth2Sso -@Order(111) -public class SecurityConfigOAuth extends WebSecurityConfigurerAdapter { - - /** - * 自定义密码加密方式,解密会自动调用PasswordEncoder的match方法 - * - * @return - */ - @Bean - PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - - /** - * 处理接口权限 - */ - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.antMatcher("/**") - .authorizeRequests() - .antMatchers("/", "/login**") - .permitAll() - .anyRequest() - .authenticated(); - http.csrf().disable(); - } - - @Bean - UserDetailsService userDetailsService(SysUserService sysUserService) { - return new CustomUserDetailsService(sysUserService); - } -} -~~~ - -## 2、用户中心用户转本地用户 - -### 2.1 过滤器进行拦截处理 - -~~~java -@Component -public class OAuthFilter extends OncePerRequestFilter { - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - //1. 根据token获取本地系统对应用户 - LoginUser loginUser = tokenService.getLoginUser(request); - //2. 校验并设置用户信息到SecurityContext - if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) - { - tokenService.verifyToken(loginUser); - UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities()); - authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); - SecurityContextHolder.getContext().setAuthentication(authenticationToken); - } - //3. 校验通过放行 - chain.doFilter(request, response); - } -} -~~~ - -~~~markdown -流程: -1. 不带token访问客户端接口 -2. 客户端重定向到授权服务器认证页面,要求用户登录 -3. 登录成功,授权中心返回code,并且会拿code到授权中心换取token -4. 拿到token,重定向到最初访问的接口,并且此次请求会携带token -5. 客户端过滤器拿到token后,先把token转化为本系统的用户信息 -5. 通过过滤器验证,最终访问接口,返回接口数据 -~~~ diff --git a/package-lock.json b/package-lock.json index 1154d5dd8a..6b6f08dc55 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2818,9 +2818,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "dependencies": { "path-key": "^3.1.0",