From 0db0fe9fad2fccd0d40d2a1f9f6c22516779920d Mon Sep 17 00:00:00 2001
From: Haotian Zhang <928016560@qq.com>
Date: Mon, 18 Nov 2024 20:08:59 +0800
Subject: [PATCH] feat:support auth.
---
CHANGELOG.md | 1 +
pom.xml | 1 +
spring-cloud-starter-tencent-all/pom.xml | 5 +
.../DecodeTransferMetadataReactiveFilter.java | 2 -
.../pom.xml | 106 ++++++++++++++++++
.../auth/config/AuthConfigModifier.java | 46 ++++++++
.../config/PolarisAuthAutoConfiguration.java | 86 ++++++++++++++
.../auth/config/PolarisAuthProperties.java | 40 +++++++
...olarisAuthPropertiesAutoConfiguration.java | 39 +++++++
...sAuthPropertiesBootstrapConfiguration.java | 34 ++++++
.../auth/filter/AuthReactiveFilter.java | 70 ++++++++++++
.../auth/filter/AuthServletFilter.java | 68 +++++++++++
.../polaris/auth/utils/AuthenticateUtils.java | 53 +++++++++
...itional-spring-configuration-metadata.json | 10 ++
.../main/resources/META-INF/spring.factories | 2 +
...ot.autoconfigure.AutoConfiguration.imports | 2 +
.../pom.xml | 5 +
.../cloud/common/constant/OrderConstant.java | 19 +++-
.../metadata/MetadataContextHolder.java | 4 +-
spring-cloud-tencent-coverage/pom.xml | 9 +-
spring-cloud-tencent-dependencies/pom.xml | 15 ++-
.../tsf-example/provider-demo/pom.xml | 5 +
spring-cloud-tencent-polaris-context/pom.xml | 5 +
.../context/PolarisSDKContextManager.java | 17 +++
24 files changed, 635 insertions(+), 9 deletions(-)
create mode 100644 spring-cloud-starter-tencent-polaris-auth/pom.xml
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories
create mode 100644 spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f67a3befd8..5e93ab1c64 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,3 +33,4 @@
- [feat: support lossless config from console & support warmup.](https://github.com/Tencent/spring-cloud-tencent/pull/1452)
- [feat:add admin http handler.](https://github.com/Tencent/spring-cloud-tencent/pull/1453)
- [feat:support concurrency rate limit.](https://github.com/Tencent/spring-cloud-tencent/pull/1457)
+- [feat:support auth.](https://github.com/Tencent/spring-cloud-tencent/pull/1461)
diff --git a/pom.xml b/pom.xml
index 2973cc9eb3..40c07899e1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,6 +48,7 @@
spring-cloud-starter-tencent-polaris-circuitbreaker
spring-cloud-starter-tencent-polaris-router
spring-cloud-starter-tencent-polaris-contract
+ spring-cloud-starter-tencent-polaris-auth
spring-cloud-tencent-plugin-starters
spring-cloud-tencent-dependencies
spring-cloud-starter-tencent-all
diff --git a/spring-cloud-starter-tencent-all/pom.xml b/spring-cloud-starter-tencent-all/pom.xml
index 767a25866e..a2a5e53f03 100644
--- a/spring-cloud-starter-tencent-all/pom.xml
+++ b/spring-cloud-starter-tencent-all/pom.xml
@@ -54,6 +54,11 @@
com.tencent.cloud
spring-cloud-starter-tencent-trace-plugin
+
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
diff --git a/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java b/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
index f462f67fef..7e6240aef3 100644
--- a/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
+++ b/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
@@ -98,8 +98,6 @@ public Mono filter(ServerWebExchange serverWebExchange, WebFilterChain web
TransHeadersTransfer.transfer(serverHttpRequest);
return webFilterChain.filter(serverWebExchange)
- .doOnError(throwable -> LOG.error("handle metadata[{}] error.",
- MetadataContextHolder.get(), throwable))
.doFinally((type) -> MetadataContextHolder.remove());
}
diff --git a/spring-cloud-starter-tencent-polaris-auth/pom.xml b/spring-cloud-starter-tencent-polaris-auth/pom.xml
new file mode 100644
index 0000000000..c3fe3df236
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/pom.xml
@@ -0,0 +1,106 @@
+
+
+
+ spring-cloud-tencent
+ com.tencent.cloud
+ ${revision}
+ ../pom.xml
+
+ 4.0.0
+ spring-cloud-starter-tencent-polaris-auth
+ Spring Cloud Starter Tencent Polaris Auth
+
+
+
+
+ com.tencent.cloud
+ spring-cloud-tencent-rpc-enhancement
+
+
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-metadata-transfer
+
+
+
+
+
+ com.tencent.polaris
+ polaris-auth-factory
+
+
+
+ com.tencent.polaris
+ auth-block-allow-list
+
+
+
+ com.tencent.polaris
+ polaris-test-common
+ test
+
+
+
+ com.tencent.polaris
+ polaris-test-mock-discovery
+ test
+
+
+ junit
+ junit
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-starter-webflux
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+
+ org.springframework.boot
+ spring-boot-actuator
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-actuator-autoconfigure
+ true
+
+
+
+ org.mockito
+ mockito-inline
+ test
+
+
+
+ org.mockito
+ mockito-core
+ test
+
+
+
+ net.bytebuddy
+ byte-buddy
+ test
+
+
+
\ No newline at end of file
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java
new file mode 100644
index 0000000000..876b5fc3eb
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java
@@ -0,0 +1,46 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.polaris.context.PolarisConfigModifier;
+import com.tencent.polaris.factory.config.ConfigurationImpl;
+
+/**
+ * Config modifier for auth.
+ *
+ * @author Haotian Zhang
+ */
+public class AuthConfigModifier implements PolarisConfigModifier {
+
+ private final PolarisAuthProperties polarisAuthProperties;
+
+ public AuthConfigModifier(PolarisAuthProperties polarisAuthProperties) {
+ this.polarisAuthProperties = polarisAuthProperties;
+ }
+
+ @Override
+ public void modify(ConfigurationImpl configuration) {
+ configuration.getProvider().getAuth().setEnable(polarisAuthProperties.isEnabled());
+ }
+
+ @Override
+ public int getOrder() {
+ return OrderConstant.Modifier.AUTH_ORDER;
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java
new file mode 100644
index 0000000000..12434d2f8b
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java
@@ -0,0 +1,86 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.polaris.auth.filter.AuthReactiveFilter;
+import com.tencent.cloud.polaris.auth.filter.AuthServletFilter;
+import com.tencent.cloud.polaris.context.PolarisSDKContextManager;
+import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration;
+
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import static com.tencent.cloud.polaris.auth.filter.AuthServletFilter.AUTH_FILTER_BEAN_NAME;
+import static javax.servlet.DispatcherType.ASYNC;
+import static javax.servlet.DispatcherType.ERROR;
+import static javax.servlet.DispatcherType.FORWARD;
+import static javax.servlet.DispatcherType.INCLUDE;
+import static javax.servlet.DispatcherType.REQUEST;
+
+/**
+ * Auto configuration for auth.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@AutoConfigureAfter(PolarisContextAutoConfiguration.class)
+public class PolarisAuthAutoConfiguration {
+
+ /**
+ * Create when web application type is SERVLET.
+ */
+ @Configuration(proxyBeanMethods = false)
+ @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+ protected static class AuthServletFilterConfig {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AuthServletFilter authServletFilter(PolarisSDKContextManager polarisSDKContextManager) {
+ return new AuthServletFilter(polarisSDKContextManager.getAuthAPI());
+ }
+
+ @Bean
+ public FilterRegistrationBean authFilterRegistrationBean(
+ AuthServletFilter authServletFilter) {
+ FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(
+ authServletFilter);
+ registrationBean.setDispatcherTypes(ASYNC, ERROR, FORWARD, INCLUDE, REQUEST);
+ registrationBean.setName(AUTH_FILTER_BEAN_NAME);
+ registrationBean.setOrder(OrderConstant.Server.Servlet.AUTH_FILTER_ORDER);
+ return registrationBean;
+ }
+ }
+
+ /**
+ * Create when web application type is REACTIVE.
+ */
+ @Configuration(proxyBeanMethods = false)
+ @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
+ protected static class AuthReactiveFilterConfig {
+
+ @Bean
+ public AuthReactiveFilter authReactiveFilter(PolarisSDKContextManager polarisSDKContextManager) {
+ return new AuthReactiveFilter(polarisSDKContextManager.getAuthAPI());
+ }
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java
new file mode 100644
index 0000000000..cbef2320ca
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java
@@ -0,0 +1,40 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * The properties for auth.
+ *
+ * @author Haotian Zhang
+ */
+@ConfigurationProperties("spring.cloud.polaris.auth")
+public class PolarisAuthProperties {
+
+ private boolean enabled = true;
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java
new file mode 100644
index 0000000000..9c2cc2ce1f
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java
@@ -0,0 +1,39 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Properties auto configuration of auth.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@EnableConfigurationProperties(PolarisAuthProperties.class)
+public class PolarisAuthPropertiesAutoConfiguration {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AuthConfigModifier authConfigModifier(PolarisAuthProperties polarisAuthProperties) {
+ return new AuthConfigModifier(polarisAuthProperties);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java
new file mode 100644
index 0000000000..f304722921
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java
@@ -0,0 +1,34 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+
+/**
+ * Autoconfiguration of auth at bootstrap phase.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@ConditionalOnProperty("spring.cloud.polaris.enabled")
+@Import(PolarisAuthPropertiesAutoConfiguration.class)
+public class PolarisAuthPropertiesBootstrapConfiguration {
+
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java
new file mode 100644
index 0000000000..39b245702b
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java
@@ -0,0 +1,70 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.filter;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.common.metadata.MetadataContext;
+import com.tencent.cloud.polaris.auth.utils.AuthenticateUtils;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+import reactor.core.publisher.Mono;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.io.buffer.DataBuffer;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+
+import static org.springframework.core.io.buffer.DefaultDataBufferFactory.DEFAULT_INITIAL_CAPACITY;
+
+/**
+ * Reactive filter to authenticate.
+ *
+ * @author Haotian Zhang
+ */
+public class AuthReactiveFilter implements WebFilter, Ordered {
+
+ private final AuthAPI authAPI;
+
+ public AuthReactiveFilter(AuthAPI authAPI) {
+ this.authAPI = authAPI;
+ }
+
+ @Override
+ public int getOrder() {
+ return OrderConstant.Server.Reactive.AUTH_FILTER_ORDER;
+ }
+
+ @Override
+ public Mono filter(ServerWebExchange exchange, WebFilterChain chain) {
+ AuthResponse authResponse = AuthenticateUtils.authenticate(authAPI, MetadataContext.LOCAL_NAMESPACE,
+ MetadataContext.LOCAL_SERVICE, exchange.getRequest().getURI().getPath(), "HTTP",
+ exchange.getRequest().getMethod().name());
+ if (authResponse != null && authResponse.getAuthResult().getCode()
+ .equals(AuthResult.Code.AuthResultForbidden)) {
+ ServerHttpResponse response = exchange.getResponse();
+ response.setRawStatusCode(HttpStatus.FORBIDDEN.value());
+ DataBuffer dataBuffer = response.bufferFactory().allocateBuffer(DEFAULT_INITIAL_CAPACITY);
+ return response.writeWith(Mono.just(dataBuffer));
+ }
+ return chain.filter(exchange);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java
new file mode 100644
index 0000000000..8a9e4bcf6f
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java
@@ -0,0 +1,68 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.filter;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.common.metadata.MetadataContext;
+import com.tencent.cloud.polaris.auth.utils.AuthenticateUtils;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Servlet filter to authenticate.
+ *
+ * @author Haotian Zhang
+ */
+@Order(OrderConstant.Server.Servlet.AUTH_FILTER_ORDER)
+public class AuthServletFilter extends OncePerRequestFilter {
+
+ /**
+ * Default Filter Registration Bean Name Defined .
+ */
+ public static final String AUTH_FILTER_BEAN_NAME = "authFilterRegistrationBean";
+
+ private final AuthAPI authAPI;
+
+ public AuthServletFilter(AuthAPI authAPI) {
+ this.authAPI = authAPI;
+ }
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+ AuthResponse authResponse = AuthenticateUtils.authenticate(authAPI, MetadataContext.LOCAL_NAMESPACE,
+ MetadataContext.LOCAL_SERVICE, request.getRequestURI(), "HTTP", request.getMethod());
+ if (authResponse != null && authResponse.getAuthResult().getCode()
+ .equals(AuthResult.Code.AuthResultForbidden)) {
+ response.setStatus(HttpStatus.FORBIDDEN.value());
+ return;
+ }
+ filterChain.doFilter(request, response);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java
new file mode 100644
index 0000000000..b5f5f609e5
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java
@@ -0,0 +1,53 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.utils;
+
+import com.tencent.cloud.common.metadata.MetadataContextHolder;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthRequest;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utils for authenticate.
+ *
+ * @author Haotian Zhang
+ */
+public final class AuthenticateUtils {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AuthenticateUtils.class);
+
+ private AuthenticateUtils() {
+
+ }
+
+ public static AuthResponse authenticate(AuthAPI authAPI, String namespace, String service, String path, String protocol, String method) {
+ // build auth request
+ AuthRequest authRequest = new AuthRequest(namespace, service, path, protocol, method, MetadataContextHolder.get());
+
+ try {
+ return authAPI.authenticate(authRequest);
+ }
+ catch (Throwable throwable) {
+ LOG.error("fail to invoke authenticate of AuthAPI with AuthRequest[{}].", authRequest, throwable);
+ return new AuthResponse(new AuthResult(AuthResult.Code.AuthResultOk));
+ }
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json
new file mode 100644
index 0000000000..f071a15b22
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -0,0 +1,10 @@
+{
+ "properties": [
+ {
+ "name": "spring.cloud.polaris.auth.enabled",
+ "type": "java.lang.Boolean",
+ "defaultValue": true,
+ "description": "Enable polaris auth or not."
+ }
+ ]
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories
new file mode 100644
index 0000000000..7cb82fb0c6
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories
@@ -0,0 +1,2 @@
+org.springframework.cloud.bootstrap.BootstrapConfiguration=\
+ com.tencent.cloud.polaris.auth.config.PolarisAuthPropertiesBootstrapConfiguration
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 0000000000..5c6ccbddf1
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,2 @@
+com.tencent.cloud.polaris.auth.config.PolarisAuthPropertiesAutoConfiguration
+com.tencent.cloud.polaris.auth.config.PolarisAuthAutoConfiguration
diff --git a/spring-cloud-starter-tencent-polaris-contract/pom.xml b/spring-cloud-starter-tencent-polaris-contract/pom.xml
index 39aca10018..b1417d5422 100644
--- a/spring-cloud-starter-tencent-polaris-contract/pom.xml
+++ b/spring-cloud-starter-tencent-polaris-contract/pom.xml
@@ -35,6 +35,11 @@
+
+ org.apache.commons
+ commons-lang3
+
+
org.springdoc
springdoc-openapi-ui
diff --git a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
index 4d4ef797b4..c435541d33 100644
--- a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
+++ b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
@@ -90,10 +90,15 @@ public static class Servlet {
*/
public static final int ENHANCED_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ /**
+ * Order of auth filter.
+ */
+ public static final int AUTH_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 11;
+
/**
* Order of rate-limit filter.
*/
- public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 12;
}
/**
@@ -110,10 +115,15 @@ public static class Reactive {
*/
public static final int ENHANCED_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ /**
+ * Order of auth filter.
+ */
+ public static final int AUTH_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 11;
+
/**
* Order of rate-limit filter.
*/
- public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 12;
}
}
@@ -157,6 +167,11 @@ public static final class Modifier {
*/
public static Integer RATE_LIMIT_ORDER = 2;
+ /**
+ * Order of auth configuration modifier.
+ */
+ public static Integer AUTH_ORDER = 2;
+
/**
* Order of config configuration modifier.
*/
diff --git a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
index 1f220769dd..e4a4d93319 100644
--- a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
+++ b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
@@ -165,10 +165,10 @@ public static void init(Map dynamicTransitiveMetadata, Map entry : dynamicDisposableMetadata.entrySet()) {
- metadataContainerDownstream.putMetadataStringValue(entry.getKey(), entry.getValue(), TransitiveType.DISPOSABLE);
+ metadataContainerDownstream.putMetadataStringValue(entry.getKey(), entry.getValue(), TransitiveType.NONE);
}
}
// caller application metadata to caller application disposable metadata
diff --git a/spring-cloud-tencent-coverage/pom.xml b/spring-cloud-tencent-coverage/pom.xml
index 8481f826bd..f3fa076f1f 100644
--- a/spring-cloud-tencent-coverage/pom.xml
+++ b/spring-cloud-tencent-coverage/pom.xml
@@ -69,6 +69,11 @@
spring-cloud-starter-tencent-polaris-contract
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
+
com.tencent.cloud
spring-cloud-starter-tencent-discovery-adapter-plugin
@@ -83,11 +88,11 @@
com.tencent.cloud
spring-cloud-tencent-gateway-plugin
-
+
com.tencent.cloud
spring-cloud-tencent-lossless-plugin
-
+
diff --git a/spring-cloud-tencent-dependencies/pom.xml b/spring-cloud-tencent-dependencies/pom.xml
index 10505dbe85..49214c4de4 100644
--- a/spring-cloud-tencent-dependencies/pom.xml
+++ b/spring-cloud-tencent-dependencies/pom.xml
@@ -79,6 +79,7 @@
32.0.1-jre
1.2.13
+ 3.12.0
1.7.0
1.5.24
4.5.1
@@ -166,6 +167,12 @@
${revision}
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+ ${revision}
+
+
com.tencent.cloud
spring-cloud-starter-tencent-all
@@ -242,6 +249,13 @@
${logback.version}
+
+ org.apache.commons
+ commons-lang3
+ ${commons-lang3.version}
+ compile
+
+
org.springdoc
springdoc-openapi-ui
@@ -266,7 +280,6 @@
${byte-buddy.version}
-
joda-time
joda-time
diff --git a/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml b/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
index aa82baace6..a8e3dedeee 100644
--- a/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
+++ b/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
@@ -32,6 +32,11 @@
spring-cloud-starter-tencent-polaris-ratelimit
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
+
org.springframework.boot
spring-boot-starter-web
diff --git a/spring-cloud-tencent-polaris-context/pom.xml b/spring-cloud-tencent-polaris-context/pom.xml
index dface8939c..ecb45c7702 100644
--- a/spring-cloud-tencent-polaris-context/pom.xml
+++ b/spring-cloud-tencent-polaris-context/pom.xml
@@ -135,6 +135,11 @@
+
+ com.tencent.polaris
+ polaris-auth-factory
+
+
com.tencent.polaris
polaris-client
diff --git a/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java b/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
index 26fe59e6b5..04cf3b3140 100644
--- a/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
+++ b/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
@@ -30,6 +30,8 @@
import com.tencent.polaris.api.utils.CollectionUtils;
import com.tencent.polaris.assembly.api.AssemblyAPI;
import com.tencent.polaris.assembly.factory.AssemblyAPIFactory;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.factory.AuthAPIFactory;
import com.tencent.polaris.circuitbreak.api.CircuitBreakAPI;
import com.tencent.polaris.circuitbreak.factory.CircuitBreakAPIFactory;
import com.tencent.polaris.client.api.SDKContext;
@@ -64,6 +66,7 @@ public class PolarisSDKContextManager {
private volatile static RouterAPI routerAPI;
private volatile static CircuitBreakAPI circuitBreakAPI;
private volatile static LimitAPI limitAPI;
+ private volatile static AuthAPI authAPI;
private volatile static AssemblyAPI assemblyAPI;
private final PolarisContextProperties properties;
private final Environment environment;
@@ -117,6 +120,12 @@ public static void innerDestroy() {
limitAPI = null;
}
+ // destroy AuthAPI
+ if (Objects.nonNull(authAPI)) {
+ ((AutoCloseable) authAPI).close();
+ authAPI = null;
+ }
+
// destroy AssemblyAPI
if (Objects.nonNull(assemblyAPI)) {
((Destroyable) assemblyAPI).destroy();
@@ -198,6 +207,11 @@ public LimitAPI getLimitAPI() {
return limitAPI;
}
+ public AuthAPI getAuthAPI() {
+ initService();
+ return authAPI;
+ }
+
public AssemblyAPI getAssemblyAPI() {
return assemblyAPI;
}
@@ -254,6 +268,9 @@ public void initService() {
// init LimitAPI
limitAPI = LimitAPIFactory.createLimitAPIByContext(serviceSdkContext);
+ // init AuthAPI
+ authAPI = AuthAPIFactory.createAuthAPIByContext(serviceSdkContext);
+
// init AssemblyAPI
assemblyAPI = AssemblyAPIFactory.createAssemblyAPIByContext(serviceSdkContext);