Skip to content

Commit

Permalink
🎨 v2.5.4.50
Browse files Browse the repository at this point in the history 
1. 优化服务本地权限存储逻辑,解决权限属性数据重复存储,不会替换问题。
2. 重新梳理Spring Security OAuth2 方法级表达式动态权限鉴权逻辑,摒弃无用的权限验证Voter逻辑,使用统一逻辑实现@PreAuthorize注解权限的全面动态可配置化。统一平台接口白名单,IP地址白名单,以及Scope绑定URL的管理。
3. 重构UserDetails用户信息组织逻辑,使用Spring Security标准代码,替换自定义逻辑代码,降低代码冗余,与自研方法级动态权限完美融合。
4. 优化平台权限从Controller扫描、汇总存储至服务器以及动态修改后最终回传同步至服务的整理逻辑以及事件流。完美支持单体式架构、UPMS自身应用需求、分布式架构以及分布式各服务多实例等各种应用场景。
5. 修复部分已知BUG,将部分代码中日志由@slf4j改回传统日志编写方式,一方面提高编译效率,另一方面解决源代码包查看时Idea提醒代码不一致问题。
6. 清理系统无用代码。
7. 增加方法级动态权限演示动图,更新Readme
  • Loading branch information
@herodotus-ecosystem
herodotus-ecosystem committed Aug 13, 2021
1 parent 61be16c commit 3d3b640
Show file tree
Hide file tree
Showing 51 changed files with 443 additions and 905 deletions.
6 changes: 5 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<a href="https://nacos.io/zh-cn/index.html" target="_blank"><img src="https://img.shields.io/badge/Nacos-2.0.3-brightgreen" alt="Nacos 2.0.3"></a>
<a href="./LICENSE"><img src="https://img.shields.io/badge/License-Apache--2.0-blue" alt="License Apache 2.0"></a>
<a href="https://blog.csdn.net/Pointer_v" target="_blank"><img src="https://img.shields.io/badge/Author-%E7%A0%81%E5%8C%A0%E5%90%9B-orange" alt="码匠君"></a>
<a href="#" target="_blank"><img src="https://img.shields.io/badge/Version-2.5.4.40-red" alt="Version 2.5.4.40"></a>
<a href="#" target="_blank"><img src="https://img.shields.io/badge/Version-2.5.4.50-red" alt="Version 2.5.4.50"></a>
<a href="https://gitee.com/herodotus/eurynome-cloud"><img src="https://gitee.com/herodotus/eurynome-cloud/badge/star.svg?theme=dark" alt="Gitee star"></a>
<a href="https://gitee.com/herodotus/eurynome-cloud"><img src="https://gitee.com/herodotus/eurynome-cloud/badge/fork.svg?theme=dark" alt="Gitee fork"></a>
</p>
Expand Down Expand Up @@ -47,6 +47,10 @@ Eurynome Cloud是一款企业级微服务架构和服务能力开发平台。基

> 部分功能演示,正在逐步添加
### (2) 方法级动态权限

![输入图片说明](./documents/readme/preview/oauth2expression.gif)

### (1) 服务调用链监控

![输入图片说明](./documents/readme/preview/skywalking.gif)
Expand Down
2 changes: 1 addition & 1 deletion configurations/docker/docker-compose/herodotus/.env
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION=2.5.4.40
VERSION=2.5.4.50
GATEWAY_SERVICE_NAME=eurynome-cloud-gateway
GATEWAY_SERVICE_PORT=8847
UAA_SERVICE_NAME=eurynome-cloud-uaa
Expand Down
2 changes: 1 addition & 1 deletion dependencies/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@

<groupId>cn.herodotus.eurynome</groupId>
<artifactId>dependencies</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>pom</packaging>

<name>eurynome-cloud-dependencies</name>
Expand Down
4 changes: 2 additions & 2 deletions documents/guides/description.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
| 自定义OAuth2页面 | 自定义OAuth2 login、confirm、error页面,提升系统使用用户体验。可结合自身需求进行修改。 |
| OAuth2 登录验证码 | OAuth2登录增加验证码保护,支持gif、中文、算数等类型,可通过配置进行修改以及是否显示验证码控制 |
| OAuth2登录数据加密传输 | 基于AES对OAuth2登录数据进行动态加密传输,可通过配置对表单参数名进行动态配置,提升系统安全性 |
| RBAC权限管理 | 采用自研的RBAC权限体系,支持OAuth2 Scope权限管理 |
| 平台权限管理 | 基于RBAC模型,以角色和接口为核心,使用统一逻辑实现@PreAuthorize注解权限的全面动态可配置化。统一平台接口白名单,IP地址白名单,以及Scope绑定URL的管理。无须配置Security权限注解,支持URL粒度的鉴权和用户权限的动态配置。 完美支持单体式架构、UPMS自身应用需求、分布式架构以及分布式各服务多实例等各种应用场景。完美支持单体式架构、UPMS自身应用需求、分布式架构以及分布式各服务多实例等各种应用场景。 |
| User、Client数据策略访问 | 支持OAuth2 UserDetails、ClientDetails数据直连数据库和Feign两种数据获取策略模式,OAuth2直连数据库性能更优,Feign访问数据服务独立可动态扩展。可通过配置动态修改具体采用哪种策略 |
| 手机短信验证码注册和登录 | 支持通过手机验证码登录认证,与平台为统一体系,统一返回OAuth2 Token,支持服务接口鉴权。 |
| 第三方系统社交注册和登录 | 基于JustAuth实现第三方系统社交登录认证,,与平台为统一体系,统一返回OAuth2 Token,支持服务接口鉴权,。所有JustAuth支持的第三方系统均支持。 |
| 微信小程序注册和登录 | 支持微信小程序登录认证,与平台为统一体系,统一返回OAuth2 Token,支持服务接口鉴权。 |
| 其它注册和登录 | 采用策略模式对外部登录和注册进行支持,目前未支持的登录,可参考标准,动态扩展,即可支持。 |
| 权限鉴权 | 基于RBAC模型,以角色为核心,无须配置Security权限注解,支持URL粒度的鉴权和用户权限的动态配置, |


### 统一服务访问网关

Expand Down
Binary file added documents/readme/preview/oauth2expression.gif
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion packages/eurynome-cloud-assistant/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>
<modelVersion>4.0.0</modelVersion>

Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-common/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-common</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<description>结对基础通用的工具类包,此包的定位是放在任何工程中都可以使用,而且尽可能依赖少的存在上下文组件</description>
Expand Down
2 changes: 1 addition & 1 deletion packages/eurynome-cloud-constant/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>
<modelVersion>4.0.0</modelVersion>

Expand Down
109 changes: 109 additions & 0 deletions ...e-cloud-constant/src/main/java/cn/herodotus/eurynome/constant/enums/OAuth2Expression.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
/*
* Copyright (c) 2019-2021 Gengwei Zheng ([email protected])
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Project Name: eurynome-cloud
* Module Name: eurynome-cloud-constant
* File Name: OAuth2Expression.java
* Author: gengwei.zheng
* Date: 2021/08/14 06:50:14
*/

package cn.herodotus.eurynome.constant.enums;

import com.google.common.collect.ImmutableMap;
import io.swagger.annotations.ApiModelProperty;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
* <p>Description: 安全表达式 </p>
*
* @author : gengwei.zheng
* @date : 2021/8/14 6:50
*/
public enum OAuth2Expression {

PERMIT_ALL(0, "permitAll"),
ANONYMOUS(1, "anonymous"),
REMEMBER_ME(2, "rememberMe"),
DENY_ALL(3, "denyAll"),
AUTHENTICATED(4, "authenticated"),
FULLY_AUTHENTICATED(5, "fullyAuthenticated"),
NOT_PERMIT_ALL(6, "!permitAll"),
NOT_ANONYMOUS(7, "!anonymous"),
NOT_REMEMBER_ME(8, "!rememberMe"),
NOT_DENY_ALL(9, "!denyAll"),
NOT_AUTHENTICATED(10, "!authenticated"),
NOT_FULLY_AUTHENTICATED(11, "!fullyAuthenticated"),
HAS_ROLE(12, "hasRole"),
HAS_ANY_ROLE(13, "hasAnyRole"),
HAS_AUTHORITY(14, "hasAuthority"),
HAS_ANY_AUTHORITY(15, "hasAnyAuthority"),
HAS_IP_ADDRESS(16, "hasIpAddress"),
CLIENT_HAS_ROLE(17, "#oauth2.clientHasRole"),
CLIENT_HAS_ANY_ROLE(18, "#oauth2.clientHasAnyRole"),
HAS_SCOPE(19, "#oauth2.hasScope"),
HAS_ANY_SCOPE(20, "#oauth2.hasAnyScope"),
HAS_SCOPE_MATCHING(21, "#oauth2.hasScopeMatching"),
HAS_ANY_SCOPE_MATCHING(22, "#oauth2.hasAnyScopeMatching"),
DENY_OAUTH_CLIENT(23, "#oauth2.denyOAuthClient()"),
IS_OAUTH(24, "#oauth2.isOAuth()"),
IS_USER(25, "#oauth2.isUser()"),
IS_CLIENT(26, "#oauth2.isClient()");

private static final Map<String, OAuth2Expression> INDEX_MAP = new HashMap<>();
private static final List<Map<String, Object>> TO_JSON_STRUCT = new ArrayList<>();

@ApiModelProperty(value = "索引")
private final int index;
@ApiModelProperty(value = "文字")
private final String content;

static {
for (OAuth2Expression OAuth2Expression : OAuth2Expression.values()) {
INDEX_MAP.put(OAuth2Expression.name(), OAuth2Expression);
TO_JSON_STRUCT.add(OAuth2Expression.ordinal(),
ImmutableMap.<String, Object>builder()
.put("value", OAuth2Expression.name())
.put("key", OAuth2Expression.name())
.put("text", OAuth2Expression.getContent())
.build());
}
}

OAuth2Expression(int index, String content) {
this.index = index;
this.content = content;
}

public int getIndex() {
return index;
}

public String getContent() {
return content;
}

public static OAuth2Expression getSecurityExpressions(int index) {
return INDEX_MAP.get(index);
}

public static List<Map<String, Object>> getToJsonStruct() {
return TO_JSON_STRUCT;
}
}
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-crud/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-crud</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-data/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-data</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<description>数据相关通用代码组件包,包括JPA,Redis,数据实体等相关内容</description>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-kernel/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-kernel</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<description>平台通用的基础依赖,以及接入及管理等通用代码,上中台必需的基础代码。增加这层包,主要目的是抽取webflux和web依赖的通用性,降低其它包之间的耦合性,比如之前data要依赖logstash,logstash要依赖managementproperties</description>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-oauth-starter/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-oauth-starter</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-oauth/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,12 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>


<artifactId>eurynome-cloud-oauth</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-rest/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-rest</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions packages/eurynome-cloud-security/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@
<parent>
<artifactId>packages</artifactId>
<groupId>cn.herodotus.eurynome</groupId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
</parent>

<artifactId>eurynome-cloud-security</artifactId>
<version>2.5.4.40</version>
<version>2.5.4.50</version>
<packaging>jar</packaging>

<dependencies>
Expand Down
98 changes: 0 additions & 98 deletions ...rity/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusAuthority.java
View file

This file was deleted.

Loading

0 comments on commit 3d3b640

Please sign in to comment.