feat: 初始提交网关代码

.gitignore

@@ -0,0 +1,35 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+nbproject/private/
+build/
+nbbuild/
+dist/
+nbdist/
+.nb-gradle/
+
+### 自动代码生成-ignore ###
+launcher-automatic-code
+
+### 日志文件 ###
+logs/
+*.log
+
+### 上传文件夹 ###
+upload/

pom.xml

@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.inspur</groupId>
+        <artifactId>smsb-cloud</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>smsb-gateway</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-gateway</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-sentinel</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-alibaba-sentinel-gateway</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba.csp</groupId>
+            <artifactId>sentinel-datasource-nacos</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-authz-client</artifactId>
+        </dependency>
+    </dependencies>
+</project>

src/main/java/com/inspur/smsb/gateway/SmsbGatewayApplication.java

@@ -0,0 +1,18 @@
+package com.inspur.smsb.gateway;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+/**
+ * 网关服务
+ *
+ * @author liangke
+ */
+@EnableDiscoveryClient
+@SpringBootApplication
+public class SmsbGatewayApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(SmsbGatewayApplication.class, args);
+    }
+}

src/main/java/com/inspur/smsb/gateway/config/GlobalCorsConfig.java

@@ -0,0 +1,34 @@
+package com.inspur.smsb.gateway.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ * 全局跨域配置
+ *
+ * @author liangke
+ */
+@Configuration
+public class GlobalCorsConfig {
+    /**
+     * 允许跨域调用的过滤器
+     */
+    @Bean
+    public CorsFilter corsFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        //允许所有域名进行跨域调用
+        config.addAllowedOrigin("*");
+        //允许跨越发送cookie
+        config.setAllowCredentials(true);
+        //放行全部原始头信息
+        config.addAllowedHeader("*");
+        //允许所有请求方法跨域调用
+        config.addAllowedMethod("*");
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

src/main/java/com/inspur/smsb/gateway/config/HomeController.java

@@ -0,0 +1,25 @@
+package com.inspur.smsb.gateway.config;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author liangke
+ */
+@RestController
+public class HomeController {
+    @RequestMapping("/")
+    public String index() {
+        return "index";
+    }
+
+    @RequestMapping("/customer")
+    public String customer() {
+        return "only customer can see";
+    }
+
+    @RequestMapping("/admin")
+    public String admin() {
+        return "only admin cas see";
+    }
+}

src/main/java/com/inspur/smsb/gateway/config/KeycloakSecurityConfig.java

@@ -0,0 +1,59 @@
+package com.inspur.smsb.gateway.config;
+
+import org.keycloak.adapters.KeycloakConfigResolver;
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+import javax.annotation.Resource;
+
+/**
+ * Keycloak 适配器
+ *
+ * @author liangke
+ */
+@EnableWebSecurity(debug = true)
+@KeycloakConfiguration
+public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+    /**
+     * Registers the KeycloakAuthenticationProvider with the authentication manager.
+     */
+    @Resource
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        auth.authenticationProvider(keycloakAuthenticationProvider());
+    }
+
+    /**
+     * Read Keycloak config from spring boot config file
+     */
+    @Bean
+    public KeycloakConfigResolver keycloakConfigResolver() {
+        return new KeycloakSpringBootConfigResolver();
+    }
+
+    /**
+     * Defines the session authentication strategy.
+     */
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.csrf().disable()
+            .authorizeRequests()
+            .antMatchers("/customer/**").hasRole("CUSTOMER")
+            .antMatchers("/admin/**").hasAnyRole("ADMIN")
+            .anyRequest().permitAll();
+    }
+}

src/main/resources/application.yml

@@ -0,0 +1,36 @@
+server:
+  port: 8080
+
+spring:
+  application:
+    name: smsb-gateway
+  main:
+    allow-bean-definition-overriding: true
+  cloud:
+    nacos:
+      server-addr: 10.180.88.84:8060
+      config:
+        file-extension: yml
+        refresh-enabled: true
+        namespace: a16fbead-fe72-45aa-b61c-45a2b9eddbb2
+      discovery:
+        namespace: a16fbead-fe72-45aa-b61c-45a2b9eddbb2
+      username: nacos
+      password: inspur-nacos
+    sentinel:
+      transport:
+        port: 8719
+        dashboard: localhost:8080
+      filter:
+        enabled: false
+
+keycloak:
+  auth-server-url: http://liangke00.home.langchao.com:18080/
+  realm: smsb
+  resource: backend-api
+  ssl-required: external
+  credentials:
+    secret: 0ed56548-885a-471d-9efa-c3e5f03f5529
+  bearer-only: true
+  use-resource-role-mappings: false
+  cors: true