认证流程:
用户登录 - 跳转到oauth-server - 登录成功前端获取access_token - 前端发送请求到api-gateway - 网关将access_token转为JWT - zuul路由到真实服务。JWT其实是加密的CustomUserDetails。
- groovy代码生成JWT:
@Value('${choerodon.oauth.jwt.key:choerodon}')
String key
final ObjectMapper objectMapper = new ObjectMapper()
static String createJWT(final String key, final ObjectMapper objectMapper) {
Signer signer = new MacSigner(key)
CustomUserDetails defaultUserDetails = new CustomUserDetails('default', 'unknown', Collections.emptyList())
defaultUserDetails.setUserId(0L)
defaultUserDetails.setOrganizationId(0L)
defaultUserDetails.setLanguage('zh_CN')
defaultUserDetails.setTimeZone('CCT')
String jwtToken = null
try {
jwtToken = 'Bearer ' + JwtHelper.encode(objectMapper.writeValueAsString(defaultUserDetails), signer).getEncoded()
} catch (IOException e) {
e.printStackTrace()
}
return jwtToken
}
- 去jwt官网, 输入正确的JWT秘匙和userDetail的json信息,生成的JWT添加 'Bearer '前缀