引入 spring boot admin 监控
parent
bbe71ec2c8
commit
53fbd985c8
16
pom.xml
16
pom.xml
|
@ -50,6 +50,7 @@
|
||||||
<redisson.version>3.14.1</redisson.version>
|
<redisson.version>3.14.1</redisson.version>
|
||||||
<!-- 监控相关 -->
|
<!-- 监控相关 -->
|
||||||
<skywalking.version>8.3.0</skywalking.version>
|
<skywalking.version>8.3.0</skywalking.version>
|
||||||
|
<spring-boot-admin.version>2.3.1</spring-boot-admin.version>
|
||||||
<!-- 工具类相关 -->
|
<!-- 工具类相关 -->
|
||||||
<lombok.version>1.16.14</lombok.version>
|
<lombok.version>1.16.14</lombok.version>
|
||||||
<mapstruct.version>1.4.1.Final</mapstruct.version>
|
<mapstruct.version>1.4.1.Final</mapstruct.version>
|
||||||
|
@ -172,10 +173,10 @@
|
||||||
<version>${redisson.version}</version>
|
<version>${redisson.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- -->
|
<!-- Config 配置中心相关 -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.ctrip.framework.apollo</groupId>
|
<groupId>com.ctrip.framework.apollo</groupId>
|
||||||
<artifactId>apollo-client</artifactId>
|
<artifactId>apollo-client</artifactId> <!-- 引入 Apollo Client 库,实现内嵌的配置中心 -->
|
||||||
<version>1.7.0</version>
|
<version>1.7.0</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
@ -186,6 +187,17 @@
|
||||||
<version>${skywalking.version}</version>
|
<version>${skywalking.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>de.codecentric</groupId>
|
||||||
|
<artifactId>spring-boot-admin-starter-server</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
|
||||||
|
<version>${spring-boot-admin.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>de.codecentric</groupId>
|
||||||
|
<artifactId>spring-boot-admin-starter-client</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
|
||||||
|
<version>${spring-boot-admin.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<!-- 工具类相关 -->
|
<!-- 工具类相关 -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.projectlombok</groupId>
|
<groupId>org.projectlombok</groupId>
|
||||||
|
|
|
@ -1,66 +0,0 @@
|
||||||
package com.ruoyi.framework.web.service;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
import org.springframework.util.CollectionUtils;
|
|
||||||
import com.ruoyi.common.core.domain.entity.SysRole;
|
|
||||||
import com.ruoyi.common.core.domain.model.LoginUser;
|
|
||||||
import com.ruoyi.common.utils.ServletUtils;
|
|
||||||
import com.ruoyi.common.utils.StringUtils;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* RuoYi首创 自定义权限实现,ss取自SpringSecurity首字母
|
|
||||||
*
|
|
||||||
* @author ruoyi
|
|
||||||
*/
|
|
||||||
@Service("ss")
|
|
||||||
public class PermissionService {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* 判断用户是否拥有某个角色
|
|
||||||
*
|
|
||||||
* @param role 角色字符串
|
|
||||||
* @return 用户是否具备某角色
|
|
||||||
*/
|
|
||||||
public boolean hasRole(String role) {
|
|
||||||
if (StringUtils.isEmpty(role)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
|
|
||||||
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles())) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
for (SysRole sysRole : loginUser.getUser().getRoles()) {
|
|
||||||
String roleKey = sysRole.getRoleKey();
|
|
||||||
if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role))) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* 验证用户是否具有以下任意一个角色
|
|
||||||
*
|
|
||||||
* @param roles 以 ROLE_NAMES_DELIMETER 为分隔符的角色列表
|
|
||||||
* @return 用户是否具有以下任意一个角色
|
|
||||||
*/
|
|
||||||
public boolean hasAnyRoles(String roles) {
|
|
||||||
if (StringUtils.isEmpty(roles)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
|
|
||||||
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles())) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
for (String role : roles.split(ROLE_DELIMETER)) {
|
|
||||||
if (hasRole(role)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,9 +1,11 @@
|
||||||
package cn.iocoder.dashboard;
|
package cn.iocoder.dashboard;
|
||||||
|
|
||||||
|
import de.codecentric.boot.admin.server.config.EnableAdminServer;
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
|
@EnableAdminServer
|
||||||
public class DashboardApplication {
|
public class DashboardApplication {
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|
|
@ -3,6 +3,7 @@ package cn.iocoder.dashboard.framework.security.config;
|
||||||
import cn.iocoder.dashboard.framework.security.core.filter.JwtAuthenticationTokenFilter;
|
import cn.iocoder.dashboard.framework.security.core.filter.JwtAuthenticationTokenFilter;
|
||||||
import cn.iocoder.dashboard.framework.security.core.handler.LogoutSuccessHandlerImpl;
|
import cn.iocoder.dashboard.framework.security.core.handler.LogoutSuccessHandlerImpl;
|
||||||
import cn.iocoder.dashboard.framework.web.config.WebProperties;
|
import cn.iocoder.dashboard.framework.web.config.WebProperties;
|
||||||
|
import de.codecentric.boot.admin.server.config.AdminServerProperties;
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
|
@ -60,6 +61,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private WebProperties webProperties;
|
private WebProperties webProperties;
|
||||||
|
@Resource
|
||||||
|
private AdminServerProperties adminServerProperties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
|
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
|
||||||
|
@ -134,6 +137,13 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
.antMatchers("/swagger-resources/**").anonymous()
|
.antMatchers("/swagger-resources/**").anonymous()
|
||||||
.antMatchers("/webjars/**").anonymous()
|
.antMatchers("/webjars/**").anonymous()
|
||||||
.antMatchers("/*/api-docs").anonymous()
|
.antMatchers("/*/api-docs").anonymous()
|
||||||
|
// Spring Boot Admin Server 的安全配置
|
||||||
|
.antMatchers(adminServerProperties.getContextPath()).anonymous()
|
||||||
|
.antMatchers(adminServerProperties.getContextPath() + "/**").anonymous()
|
||||||
|
// Spring Boot Actuator 的安全配置
|
||||||
|
.antMatchers("/actuator").anonymous()
|
||||||
|
.antMatchers("/actuator/**").anonymous()
|
||||||
|
// TODO
|
||||||
.antMatchers("/druid/**").hasAnyAuthority("druid") // TODO 芋艿,未来需要在拓展下
|
.antMatchers("/druid/**").hasAnyAuthority("druid") // TODO 芋艿,未来需要在拓展下
|
||||||
// 除上面外的所有请求全部需要鉴权认证
|
// 除上面外的所有请求全部需要鉴权认证
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package cn.iocoder.dashboard.framework.security.core.service;
|
package cn.iocoder.dashboard.framework.security.core.service;
|
||||||
|
|
||||||
|
import cn.iocoder.dashboard.modules.system.dal.mysql.dataobject.permission.SysRoleDO;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Security 框架 Permission Service 接口,定义 security 组件需要的功能
|
* Security 框架 Permission Service 接口,定义 security 组件需要的功能
|
||||||
*
|
*
|
||||||
|
@ -23,4 +25,22 @@ public interface SecurityPermissionFrameworkService {
|
||||||
*/
|
*/
|
||||||
boolean hasAnyPermissions(String... permissions);
|
boolean hasAnyPermissions(String... permissions);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 判断是否有角色
|
||||||
|
*
|
||||||
|
* 注意,角色使用的是 {@link SysRoleDO#getCode()} 标识
|
||||||
|
*
|
||||||
|
* @param role 角色
|
||||||
|
* @return 是否
|
||||||
|
*/
|
||||||
|
boolean hasRole(String role);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 判断是否有角色,任一一个即可
|
||||||
|
*
|
||||||
|
* @param roles 角色数组
|
||||||
|
* @return 是否
|
||||||
|
*/
|
||||||
|
boolean hasAnyRoles(String... roles);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,9 @@
|
||||||
package cn.iocoder.dashboard.framework.web.config;
|
package cn.iocoder.dashboard.framework.web.config;
|
||||||
|
|
||||||
import com.alibaba.fastjson.serializer.SerializerFeature;
|
|
||||||
import com.alibaba.fastjson.support.config.FastJsonConfig;
|
|
||||||
import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
|
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.http.MediaType;
|
|
||||||
import org.springframework.http.converter.HttpMessageConverter;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
import org.springframework.web.cors.CorsConfiguration;
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||||
|
@ -17,10 +12,6 @@ import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import java.nio.charset.Charset;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.function.Predicate;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Web 配置类
|
* Web 配置类
|
||||||
|
@ -41,21 +32,21 @@ public class WebConfiguration implements WebMvcConfigurer {
|
||||||
|
|
||||||
// ========== MessageConverter 相关 ==========
|
// ========== MessageConverter 相关 ==========
|
||||||
|
|
||||||
@Override
|
// @Override
|
||||||
public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
// public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
||||||
// 创建 FastJsonHttpMessageConverter 对象
|
// // 创建 FastJsonHttpMessageConverter 对象
|
||||||
FastJsonHttpMessageConverter fastJsonHttpMessageConverter = new FastJsonHttpMessageConverter();
|
// FastJsonHttpMessageConverter fastJsonHttpMessageConverter = new FastJsonHttpMessageConverter();
|
||||||
// 自定义 FastJson 配置
|
// // 自定义 FastJson 配置
|
||||||
FastJsonConfig fastJsonConfig = new FastJsonConfig();
|
// FastJsonConfig fastJsonConfig = new FastJsonConfig();
|
||||||
fastJsonConfig.setCharset(Charset.defaultCharset()); // 设置字符集
|
// fastJsonConfig.setCharset(Charset.defaultCharset()); // 设置字符集
|
||||||
fastJsonConfig.setSerializerFeatures(SerializerFeature.DisableCircularReferenceDetect, // 剔除循环引用
|
// fastJsonConfig.setSerializerFeatures(SerializerFeature.DisableCircularReferenceDetect, // 剔除循环引用
|
||||||
SerializerFeature.WriteNonStringKeyAsString); // 解决 Integer 作为 Key 时,转换为 String 类型,避免浏览器报错
|
// SerializerFeature.WriteNonStringKeyAsString); // 解决 Integer 作为 Key 时,转换为 String 类型,避免浏览器报错
|
||||||
fastJsonHttpMessageConverter.setFastJsonConfig(fastJsonConfig);
|
// fastJsonHttpMessageConverter.setFastJsonConfig(fastJsonConfig);
|
||||||
// 设置支持的 MediaType
|
// // 设置支持的 MediaType
|
||||||
fastJsonHttpMessageConverter.setSupportedMediaTypes(Collections.singletonList(MediaType.APPLICATION_JSON));
|
// fastJsonHttpMessageConverter.setSupportedMediaTypes(Collections.singletonList(MediaType.APPLICATION_JSON));
|
||||||
// 添加到 converters 中
|
// // 添加到 converters 中
|
||||||
converters.add(0, fastJsonHttpMessageConverter); // 注意,添加到最开头,放在 MappingJackson2XmlHttpMessageConverter 前面
|
// converters.add(0, fastJsonHttpMessageConverter); // 注意,添加到最开头,放在 MappingJackson2XmlHttpMessageConverter 前面
|
||||||
}
|
// }
|
||||||
|
|
||||||
// ========== Filter 相关 ==========
|
// ========== Filter 相关 ==========
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,9 @@ import cn.iocoder.dashboard.util.collection.CollectionUtils;
|
||||||
import cn.iocoder.dashboard.util.collection.MapUtils;
|
import cn.iocoder.dashboard.util.collection.MapUtils;
|
||||||
import com.google.common.collect.ImmutableMultimap;
|
import com.google.common.collect.ImmutableMultimap;
|
||||||
import com.google.common.collect.Multimap;
|
import com.google.common.collect.Multimap;
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.scheduling.annotation.Scheduled;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
import org.springframework.transaction.support.TransactionSynchronization;
|
import org.springframework.transaction.support.TransactionSynchronization;
|
||||||
|
@ -104,6 +106,11 @@ public class SysPermissionServiceImpl implements SysPermissionService {
|
||||||
log.info("[initLocalCache][初始化角色与菜单的关联数量为 {}]", roleMenuList.size());
|
log.info("[initLocalCache][初始化角色与菜单的关联数量为 {}]", roleMenuList.size());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Scheduled(fixedDelay = SCHEDULER_PERIOD, initialDelay = SCHEDULER_PERIOD)
|
||||||
|
public void schedulePeriodicRefresh() {
|
||||||
|
initLocalCache();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 如果角色与菜单的关联发生变化,从数据库中获取最新的全量角色与菜单的关联。
|
* 如果角色与菜单的关联发生变化,从数据库中获取最新的全量角色与菜单的关联。
|
||||||
* 如果未发生变化,则返回空
|
* 如果未发生变化,则返回空
|
||||||
|
@ -277,4 +284,30 @@ public class SysPermissionServiceImpl implements SysPermissionService {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasRole(String role) {
|
||||||
|
return hasAnyRoles(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasAnyRoles(String... roles) {
|
||||||
|
// 如果为空,说明已经有权限
|
||||||
|
if (ArrayUtil.isEmpty(roles)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 获得当前登陆的角色。如果为空,说明没有权限
|
||||||
|
Set<Long> roleIds = SecurityUtils.getLoginUserRoleIds();
|
||||||
|
if (CollUtil.isEmpty(roleIds)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// 判断是否是超管。如果是,当然符合条件
|
||||||
|
if (roleService.hasAnyAdmin(roleIds)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
Set<String> userRoles = CollectionUtils.convertSet(roleService.listRolesFromCache(roleIds),
|
||||||
|
SysRoleDO::getCode);
|
||||||
|
return CollUtil.containsAny(userRoles, Sets.newHashSet(roles));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,14 @@ spring:
|
||||||
multipart:
|
multipart:
|
||||||
max-file-size: 16MB # 单个文件大小
|
max-file-size: 16MB # 单个文件大小
|
||||||
max-request-size: 32MB # 设置总上传的文件大小
|
max-request-size: 32MB # 设置总上传的文件大小
|
||||||
|
# Spring Boot Admin 配置项
|
||||||
|
boot:
|
||||||
|
admin:
|
||||||
|
# Spring Boot Admin Client 客户端的相关配置
|
||||||
|
client:
|
||||||
|
url: http://127.0.0.1:8080/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
|
||||||
|
# Spring Boot Admin Server 服务端的相关配置
|
||||||
|
context-path: /admin # 配置 Spring
|
||||||
|
|
||||||
# 芋道配置项,设置当前项目所有自定义的配置
|
# 芋道配置项,设置当前项目所有自定义的配置
|
||||||
yudao:
|
yudao:
|
||||||
|
@ -70,3 +78,10 @@ mybatis-plus:
|
||||||
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
|
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
|
||||||
mapper-locations: classpath*:mapper/*.xml
|
mapper-locations: classpath*:mapper/*.xml
|
||||||
type-aliases-package: cn.iocoder.dashboard.modules.*.dal.mysql.dataobject
|
type-aliases-package: cn.iocoder.dashboard.modules.*.dal.mysql.dataobject
|
||||||
|
|
||||||
|
# Actuator 监控端点的配置项
|
||||||
|
management:
|
||||||
|
endpoints:
|
||||||
|
web:
|
||||||
|
exposure:
|
||||||
|
include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ,可以开放所有端点。
|
||||||
|
|
Loading…
Reference in New Issue