apache / servicecomb-fence Goto Github PK

Apache servicecomb security module for java-chassis

Home Page: https://servicecomb.apache.org/

Java 30.87% Batchfile 0.10% CSS 0.20% HTML 1.41% JavaScript 1.97% TypeScript 21.39% Vue 43.30% Less 0.77%

servicecomb

servicecomb-fence's Introduction

Fence | 中文

This project is servicecomb-java-chassis security support. The main architecture is based on The OAuth 2.0 Authorization Framework and OpenID Connect. And provides APIs for developers based on Spring Security. Please see developers guide for details.

Authentication diagram

Authorization diagram

Project description

This project contains authentication-server, resource server, edge service, admin service and admin website.

Prepare

Authentication Server uses MySql database. Install database first, and initialize it by executing authentication-server\src\main\resources\sql\user.sql .

Build and run

build_and_run.bat

Can open this file with a text editor to check what it is done.

Demo web pages

Using admin/changeMyPassword login to the demo pages, and try operations.

http://localhost:9090/ui/admin/

Run tests

After services are started, try

cd %HOME%\integration-tests\target
start java -jar integration-tests-0.0.1-SNAPSHOT.jar

This test will token several seconds. See implementations of TestCase for testing details.

Observability

After login, Cloud Service capapi -> Problem Locating . Input Trace-Id and 大概时间 can search invocation chain logs and related application logs. Using 查看日志、查看Metrics able to download logs and metrics.

Tips: Using debug window of browsers can find trace id in HTTP response headers, e.g. X-B3-Traceid:86560bc39a54d498.

Contact Us

issues
mailing list: subscribe view

servicecomb-fence's People

Contributors

Stargazers

Watchers

servicecomb-fence's Issues

请问这个项目有人维护吗

servicecomb-fence鉴权是集中鉴权还是分布式鉴权？

按照servicecomb-fence 作者的博客描述：验证的行为是由 business-service来完成的，感觉与fence的的 ResourceServer实现的鉴权方式有些不一致，

我的理解(在只有一个token简化的场景下，没有access token，id token的转换情况下)：

ui ->edgeservice->authenticate->token,
2.ui-withtoken->edgeservie->business-service(verify token)

看官方代码好像是：
2.ui-withtoken->edgeservie-> resourceserver（verify token） ->business-service

我的疑惑是：

微服务内部调用（不走edgeservice，只走注册中心）鉴权是通过自行验证还是通过ResourceServer独立验证？
ResourceServer是管理所有的鉴权还是各个微服务实现自己的ResourceServer自行鉴权？

EdgeService, Authentication, Authorization(ResourceServer)独立运行会不会有性能问题？

按照servicecomb-fence的示例，EdgeService, Authentication, Authorization(ResourceServer) 是独立的微服务，会不会有性能问题？如果整合的化是否合理?

text

[
{
"data": [
"2024-06-04-19:31:08 [ef1fde02af5faf44][INFO][group1-2-thread-1][com.zaxxer.hikari.HikariDataSource:110] HikariPool-1 - Starting...",
"2024-06-04-19:31:08 [ef1fde02af5faf44][INFO][group1-2-thread-1][com.zaxxer.hikari.pool.HikariPool:565] HikariPool-1 - Added connection com.mysql.cj.jdbc.ConnectionImpl@32fb9a32",
"2024-06-04-19:31:08 [ef1fde02af5faf44][INFO][group1-2-thread-1][com.zaxxer.hikari.HikariDataSource:123] HikariPool-1 - Start completed."
],
"application": "scb-fence",
"serviceName": "authentication-server",
"localhost": "10.37.113.232",
"instanceId": "f98caa59-ea04-4f91-877b-fe13ca032bed"
}
]

Edge Service的设计是不是与单点登录有冲突？

fence实现单点登录的方案具体是? @liubao68

CustomVertxRestDispatcher 在java-chassis-2.0.0中如何获取transport

CustomVertxRestDispatcher 中引用了 org.apache.servicecomb.core.CseContext，但是在java-chassis-2.0.0中找不到 CseContext了。对应transport = CseContext.getInstance().getTransportManager().findTransport(Const.RESTFUL)如何处理呢

希望作者能出一个关于fence项目的实现思路详解，以及开发指南详细一点的文档，便于新手快速入门，可以高清fence中的鉴权逻辑

demo中登录时，密码错误的时候，一直超时挂起

既然起名叫围栏，是否把访问控制也实现一下呢，

是否可以加入权限管理功能呢，servicecomb-fence的活跃度不高啊

关于fence 开发指南的疑问？

开发指南中， Authentication Server 需要配置 PasswordEncoder、Signer、SignerVerifier、TokenStore、UserDetailsService 等。
但是在项目代码中，Authentication Server 中只配置了PasswordEncoder 和 SignerVerifier
两项，请问这是为什么，根据你这个开发指南看源代码不匹配啊为什么感觉

还有开发指南说明示例项目使用了InMemoryUserDetailsManager ，但是我为什么在项目中
找不到InMemoryUserDetailsManager 的实现，请问这是为什么？

prepare中缺少对静态文件配置的说明

按照官方文档使用Spring Boot 实现Authentication Server出现无法加载bean错误，如何处理呢

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v2.1.7.RELEASE)

2020-03-26 18:00:46.174 INFO 11380 --- [ 2020-03-26 18:00:46.179 INFO 11380 --- [ 2020-03-26 18:00:48.508 INFO 11380 --- [ 2020-03-26 18:00:48.543 WARN 11380 --- [ 2020-03-26 18:00:48.543 INFO 11380 --- [ 2020-03-26 18:00:48.636 INFO 11380 --- [ 2020-03-26 18:00:48.653 INFO 11380 --- [ 2020-03-26 18:00:48.672 INFO 11380 --- [ 2020-03-26 18:00:48.693 INFO 11380 --- [ 2020-03-26 18:00:48.693 INFO 11380 --- [ 2020-03-26 18:00:48.693 INFO 11380 --- [ 2020-03-26 18:00:48.697 INFO 11380 --- [ 2020-03-26 18:00:48.701 INFO 11380 --- [ 2020-03-26 18:00:48.701 INFO 11380 --- [ 2020-03-26 18:00:48.825 INFO 11380 --- [ 2020-03-26 18:00:49.036 INFO 11380 --- [ 2020-03-26 18:00:49.036 INFO 11380 --- [ 2020-03-26 18:00:49.042 INFO 11380 --- [ 2020-03-26 18:00:49.044 INFO 11380 --- [ 2020-03-26 18:00:49.114 INFO 11380 --- [ 2020-03-26 18:00:50.011 INFO 11380 --- [ 2020-03-26 18:00:50.060 INFO 11380 --- [ 2020-03-26 18:00:50.060 INFO 11380 --- [ 2020-03-26 18:00:50.202 INFO 11380 --- [ 2020-03-26 18:00:50.203 INFO 11380 --- [ 2020-03-26 18:00:50.608 INFO 11380 --- [ 2020-03-26 18:00:50.621 INFO 11380 --- [ 2020-03-26 18:00:50.648 INFO 11380 --- [ 2020-03-26 18:00:50.690 INFO 11380 --- [ 2020-03-26 18:00:50.718 INFO 11380 --- [ 2020-03-26 18:00:50.718 INFO 11380 --- [ 2020-03-26 18:00:50.720 INFO 11380 --- [ 2020-03-26 18:00:50.720 WARN 11380 --- [ 2020-03-26 18:00:50.722 INFO 11380 --- [ 2020-03-26 18:00:50.724 INFO 11380 --- [ 2020-03-26 18:00:50.790 WARN 11380 --- [ 2020-03-26 18:00:50.795 INFO 11380 --- [ 2020-03-26 18:00:50.811 INFO 11380 --- [ main] c.g.t.a.AuthenticationServer : Starting AuthenticationServer on DESKTOP-1D22NVS with PID 11380 (D:\Solution\servicecomb\thaidee-platform\td-oauth\authentication-server\target\classes started by QQ in D:\Solution\servicecomb\thaidee-platform)
main] c.g.t.a.AuthenticationServer : No active profile set, falling back to default profiles: default
main] o.a.s.c.ConfigurationSpringInitializer : Environment received, will get configurations from [org.springframework.web.context.support.StandardServletEnvironment@842588842].
main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
main] c.n.c.sources.URLConfigurationSource : To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
main] o.apache.servicecomb.config.ConfigUtil : create local config:
main] c.netflix.config.DynamicPropertyFactory : DynamicPropertyFactory is initialized with configuration sources: com.netflix.config.ConcurrentCompositeConfiguration@7126e26
main] o.apache.servicecomb.config.ConfigUtil : jar:file:/C:/Users/QQ/.m2/repository/org/apache/servicecomb/java-chassis-core/2.0.0/java-chassis-core-2.0.0.jar!/microservice.yaml,file:/D:/Solution/servicecomb/test-platform/td-oauth/authentication-server/target/classes/microservice.yaml.
main] o.a.s.f.common.utils.SPIServiceUtils : Found SPI service org.apache.servicecomb.config.spi.ConfigCenterConfigurationSource, count=0.
main] o.a.s.f.common.utils.SPIServiceUtils : Can not find SPI service for org.apache.servicecomb.config.spi.ConfigCenterConfigurationSource
main] o.apache.servicecomb.config.ConfigUtil : config center SPI service can not find, skip to load configuration from config center
main] o.a.s.f.common.utils.SPIServiceUtils : Can not find SPI service for org.apache.servicecomb.config.spi.ConfigCenterConfigurationSource
main] o.apache.servicecomb.config.ConfigUtil : create local config:
main] o.apache.servicecomb.config.ConfigUtil : jar:file:/C:/Users/QQ/.m2/repository/org/apache/servicecomb/java-chassis-core/2.0.0/java-chassis-core-2.0.0.jar!/microservice.yaml,file:/D:/Solution/servicecomb/test-platform/td-oauth/authentication-server/target/classes/microservice.yaml.
main] trationDelegate$BeanPostProcessorChecker : Bean 'dataSource' of type [org.apache.commons.dbcp2.BasicDataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] trationDelegate$BeanPostProcessorChecker : Bean 'sqlSessionFactory' of type [org.mybatis.spring.SqlSessionFactoryBean] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] trationDelegate$BeanPostProcessorChecker : Bean 'sqlSessionFactory' of type [org.apache.ibatis.session.defaults.DefaultSqlSessionFactory] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] trationDelegate$BeanPostProcessorChecker : Bean 'userMapper' of type [org.mybatis.spring.mapper.MapperFactoryBean] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] trationDelegate$BeanPostProcessorChecker : Bean 'tokenMapper' of type [org.mybatis.spring.mapper.MapperFactoryBean] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$88187c78] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 10008 (http)
main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.22]
main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3948 ms
main] o.a.s.foundation.common.net.NetUtils : add network interface name:eth6,host address:10.65.0.131
main] o.a.s.foundation.common.net.NetUtils : add network interface name:eth7,host address:10.65.0.49
main] o.a.s.foundation.common.net.NetUtils : add network interface name:eth13,host address:172.17.80.193
main] o.a.s.foundation.common.net.NetUtils : add network interface name:eth26,host address:172.18.80.1
main] o.a.s.foundation.common.net.NetUtils : get localhost address: 10.65.0.131
main] o.a.s.foundation.common.net.NetUtils : add host name from localhost:DESKTOP-1D22NVS,host address:10.65.0.131
main] o.a.s.t.rest.servlet.ServletUtils : /0.0.0.0:9061 is not listened, can not publish.
main] o.a.s.t.r.servlet.RestServletInjector : ignore register ServicecombRestServlet.
main] o.a.s.t.rest.servlet.ServletUtils : RestServlet not found, will not save UrlPrefix.
main] o.a.s.common.rest.UploadConfig : servicecomb.uploads.directory is null, not support upload.
main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authOpenIDTokenStore': Unsatisfied dependency expressed through field 'accessTokenStore'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'com.my.test.authentication.token.TokenStore<com.my.test.authentication.token.SessionToken>' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true), @org.springframework.beans.factory.annotation.Qualifier(value=authAccessTokenStore)}
main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
main] ConditionEvaluationReportLoggingListener :

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2020-03-26 18:00:50.997 ERROR 11380 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :

APPLICATION FAILED TO START

Description:

Field accessTokenStore in com.my.test.authentication.token.AbstractOpenIDTokenStore required a bean of type 'com.my.test.authentication.token.TokenStore' that could not be found.

The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
- @org.springframework.beans.factory.annotation.Qualifier(value=authAccessTokenStore)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.