Nacos 2.1.0 is supported! The ultimate solution for Spring Cloud Gateway + Oauth2 microservice permissions has been upgraded!

Recently, my friends often ask me about the use of Oauth2 in microservices. In fact, I have written a related article before. This time I took the time to upgrade the Demo in the previous article to support the latest versions of Spring Cloud and Nacos. Today, I will introduce this ultimate solution of microservice permissions, and I hope it will be helpful to everyone!

SpringCloud actual e-commerce project mall-swarm (8.8k+star) address: https://github.com/macrozheng/mall-swarm

Realize ideas

First, let’s talk about the implementation of this solution. Our ideal solution should be like this. The authentication service is responsible for unified authentication, the gateway service is responsible for verification and authentication, and other API services are responsible for processing their own business logic. Security-related logic only exists in authentication services and gateway services, and other services simply provide services without any security-related logic.

The related services in this solution are divided as follows:

• micro-oauth2-gateway : gateway service, responsible for request forwarding and authentication functions, integrating Spring Security+Oauth2;
• micro-oauth2-auth : Authentication service, responsible for authenticating logged in users, integrating Spring Security+Oauth2;
• micro-oauth2-api : API service, protected by gateway service, user can access this service after passing authentication, does not integrate Spring Security+Oauth2.

Upgrade Notes

• The dependency versions of this project have been upgraded to support SpringBoot 2.7.0 and the latest version of Spring Cloud;

 <properties>
    <spring-boot.version>2.7.0</spring-boot.version>
    <spring-cloud.version>2021.0.3</spring-cloud.version>
    <spring-cloud-alibaba.version>2021.0.1.0</spring-cloud-alibaba.version>
</properties>

• I have to complain about the version number of Spring Cloud here. The name used to be the name of the London subway station before, and the chronological order of the versions corresponds to the order of the alphabet. Later, it was changed to the year, and now the name of the previously abandoned subway station was added as Aliases are really confusing;

• The version number needs to be added to use the Maven plugin in SpringBoot 2.7.0;

 <plugin>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-maven-plugin</artifactId>
    <version>${spring-boot.version}</version>
</plugin>

• The latest version of Spring Cloud has abandoned the use of Ribbon for load balancing and instead uses LoadBalancer, so the gateway service micro-oauth2-gateway needs to add LoadBalancer dependency;

 <dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-loadbalancer</artifactId>
</dependency>

• If LoadBalancer dependency is not added, calling any service from the gateway will return Service Unavailable error message;

 {
    "timestamp": "2022-06-28T02:36:31.680+00:00",
    "path": "/auth/oauth/token",
    "status": 503,
    "error": "Service Unavailable",
    "requestId": "c480cefa-1"
}

• micro-oauth2-auth authentication service needs to be upgraded. Note that the JWT library used should also be upgraded synchronously;

 <dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-oauth2</artifactId>
        <version>2.2.5.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>com.nimbusds</groupId>
        <artifactId>nimbus-jose-jwt</artifactId>
        <version>9.23</version>
    </dependency>
</dependencies>

• Download Nacos 2.1.0 version, download address: https://github.com/alibaba/nacos/releases

• After the download is complete, unzip it to the specified directory, and use the following command to start Nacos;

 startup.cmd -m standalone

• Access the Nacos console, use the account password nacos:nacos to log in, visit the address: http://localhost:8848/nacos/

use

This article is only the ultimate solution for microservice permissions, Spring Cloud Gateway + Oauth2 realizes unified authentication and authentication! The supplement of the upgraded version, the specific code implementation can refer to this article, and the unified authentication and authentication functions in the solution are demonstrated below.

• First, you need to start the Nacos and Redis services, and then start the micro-oauth2-auth , micro-oauth2-gateway and micro-oauth2-api services in turn. After the startup is complete, the Nacos service list is displayed as follows;

• Use password mode to get JWT token, access address: http://localhost:9201/auth/oauth/token

• Access the protected API interface without JWT token, access address: http://localhost:9201/api/hello

• Access the protected API interface with a JWT token, pay attention to the request header Authorization add Bearer prefix, it can be accessed normally;

• Use the obtained JWT token to access the interface for obtaining the information of the current logged-in user. Access address: http://localhost:9201/api/user/currentUser

• When the JWT token expires, use the interface returned refreshToken to obtain a new JWT token, access address: http://localhost:9201/auth/oauth/token

• Use the andy:123456 account to log in, the following information will be returned when accessing the interface, and the access address: http://localhost:9201/api/hello

Summarize

When implementing the permission function in the microservice system, we should not integrate the repeated permission verification function into each independent API service, but should do unified processing at the gateway, and then go through the certification center to conduct unified authentication. Elegant microservice permission solution!

Project source code address

https://github.com/macrozheng/springcloud-learning/tree/master/micro-oauth2