Quarkus结合oidc及hibernate的上手试验

quarkus官方文档

介绍

1
2
3
4
5
6
专为OpenJDK HotSpot和GraalVM量身定制的Kubernetes本机Java堆栈,采用最佳Java库和标准精制而成。--QUARKUS 1.8.3
Quarkus为GraalVM和HotSpot量身定制您的应用程序。惊人的快速启动时间,极低的RSS内存(不仅是堆大小!)在容器编排平台(如Kubernetes)中提供了近乎即时的向上扩展和高密度的内存利用率。我们使用一种称为编译时启动的技术。

Quarkus是开源的。该项目的所有依赖项都可以在Apache Software License 2.0

响应式编程-- jdk9之后的Publisher/Flow

-- 关于quarkus的快,官方写了几个例子:https://quarkus.io/vision/continuum

开始适用

quarkus oidc认证

  • pom
1
2
3
4
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-oidc</artifactId>
</dependency>
  • 重写认证信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[@Slf4j](https://my.oschina.net/slf4j)
@ApplicationScoped
public class RolesAugmentor implements SecurityIdentityAugmentor, Supplier<SecurityIdentity> {

SecurityIdentity identity;

[@Override](https://my.oschina.net/u/1162528)
public int priority() {
return 0;
}

[@Override](https://my.oschina.net/u/1162528)
public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
this.identity = securityIdentity;
return authenticationRequestContext.runBlocking(this::get);

}


[@Override](https://my.oschina.net/u/1162528)
public SecurityIdentity get() {
if (!identity.isAnonymous()) {
// role-name
Set<String> roles = identity.getRoles();
// permission-name
Set<String> perSet = new HashSet<>();
// 查库找permission where role-name in(roles),addAll...

Map<String, Object> map = ((JsonWebToken) identity.getPrincipal()).getClaim("client-id");

return QuarkusSecurityIdentity.builder()
.setPrincipal(identity.getPrincipal())
.addAttributes(map == null ? Collections.emptyMap() : map)
.addCredentials(identity.getCredentials())
.addRoles(perSet)
.build();

}

return identity;
}
}

  • TenantResolver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
@ApplicationScoped
public class CustomTenantResolver implements io.quarkus.oidc.TenantResolver {

@Override
public String resolve(RoutingContext context) {
String path = context.request().path();
String[] parts = path.split("/");

if (parts.length == 0) {
// resolve to default tenant configuration
return "defult";
}

return parts[1];
}
}

quarkus 数据源

  • pom
1
2
3
4
5
6
7
8
9
10
11
<!-- Hibernate ORM specific dependencies -->
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-hibernate-orm</artifactId>
</dependency>

<!-- JDBC driver dependencies -->
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-jdbc-postgresql</artifactId>
</dependency>
  • TenantResolver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
@ApplicationScoped
public class CustomTenantResolver implements io.quarkus.hibernate.orm.runtime.tenant.TenantResolver {

@Inject
RoutingContext context;

@ConfigProperty(name = "quarkus.hibernate-orm.datasource")
public String tenant;

@Override
public String getDefaultTenantId() {
return tenant;
}

@Override
public String resolveTenantId() {
String path = context.request().path();
String[] parts = path.split("/");
if (parts.length == 0) {
// resolve to default tenant configuration
return getDefaultTenantId();
}
return parts[1];
}

}

多数据源/oidc配置

  • quarkus支持多数据源配置,但编译后的文件不支持二次更改(字节码增强)
    参考地址
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# 默认数据源配置
quarkus.datasource.db-kind=postgresql
quarkus.datasource.username=username
quarkus.datasource.password=password
quarkus.datasource.jdbc.url=jdbc:postgresql://192.168.56.110:5432/default
quarkus.hibernate-orm.multitenant=DATABASE #可选,选项为库和模式
quarkus.hibernate-orm.dialect=org.hibernate.dialect.PostgreSQL10Dialect
quarkus.hibernate-orm.datasource=default
# hibenate是否启用自动ddl,可配置项,同spring
quarkus.hibernate-orm.database.generation=none
quarkus.hibernate-orm.packages=org.xiaowu
quarkus.oidc.auth-server-url=http://192.168.56.110:8080/auth/realms/default
quarkus.oidc.client-id=service
quarkus.oidc.credentials.secret=secret
# tenant -> default
quarkus.datasource.default.db-kind=${quarkus.datasource.db-kind}
quarkus.datasource.default.username=${quarkus.datasource.username}
quarkus.datasource.default.password=${quarkus.datasource.password}
quarkus.datasource.default.jdbc.url=${quarkus.datasource.jdbc.url}
quarkus.oidc."default".auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc."default".client-id=${quarkus.oidc.client-id}
quarkus.oidc."default".credentials.secret=${quarkus.oidc.credentials.secret}
# tenant_1
quarkus.datasource.A.db-kind=postgresql
quarkus.datasource.A.username=username
quarkus.datasource.A.password=password
quarkus.datasource.A.jdbc.url=jdbc:postgresql://192.168.56.110:5432/A
quarkus.oidc.A.auth-server-url=http://192.168.56.110:8080/auth/realms/A
quarkus.oidc.A.client-id=backend-service
quarkus.oidc.A.credentials.secret=secret