Quarkus结合oidc及hibernate的上手试验

quarkus官方文档

介绍

1
2
3
4
5
6
专为OpenJDK HotSpot和GraalVM量身定制的Kubernetes本机Java堆栈,采用最佳Java库和标准精制而成。--QUARKUS 1.8.3
Quarkus为GraalVM和HotSpot量身定制您的应用程序。惊人的快速启动时间,极低的RSS内存(不仅是堆大小!)在容器编排平台(如Kubernetes)中提供了近乎即时的向上扩展和高密度的内存利用率。我们使用一种称为编译时启动的技术。

Quarkus是开源的。该项目的所有依赖项都可以在Apache Software License 2.0

响应式编程-- jdk9之后的Publisher/Flow

-- 关于quarkus的快,官方写了几个例子:https://quarkus.io/vision/continuum

开始适用

quarkus oidc认证

  • pom
1
2
3
4
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-oidc</artifactId>
</dependency>
  • 重写认证信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[@Slf4j](https://my.oschina.net/slf4j)
@ApplicationScoped
public class RolesAugmentor implements SecurityIdentityAugmentor, Supplier<SecurityIdentity> {

    SecurityIdentity identity;

    [@Override](https://my.oschina.net/u/1162528)
    public int priority() {
        return 0;
    }

    [@Override](https://my.oschina.net/u/1162528)
    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
        this.identity = securityIdentity;
        return authenticationRequestContext.runBlocking(this::get);

    }


    [@Override](https://my.oschina.net/u/1162528)
    public SecurityIdentity get() {
        if (!identity.isAnonymous()) {
            // role-name
            Set<String> roles = identity.getRoles();
            // permission-name
            Set<String> perSet = new HashSet<>();
            // 查库找permission where role-name in(roles),addAll...

            Map<String, Object> map = ((JsonWebToken) identity.getPrincipal()).getClaim("client-id");

            return QuarkusSecurityIdentity.builder()
                    .setPrincipal(identity.getPrincipal())
                    .addAttributes(map == null ? Collections.emptyMap() : map)
                    .addCredentials(identity.getCredentials())
                    .addRoles(perSet)
                    .build();

        }

        return identity;
    }
}

  • TenantResolver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
@ApplicationScoped
public class CustomTenantResolver implements io.quarkus.oidc.TenantResolver {

    @Override
    public String resolve(RoutingContext context) {
        String path = context.request().path();
        String[] parts = path.split("/");

        if (parts.length == 0) {
            // resolve to default tenant configuration
            return "defult";
        }

        return parts[1];
    }
}

quarkus 数据源

  • pom
1
2
3
4
5
6
7
8
9
10
11
<!-- Hibernate ORM specific dependencies -->
    <dependency>
        <groupId>io.quarkus</groupId>
        <artifactId>quarkus-hibernate-orm</artifactId>
    </dependency>

    <!-- JDBC driver dependencies -->
    <dependency>
        <groupId>io.quarkus</groupId>
        <artifactId>quarkus-jdbc-postgresql</artifactId>
    </dependency>
  • TenantResolver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
@ApplicationScoped
public class CustomTenantResolver implements io.quarkus.hibernate.orm.runtime.tenant.TenantResolver {

    @Inject
    RoutingContext context;

    @ConfigProperty(name = "quarkus.hibernate-orm.datasource")
    public String tenant;

    @Override
    public String getDefaultTenantId() {
        return tenant;
    }

    @Override
    public String resolveTenantId() {
        String path = context.request().path();
        String[] parts = path.split("/");
        if (parts.length == 0) {
            // resolve to default tenant configuration
            return getDefaultTenantId();
        }
        return parts[1];
    }

}

多数据源/oidc配置

  • quarkus支持多数据源配置,但编译后的文件不支持二次更改(字节码增强)
    参考地址
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# 默认数据源配置
quarkus.datasource.db-kind=postgresql
quarkus.datasource.username=username
quarkus.datasource.password=password
quarkus.datasource.jdbc.url=jdbc:postgresql://192.168.56.110:5432/default
quarkus.hibernate-orm.multitenant=DATABASE  #可选,选项为库和模式
quarkus.hibernate-orm.dialect=org.hibernate.dialect.PostgreSQL10Dialect
quarkus.hibernate-orm.datasource=default
# hibenate是否启用自动ddl,可配置项,同spring
quarkus.hibernate-orm.database.generation=none
quarkus.hibernate-orm.packages=org.xiaowu
quarkus.oidc.auth-server-url=http://192.168.56.110:8080/auth/realms/default
quarkus.oidc.client-id=service
quarkus.oidc.credentials.secret=secret
# tenant -> default
quarkus.datasource.default.db-kind=${quarkus.datasource.db-kind}
quarkus.datasource.default.username=${quarkus.datasource.username}
quarkus.datasource.default.password=${quarkus.datasource.password}
quarkus.datasource.default.jdbc.url=${quarkus.datasource.jdbc.url}
quarkus.oidc."default".auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc."default".client-id=${quarkus.oidc.client-id}
quarkus.oidc."default".credentials.secret=${quarkus.oidc.credentials.secret}
# tenant_1
quarkus.datasource.A.db-kind=postgresql
quarkus.datasource.A.username=username
quarkus.datasource.A.password=password
quarkus.datasource.A.jdbc.url=jdbc:postgresql://192.168.56.110:5432/A
quarkus.oidc.A.auth-server-url=http://192.168.56.110:8080/auth/realms/A
quarkus.oidc.A.client-id=backend-service
quarkus.oidc.A.credentials.secret=secret