diff --git a/pom.xml b/pom.xml
index 9d4919c..aecd813 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,6 +75,12 @@
xservice-parent-starter
2.0
+
+
+ com.xiang
+ xservice-security-starter
+ 1.0-SNAPSHOT
+
diff --git a/xs-server/src/main/resources/application.yml b/xs-server/src/main/resources/application.yml
index 2ad80be..1c0af79 100644
--- a/xs-server/src/main/resources/application.yml
+++ b/xs-server/src/main/resources/application.yml
@@ -5,4 +5,7 @@ spring:
profiles:
active: local
main:
- web-application-type: reactive
\ No newline at end of file
+ web-application-type: reactive
+
+auth:
+ jwk-set-uri: http://api-auth/oauth2/jwks
\ No newline at end of file
diff --git a/xs-service/src/main/java/com/xiang/xservice/gateway/service/config/GatewaySecurityConfig.java b/xs-service/src/main/java/com/xiang/xservice/gateway/service/config/GatewaySecurityConfig.java
new file mode 100644
index 0000000..573c08f
--- /dev/null
+++ b/xs-service/src/main/java/com/xiang/xservice/gateway/service/config/GatewaySecurityConfig.java
@@ -0,0 +1,24 @@
+package com.xiang.xservice.gateway.service.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@Configuration
+@EnableWebFluxSecurity
+public class GatewaySecurityConfig {
+
+ @Bean
+ public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+ http
+ .authorizeExchange(exchanges -> exchanges
+ // ✅ 网关全放行
+ .anyExchange().permitAll()
+ )
+ .csrf(ServerHttpSecurity.CsrfSpec::disable); // 禁用 CSRF
+
+ return http.build();
+ }
+}
\ No newline at end of file
diff --git a/xs-service/src/main/java/com/xiang/xservice/gateway/service/core/AuthGlobalFilter.java b/xs-service/src/main/java/com/xiang/xservice/gateway/service/core/AuthGlobalFilter.java
index 92ed0c2..bdbd4e1 100644
--- a/xs-service/src/main/java/com/xiang/xservice/gateway/service/core/AuthGlobalFilter.java
+++ b/xs-service/src/main/java/com/xiang/xservice/gateway/service/core/AuthGlobalFilter.java
@@ -1,6 +1,8 @@
package com.xiang.xservice.gateway.service.core;
+import com.xiang.xservice.security.utils.TokenUtils;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
@@ -15,12 +17,15 @@ import reactor.core.publisher.Mono;
@Component
public class AuthGlobalFilter implements GlobalFilter, Ordered {
+ @Autowired
+ private TokenUtils tokenUtils;
+
@Override
public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
String path = request.getURI().getPath();
// 放行 /public/** 和 /login
- if (path.contains("/public/") || path.contains("/login")) {
+ if (path.contains("/public/") || path.contains("/login") || path.contains("/logout") || path.contains("/oauth2")) {
log.debug("跳过 Token 校验: {}", path);
return chain.filter(exchange);
}
@@ -35,9 +40,7 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
}
try {
- // TODO: 这里换成你自己的 JwtUtil.verify(token)
-// boolean valid = JwtUtil.verify(token);
- if (false) {
+ if (!tokenUtils.validateToken(token)) {
log.warn("❌ Token 校验失败: {}", token);
exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
return exchange.getResponse().setComplete();