paulwong

#

基于Spring Cloud的快速开发脚手架&最佳实践总结

Spring Cloud 你懂的
Keycloak 微服务认证授权
Jenkins 持续集成
SonarQube 代码质量控制


https://gitee.com/itmuch/spring-cloud-yes

posted @ 2020-10-09 10:48 paulwong 阅读(548) | 评论 (0)编辑 收藏

Keycloak初探

Keycloak是Jboss出品的做认证和授权的WEB程序,根据OPENIDC协议,OPENID是做认证,OAUTH2.0是做授权,OPENIDC则将这两者整合。

有提供一套WEB界面维护用户、应用与角色。

Ream则可认为是多租户,每个租户的应用和用户数据是隔离的。

http://10.80.27.69:8180/auth/realms/quickstart/.well-known/openid-configuration 提供当前所有的API节点。
get_access_token_from_public_client:
curl --location --request POST 'http://10.80.27.69:8180/auth/realms/quickstart/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=alice' \
--data-urlencode 'password=123456' \
--data-urlencode 'client_id=app-springboot-public' \
--data-urlencode 'grant_type=password' \
| jq

./get_access_token_from_confidential_client.sh
curl --location --request POST 'http://10.80.27.69:8180/auth/realms/quickstart/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=app-springboot-confidential' \
--data-urlencode 'client_secret=3acf7692-49cb-4c45-9943-6f3dba512dae' \
--data-urlencode 'grant_type=client_credentials' \
| jq

访问一个ACCESS TYPE为Bare only的应用的一个API:
access_token=$(curl \
-d "client_id=app-springboot-public" \
-d "username=alice" \
-d "password=123456" \
-d "grant_type=password" \
"http://10.80.27.69:8180/auth/realms/quickstart/protocol/openid-connect/token" \
| jq -r '.access_token')

#echo $access_token

curl -H "Authorization: Bearer $access_token" 'http://10.80.27.69:8182/products' | jq

访问用户信息:
access_token=$(curl \
-d "client_id=app-springboot-public" \
-d "username=alice" \
-d "password=123456" \
-d "grant_type=password" \
"http://10.80.27.69:8180/auth/realms/quickstart/protocol/openid-connect/token" | jq -r '.access_token')


curl -H "Authorization: Bearer $access_token" http://10.80.27.69:8180/auth/realms/quickstart/protocol/openid-connect/userinfo | jq














posted @ 2020-10-08 13:56 paulwong 阅读(728) | 评论 (0)编辑 收藏

配置docker仓库镜像,即使用私服

编辑/etc/docker/daemon.json,加入以下节点:
{
  "registry-mirrors": [
    "https://hub-mirror.c.163.com",
    "https://mirror.baidubce.com"
  ]
}


posted @ 2020-09-30 15:40 paulwong 阅读(456) | 评论 (0)编辑 收藏

以非root用户运行docker

[root@dev69 ~]$ groupadd docker
[root@dev69 ~]$ usermod -aG docker $USER
[root@dev69 ~]$ reboot
[paul@dev69 ~]$ docker run hello-world

docker 安装:
[root@dev69 ~]$ yum install -y docker
[root@dev69 ~]$ systemctl enable docker
[root@dev69 ~]$ systemctl start docker

posted @ 2020-09-30 15:10 paulwong 阅读(479) | 评论 (0)编辑 收藏

MAVEN私服、DOCKER私服、NPM私服,专治各种私服

Using Nexus 3 as Your Repository – Part 1: Maven Artifacts
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-1-maven-artifacts

Using Nexus 3 as Your Repository – Part 2: npm Packages
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages

Using Nexus 3 as Your Repository – Part 3: Docker Images
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-3-docker-images

微服务--使用Nexus Repository Manager 3.0搭建私有Docker仓库
https://www.hifreud.com/2018/06/05/02-nexus-docker-repository/

posted @ 2020-09-30 14:24 paulwong 阅读(370) | 评论 (0)编辑 收藏

keycloak 资源

Keycloak为现代应用和服务提供开源的认证和访问管理,即通常所说的认证和授权。

Keycloak支持OpenID、OAuth 2.0和SAML 2.0协议;支持用户注册、用户管理、权限管理;支持OTP,支持代理OpenID、SAML 2.0 IDP,支持GitHub、LinkedIn等第三方登录,支持整合LDAP和Active Directory;支持自定义认证流程、自定义用户界面,支持国际化。

有用户管理界面,可用于API的认证和用户的认证,用户认证需人为输入用户名与密码,API则凭BARE TOKEN即可认证。

Spring Boot/Angular整合Keycloak实现单点登录
https://blog.51cto.com/7308310/2446368

僅十分鐘即可接入Spring Boot/Vue前後端分離應用實現SSO單點登錄
https://kknews.cc/code/a6am5pj.html

SpringBoot整合KeyCloak权限管理
https://qianmoq.com/fuwuduan/springboot/springbootzhenghekeycloakquanxianguanli.html

使用Spring Gateway和KeyCloak构建一个OIDC认证系统
https://zhuanlan.zhihu.com/p/138578359

A Quick Guide to Using Keycloak with Spring Boot
https://www.baeldung.com/spring-boot-keycloak

Keycloak与微服务的整合
https://gitee.com/itmuch/spring-cloud-yes/blob/master/doc/keycloak-learn/Keycloak%E6%90%AD%E5%BB%BA%E6%89%8B%E6%8A%8A%E6%89%8B%E6%93%8D%E4%BD%9C%E6%8C%87%E5%8D%97.md

RedHat
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html/securing_applications_and_services_guide/openid_connect_3

https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/html-single/authorization_services_guide/index

https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/

posted @ 2020-09-25 15:46 paulwong 阅读(382) | 评论 (0)编辑 收藏

linux shell 中检查文件夹是否存在

To check if a directory exists in a shell script, you can use the following:
if [ -d "$DIRECTORY" ]; then
  # Control will enter here if $DIRECTORY exists.
fi

Or to check if a directory doesn't exist:
if [ ! -d "$DIRECTORY" ]; then
  # Control will enter here if $DIRECTORY doesn't exist.
fi

posted @ 2020-09-25 11:11 paulwong 阅读(378) | 评论 (0)编辑 收藏

linux shell 中函数的调用

function fun1(){
  return 34
}

function fun2(){
  local res=$(fun1)
  echo $res
}

上面调用fun1时,打印结果却不返回34,这是为何?原来函数只是返回结果成功与否的值,并不能自定义。因此要改成下面这种写法

function fun1(){
  echo 34
}

function fun2(){
  local res=$(fun1)
  echo $res
}

https://stackoverflow.com/questions/17336915/return-value-in-a-bash-function

posted @ 2020-09-25 11:06 paulwong 阅读(370) | 评论 (0)编辑 收藏

在ECLIPSE中切换到新建的分支

如果已经在ECLIPSE中CLONE了GIT的项目,这时当GIT中又新建了项目,ECLIPSE无法切换到这新建的项目,解决办法:


In the Git Repositories view:

  1. Right-click the repository and choose Fetch from Upstream
  2. If the new branch will not shown up below Branches/Remote Tracking, you have to configure fetch:
    1. Right-click the fetch node below Remotes/origin and choose Configure Fetch...
    2. In the Configure Fetch make sure there is only the single Ref mapping (assuming the remote is named origin+refs/heads/*:refs/remotes/origin/*:
      Configure fetch

这时再次Fetch from upstream,则新建的项目再次重现:Git Repositories View-->Branches-->Remote Checking中。
双击新的分支,选:Check out as New Local Branch即可。

https://stackoverflow.com/questions/47390703/how-do-i-get-a-new-branch-to-show-up-in-eclipse-git-remote-tracking/47391183

posted @ 2020-09-24 15:16 paulwong 阅读(710) | 评论 (0)编辑 收藏

向所有服务器发送相同命令

先在主控机执行ssh-keygen,再向被控机传输key,
ssh-copy-id -i ~/.ssh/id_rsa.pub user1@ip

样例脚本transfer-artemis.sh如下:
#!/bin/bash

loop_server(){
    for ((i=2; i<=8; i++))
    do
      ipd=10.10.31.1${i}2
      echo ${ipd}
      $1 ${ipd}
    done
    
    for ((i=1; i<=2; i++))
    do
      ipd=10.20.31.1${i}2
      echo ${ipd}
      $1 ${ipd}
    done
    
}

start_artemis_cmd(){
    echo "ssh user1@${1} '/opt/myapp/artemis/apache-artemis-2.15.0/instance/bin/artemis-service start'"
    ssh user1@${1} '/opt/myapp/artemis/apache-artemis-2.15.0/instance/bin/artemis-service start'
}

stop_artemis_cmd(){
    echo "ssh user1@${1} '/opt/myapp/apache-activemq-5.15.10/bin/activemq stop'"
    echo "ssh user1@${1} '/opt/myapp/artemis/apache-artemis-2.15.0/instance/bin/artemis-service stop'"
    ssh user1@${1} '/opt/myapp/apache-activemq-5.15.10/bin/activemq stop'
    ssh user1@${1} '/opt/myapp/artemis/apache-artemis-2.15.0/instance/bin/artemis-service stop'
}

scp_artemis_cmd(){
    echo "ssh user1@${1} 'rm -rf /opt/myapp/artemis'"
    echo "scp -r /opt/myapp/artemis user1@${1}:/opt/myapp/"
    ssh user1@${1} 'rm -rf /opt/myapp/artemis'
    scp -r /opt/myapp/artemis user1@${1}:/opt/myapp/
}

stop_artemis(){
    loop_server stop_artemis_cmd
}

start_artemis(){
    loop_server start_artemis_cmd
}

scp_artemis(){ 
    loop_server scp_artemis_cmd
}

#start_artemis "Hello start_artemis"

$1

执行命令:
./transfer-artemis.sh start_artemis

posted @ 2020-09-24 10:52 paulwong 阅读(338) | 评论 (0)编辑 收藏

仅列出标题
共112页: First 上一页 10 11 12 13 14 15 16 17 18 下一页 Last