请仔细阅读文档后,再进行操作
本文档中的各部分操作,只须 选择其中一种方式处理即可
在 云平台 管理中心 中,添加 接口路由;
管理功能的接口请求,由管理中心的后端网关,统一路由至 相关服务。
若 路由记录已经存在,请确认 其 路由服务地址 是否正确
进入 云平台 - 基础管理 - 路由管理,添加路由记录
注:
/api/v1/sample/**,确保与其他路由信息 不存在冲突http://xxx.sample.edu.cnhttp://xxx.sample.edu.cn/**,否则为 http://xxx.sample.edu.cn/api/v1/sample/**代码 | 名称 | 描述 | 是否启用 | 路由前缀 | 路由服务地址 | 是否丢弃前缀
{"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080", "stripPrefix":false} {"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1", "stripPrefix":true} {"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff.authx-service.svc.cluster.local:8080", "stripPrefix":false} {"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff.authx-service.svc.cluster.local:8080", "stripPrefix":false} {"id": "25", "code": "authx-service-log-api", "name":"认证授权 - 日志接口", "memo":"", "status":"1", "pathPrefix":"/api/v2/log", "url":"http://authx-service-authx-log-sa.authx-service.svc.cluster.local:8080", "stripPrefix":false}
curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ -d \ ' {"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080", "stripPrefix":false} ' curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ -d \ ' {"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1", "stripPrefix":true} ' curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ -d \ ' {"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff.authx-service.svc.cluster.local:8080", "stripPrefix":false} ' curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ -d \ ' {"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff.authx-service.svc.cluster.local:8080", "stripPrefix":false} ' curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ -d \ ' {"id": "25", "code": "authx-service-log-api", "name":"认证授权 - 日志接口", "memo":"", "status":"1", "pathPrefix":"/api/v2/log", "url":"http://authx-service-authx-log-sa.authx-service.svc.cluster.local:8080", "stripPrefix":false} '
连接至 admin_center 数据库,执行以下 SQL脚本
use admin_center; delete from TB_MGT_ROUTE where ID in ('20','40','21','22','25'); insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('20', 0, 'authx-service-user-api', '认证授权 - 用户接口', '1', '/api/v1/base', 'https://localhost:8022', 0); insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('40', 0, 'authx-service-personal-api', '认证授权 - 个人信息接口', '1', '/api/v1/personal', 'http://localhost:8041/api/v1', 1); insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认证、授权)', '1', '/api/v2/admin', 'http://localhost:8009', 0); insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0); insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('25', 0, 'authx-service-log-api', '认证授权 - 日志接口', '1', '/api/v2/log', 'http://localhost:8009', 0); commit; update TB_MGT_ROUTE set URL='http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080' where ID='20'; update TB_MGT_ROUTE set URL='http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1' where ID='40'; update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='21'; update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='22'; update TB_MGT_ROUTE set URL='http://authx-service-authx-log-sa.authx-service.svc.cluster.local:8080' where ID='25'; commit;
将 origin 修改为正确的 学校域名
进入 云平台 - 基础管理 - 菜单管理,导入
所属应用 选择 用户授权
菜单列表(JSON)如下,(复制后粘贴)
[ { "id": "20920", "parentIdOrCode":"20000", "code": "twoFactorAuth", "name": "双因子认证", "memo": "", "status": "1", "icon": "su-icon-test", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/twoFactorAuth", "target": "", "order": 20920, "resourceIdOrCodes": [] }, { "id": "22000", "parentIdOrCode":"20000", "code": "logManagement", "name": "日志管理", "memo": "", "status": "1", "icon": "su-icon-taocanguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/logManagement", "target": "", "order": 22000, "resourceIdOrCodes": [] } ]
将 origin 修改为正确的 学校域名
进入 admin-center-sa 下的 pod, 执行命令行
curl -i -s -X POST "http://localhost:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ -d \ ' { "applicationId": "10", "menuList": [ { "id": "20920", "parentIdOrCode":"20000", "code": "twoFactorAuth", "name": "双因子认证", "memo": "", "status": "1", "icon": "su-icon-test", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/twoFactorAuth", "target": "", "order": 20920, "resourceIdOrCodes": [] }, { "id": "22000", "parentIdOrCode":"20000", "code": "logManagement", "name": "日志管理", "memo": "", "status": "1", "icon": "su-icon-taocanguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/logManagement", "target": "", "order": 22000, "resourceIdOrCodes": [] } ] } '
角色由授权服务进行初始化
进入 云平台 - 基础管理 - 角色权限,导入
角色权限(JSON)如下,(复制后粘贴)
[ { "roleId": "20", "roleCode":"cas-admin", "permissionIdOrCodes": ["20920", "22000"] } ]
进入 admin-center-sa 下的 pod, 执行命令行
curl -i -s -X POST "http://localhost:8080/v1/admin/rolePermissions/importRolePermission" -H 'Content-Type: application/json' \ -d \ ' { "roleCodeIdMap": { "cas-admin": "20", "user-admin": "30", "user-authz-admin": "40", "user-authz-grant-admin": "41", "user-authz-man-grant-admin": "42" }, "rolePermissionList": [ { "roleId": "20", "roleCode":"cas-admin", "permissionIdOrCodes": ["1", "20000", "20100", "20200", "20300", "20400", "20500", "20600", "20700", "20800", "20900", "20920", "21000", "21100", "22000"] }, { "roleId": "30", "roleCode": "user-admin", "permissionIdOrCodes": ["1", "30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30800", "31000"] }, { "roleId": "40", "roleCode": "user-authz-admin", "permissionIdOrCodes": ["1", "40000", "40050", "40100", "40200", "40300", "40500", "40900", "41100", "41200", "41300", "41350", "41400", "41500"] }, { "roleId": "41", "roleCode": "user-authz-grant-admin", "permissionIdOrCodes": ["1", "40000", "40100", "40300", "40500"] }, { "roleId": "42", "roleCode": "user-authz-man-grant-admin", "permissionIdOrCodes": ["1", "40000", "40900"] } ] } '