Simple and elegant, stable and efficient | Quiet and far reaching, keep improving
Enterprise level microservice architecture based on Spring Authorization Server and new adaptation to OAuth 2.1 protocol
Github warehouse | Gitee warehouse | Legacy Documents
New Version Document
If you find it helpful, please click "Star" in the upper right corner to support it. Thank you!
Important notes
In order to protect the rights and interests of authors, the following explanations are made due to frequent changes in package names, deletion of copyright information of authors, and secondary open source:
- Since the Dante Cloud project started in version 3.3. X, the open source protocol has been changed to AGPL 3.0.
- From June 1, 2024, the Dante Engine project will be closed permanently and will not be opened again. This will not affect the use. The code will be continuously updated and uploaded to the central warehouse, which can be viewed through source.jar.
- If you need to modify Dante Engine code for your own use, you can [Message Registration] , contact the author to open the private database.
- Commercial Dante Cloud and related projects, whether blocky or responsive, need to apply for authorization. Click [Learn more]
Enterprise level technology platform microservice architecture and service capability development and management platform
Dante Cloud It is the first microservice supporting blocking and responsive integration in China. With " High quality code, low security vulnerabilities "As the core, It adopts the design idea of domain driven model (DDD) and is completely based on the Spring ecological global open source technology and OAuth2.1 protocol, supporting the authentication of intelligent TV, IoT and other IoT devices , satisfied National three-level insurance requirements Support interface Encryption and decryption of national secret digital envelope , anti brushing, advanced anti XSS, SQL injection and other security systems Multi tenant microservice solution 。
location
- Build a mature, complete and comprehensive microservice architecture solution based on OAuth2.1 with front and rear end separation.
- The design and development of enterprise level applications and Internet applications not only take into account the micro service of traditional projects, but also meet the needs of Internet application development and construction and rapid iteration.
- The platform architecture is built using various emerging technologies or mainstream technologies related to the microservice field and its surrounding areas, which is a sharp tool to help quickly cross the architecture technology selection, research and exploration stages.
- The code is concise and standard, and the structure is reasonable and clear. It is a typical and comprehensive case of new technology development and application, helping developers learn and master emerging technologies.
Dante Cloud Responsive Version Feature
-
Spring Boot
Upgraded to 3.3.0
-
Spring Authorization Server
Upgraded to 1.3.0
- Fully adopt Java 21, and enable virtual threads by default to improve the processing of blocking operations and reduce the consumption of system resources
- Support traditional
Blocking type
Micro service and based on Reactor
and WebFlux
Of Responsive
Microservices run in a set of systems at the same time
- Not mandatory
Responsive
It can be developed in a flexible way according to the requirements of its own project for resource throughput, resource consumption, and special function performance guarantee Responsive
still Blocking type
To develop corresponding services.
- Keeping the original Dante Cloud
Spring Authorization Server
On the premise of various features of deep expansion Responsive
The dynamic authentication of the service is fully integrated with the existing system (no need to use it in the code @PreAuthorize
Write dead permission, all through the background dynamic management)
- Transition to "reactive programming" based on
Reactor
Reconstruct a large number of core codes to further improve the code quality and operation efficiency of the system
- Re structure all core component modules, further reduce the coupling of each module, reduce the dependence depth of third-party components, simplify the complexity of using each module, use the official writing method closer to Spring Boot ecology, and improve the pluggable and
Responsive
and Blocking type
Adaptability of automatic configuration in different environments
- realization
Responsive
and Blocking type
The perfect integration of different types of services, session sharing systems and custom session systems (who says microservices must not use Session:).
- newly added
GRPC
Inter service invocation and communication mode, system core inter service invocation support OpenFeign
and GRPC
Two methods can be switched by modifying the configuration.
- be based on
RSocket
Full rewrite WebSocket
Message system, implementing WebSocket
Of Responsive
Modification and RSocket
Comprehensive integration with Spring Security system. Support multi instance, cross service private messages and broadcasts
- Add OAuth2 independent client, which can be used for client dynamic registration and authorization code mode
- New based on
Loki + Grafana
The ecological lightweight log center and link tracking solution uses OSS as data storage, greatly reducing resource requirements. It can be used as an alternative to the original Skywalking and ELK heavyweight systems, and can be switched according to actual needs.
- Open the function of pure handwritten dynamic form. It can realize the concatenation of BPMN, dynamic form and Camunda process engine, and realize the operation of workflow (only simple workflow is supported at present)
- Open BPMN online designer function including custom property panel.
- Open the authentication and management module of IoT devices to support the communication and management of IoT devices based on Emqx.
- Open third-party OpenApi packaging modules such as Alibaba Cloud content audit, Baidu OCR, Huanxin, Emqx, Tianyancha, Nacos, PolarisMash, etc
- The front-end project supports Docker operation, and related parameters can be modified by configuring environment variables. It has been uploaded to the Docker Hub and can be downloaded and run directly.
Dante Cloud 3. X Features
1. The core foundation relies on convenient switching
- newly added
Spring Cloud Tencent
and Spring Cloud
Two kinds of infrastructure support, such as native microservice and whole bucket.
- newly added
Spring Cloud Alibaba
、 Spring Cloud Tencent
and Spring Cloud
The three basic settings of the native microservice bucket can be switched to Alibaba, Tencent, Spring and other infrastructure environments in a relatively convenient way. It can be selected according to its own actual needs, and is no longer limited to running in a certain infrastructure environment.
two Spring Authorization Server
Full feature support and expansion
- be based on
Spring Authorization Server
and Spring Data JPA
It implements multi tenant system architecture and supports Database and Schema modes.
- be based on
Spring Data JPA
, Rebuild Spring Authorization Server
Basic data storage code, replacing the original JDBC data access method, and breaking Spring Authorization Server
The original data storage limitations are expanded to more practical application methods and designs.
- be based on
Spring Authorization Server
On the basis of OAuth 2.1 specification, add customization Resource Ownership Password
(Password) authentication mode, which is compatible with the existing OAuth 2 based, front end and back end separated applications, supports Refresh Token
Use of.
- be based on
Spring Authorization Server
On the basis of OAuth 2.1 specification, add customization Social Credentials
(Social login) authentication mode, supporting SMS verification code, WeChat applet JustAuth
Third-party application login of, support Refresh Token
Use of.
- extend
Spring Authorization Server
default Client Credentials
Mode to realize the real use of Scope permission to verify the interface. Add the permission configuration function of the client scope and decouple it from the existing user permission system
- support
Spring Authorization Server
Authorization Code PKCE
Authentication mode
- stay
Spring Authorization Server
Standard JWT Token
In addition to encryption verification mode, it supports JWT Token
The encryption verification method can be dynamically modified through configuration.
- support
Opaque Token
(opaque token) format and verification method, reducing JWT Token
Risk of being captured and resolved. By modifying the configuration parameters, you can set the default token format to be Opaque Token
Format or JWT Token
Format.
- Full support
OpenID Connect
(OIDC) protocol, the system can quickly switch between OIDC mode and traditional OAuth2 mode through front-end switch configuration according to the use demand
- Deep expansion
Authorization Code
、 Resource Ownership Password
、 Social Credentials
Comprehensive integration of several modes IdToken
、 Opaque Token
、 JWT Token
With the existing authority system IdToken
And custom token extension are two user information transmission methods that do not require a second request to reduce frequent user information requests.
- custom
Spring Authorization Server
The authorization code mode login authentication page and authorization confirmation page, and the authorization code mode login adopts data encryption transmission. Multiple verification code types are supported, but behavior verification codes are not supported for the time being.
- New based on
Spring Authorization Server
, supporting authentication modes of intelligent TV, IoT and other IoT devices
- No need to configure in code
Spring Security
Permission annotation and permission method can realize interface authentication and dynamic modification of permissions. The distributed authentication scheme is adopted to avoid the pressure of unified authentication and repeated authentication of the Gateway
- OAuth2 UserDetails core data supports two modes: direct database acquisition and Feign remote call. The OAuth2 direct connection database mode has better performance, and the scalability of Feign access remote calls is stronger. The policy mode can be adopted through configuration dynamic modification.
3. Integration of all systematic applications and development features
- The whole system session sharing of microservice architecture realizes the unification of Spring Authorization Server, multi instance service, WebSocket, custom session and large front-end session.
Sessions under the microservice architecture can be used, but not without
。
- Mixed national secrets
SM2
(asymmetric) and SM4
(Symmetric encryption) algorithm, which realizes the dynamic generation and encryption transmission of secret key based on digital envelope technology. The "one person, one code" mechanism is used to realize the dynamic encryption transmission of front and rear data. Spring Authorization Server OAuth 2.1 authorization mode is deeply integrated to build a unified system of data transmission encryption.
- Comprehensive integration
@PreAuthorize
Annotation permission and URL
Permissions are dynamically configured through the backend, without configuring in the code Spring Security
Permission annotation and permission method can realize unified management and dynamic modification of interface authentication and permission
- Integrate Spring Cloud Stream and WebSocket, and realize the point-to-point, broadcast message cross instance push, online user real-time statistics in an elegant way under the multi instance environment of WebSocket service, perfectly supporting WebSocket cluster applications.
- Draw lessons from the standardized design idea of JPA, extract and abstract OSS standardized operations, and form a unified Java OSS API specification. Encapsulates a unified REST API that can operate from any manufacturer, builds an application mode that defines a unified and dynamic implementation (similar to Hibernate, an implementation of JPA, and Hibernate supports different databases in the Dialect way), and implements seamless switching and migration of OSS by modifying the configuration without modifying the code
- Self developed based on
JetCache
Distributed two-level cache, perfectly realizing JPA Hibernate two-level cache, supporting various query data caches and JPA @ManyToMany
, @ManyToOne
And other related queries. Perfect solution to the problems that Spring Cache only uses local cache, creating keys is tedious, and paging data cannot be updated. Support multi instance service local cache and remote cache data synchronization, and support Mybatis Plus L2 cache
- The platform unifies error handling, supports user-defined error code system, and integrates effectively
OAuth2
、 Spring Validation
And organically integrate HTTP status codes. Customizer mode and error code automatic calculation and creation mode are adopted to support flexible definition and extension of error codes at code module level. The response results are more diverse and flexible, and the feedback results are more user-friendly, which is easy to understand and locate the problem.
- The whole system of OkHttp and HttpClient is integrated in a unified way, realizing the integration of OkHttp and HttpClient with RestTemplate and Openfeign. Use Feign configuration parameters uniformly to set parameters for OkHttp and HttpClient. You can strategically select OkHttp or HttpClient as the basic HttpClient for RestTemplate and Openfeign
4. Adoption pnpm monorepo
Reconstruct front end
- It does not use any popular open source template, uses a new technology stack, and completely "writes" a new front-end project.
- By referring to the use and design of popular open source versions, the new front-end interface style and operation habits should be as consistent as possible with the current popular way.
- Fully use the features of the Typescript language, solve a large number of type verification problems, and try to avoid the "any" type of use of the Typescript programming language.
- Fully use the new features of Vue3 framework such as Composition Api and Hooks for coding.
- Make full use of Component, Hooks, Typescript and other object-oriented features to extract common components and code, and minimize duplication of engineering code.
- Encapsulates many Quasar basic components and application function components to facilitate the unified modification, maintenance, development and use of code.
- In the production mode, the in-depth performance optimization of project packaging based on Vite3 is carried out.
- It provides container packaging and deployment of engineering production code in docker compose mode.
- This version is based on pnpm and uses the monorepo mode to reconstruct the front-end project. Build the front end of the Monorepo version to pave the way for expanding more functions and adding application level functions
- Extract utils, components, apis, bpmn designer and other related codes to form a shared module.
- The shared module has been optimized and configured, and can be compiled into independent components, which can be released separately in the form of components.
- The code is maintained and developed separately in the form of shared modules to reduce the complexity of existing engineering code and facilitate the extension of subsequent functions and code reuse.
[1] Open source agreement
[2] Overall architecture
Some function demos are being added step by step
(1) Method level dynamic permission
(2) Minio Console uses Dante Cloud login authentication
(3) Service call chain monitoring
[3] Function introduction
See online documentation for details
[4] , technical stack and version description
(1) Spring whole bucket and core technology version
assembly |
edition |
Spring Boot |
3.3.0 |
Spring Cloud |
2023.0.2 |
Spring Cloud Alibaba |
2023.0.1.0 |
Spring Cloud Tencent |
1.14.0-2023.0.0 |
Spring Authorization Server |
1.3.0 |
Spring Boot Admin |
3.2.2 |
Nacos |
2.3.2 |
Sentinel |
1.8.7 |
Seata |
1.7.0 |
Spring family bucket version correspondence, see: Version Description
(2) Relevant technologies involved:
- Persistence layer framework: Spring Data Jpa&Mybatis Plus
- API gateway: Spring Cloud Gateway
- Service Registration&Discovery and Configuration Center: Alibaba Nacos, Tencent Polaris
- Service consumption: Spring Cloud OpenFeign&RestTemplate&OkHttps
- Load balancing: Spring Cloud Loadbalancer
- Service fusing°rading¤t limiting: Alibaba Sentinel, Tencent Polaris
- Service monitoring: Spring Boot Admin
- Message queue: use Spring Cloud message bus Spring Cloud Bus default Kafka to adapt to RabbitMQ
- Link tracking: Skywalking
- Distributed transaction: Seata
- Data cache: JetCache (Redis+Caffeine) multi-level cache
- Database: Postgresql, MySQL, Oracle
- JSON serialization: Jackson&FastJson
- File service: AliCloud OSS/Minio
- Data debugging: p6spy
- Log Center: ELK
- Log collection: Logstash Logback Encoder
(3) Front end engineering technology stack
- Vue 3
- Vite 5
- Pinia
- Typescript 5
- Quasar 2
- Vue-Router 4
- Vueliate
[5] , version and branch
1、 Version number description
The version number of this system is divided into four sections.
- The first and second paragraphs correspond to the Spring Boot version and are changed according to the Spring Boot version adopted. For example, if Spring Boot 2.4.6 is currently used 2.4. Start of X. X
- The third segment indicates the change of system function
- The fourth segment indicates the system function maintenance and optimization
2、 Branch Description
Branch name |
Corresponding to Spring ecological version |
Corresponding JDK version |
purpose |
present situation |
master |
Spring Boot 3.3 and Spring Cloud 2023.0.2 |
JDK 17 |
Main publishing branch |
Code branching is recommended |
develop |
Spring Boot 3.3 and Spring Cloud 2023.0.2 |
JDK 17 |
Development Branch |
New functions and ISSUE are developed in this branch, and PR will be sent to the master branch after release. Development branch is not guaranteed to be available |
reactive-master |
Spring Boot 3.3 and Spring Cloud 2023.0.2 |
JDK 21 |
Responsive Version Main Publishing Branch |
Code branching is recommended |
reactive-develop |
Spring Boot 3.3 and Spring Cloud 2023.0.2 |
JDK 21 |
Responsive Development Branch |
Next generation responsive microservice version development branch. Development branch is not guaranteed to be available |
3.1.X |
Spring Boot 3.1 and Spring Cloud 2022.0. X |
JDK 17 |
History code, no longer maintained |
Based on the code branch developed in the Spring Boot 3.1 era, it is stable, available, and no longer maintained |
2.7.X |
Spring Boot 2.7 and Spring Cloud 2021.0. X |
JDK 8 |
History code, no longer maintained |
Based on the code branch developed in the Spring Boot 2.7 era, it is stable, available, and no longer maintained |
spring-security-oauth2 |
Spring Boot 2.6 and Spring Cloud 2021.0. X |
JDK 8 |
History code, no longer maintained |
The microservice implemented based on the original Spring Security OAuth2 is stable and available. Since relevant components are not maintained, this version is no longer maintained |
[6] Engineering structure
dante-cloud
☆ -- configurations -- configuration file script and unified Docker build context directory
☆ -- dependencies -- Top dependency of engineering Maven, unified control of version and dependency
☆ -- module -- dependent component semi-finished product assembly project
☆ -- dante module common -- Module related module common auxiliary code module
☆ -- dante module metadata -- permission metadata synchronization module
☆ -- dante module social -- social login module
☆ -- dante module strategy -- UAA core data access policy module
☆ -- packages -- basic core starter
☆ -- authorization spring boot starter -- OAuth2 certification foundation starter, mainly used for UAA certification server and single Dante Cloud
☆ -- facility spring boot starter -- infrastructure switch depends on starter
☆ -- service spring boot starter -- Universal Starter for Platform Access Application Services
☆ -- platform -- platform core service
☆ -- dante cloud gateway -- service gateway
☆ -- dante cloud message -- message service
☆ -- dante cloud monitor -- Spring Boot Admin monitoring service
☆ -- dante cloud upms -- unified permission management system service
☆ -- dante cloud uaa -- account management and unified authentication module
☆ -- services -- platform business services
☆ -- dante cloud bpmn ability -- workflow service
☆ -- dante cloud bpmn logic -- workflow basic code package
L -- L -- dante cloud oss probability -- object storage service
[7] Project address
[8] Technical analysis
Dante Cloud Technology Insider High Level Document Column (Cookbook) 。
The objectives of this column are:
- Explained in combination with the author's personal work experience, development experience, technical understanding and Dante Cloud technology implementation
- Covering basic knowledge, principle analysis, high-level use, personal experience, project management, team management and other aspects, try to meet the technical learning needs of friends with different experiences and levels,
- I hope that more friends can quickly master Dante Cloud and related technical content. Even if Dante Cloud is not used in work, the knowledge learned can be applied to other work in the future.
Due to the limited support of the currently used reading products, if you want to purchase the full text of reading, please click the corresponding article link, open it in the computer browser, and then purchase. After purchase, you can read the full text in the applet, otherwise the applet can only read the trial chapters.
More content can be viewed [New Version Document]
[9] Safety test
Dante Cloud has passed the software factory safety test and warranty test conducted by a third party. See: Safety test
[10] Participation and contribution
- Go to your own repo in Gitee fork project
- Clone fork's past projects, that is, your projects, to your local
- Modify the code (remember to modify the development branch)
- Commit code, push to your own library (development branch)
- Log in to Gitee and you can see a pull request button on your home page. Click it, fill in some instructions, and then submit.
- Waiting for maintainer to merge
[11] How to upgrade
Try not to modify the source code of projects other than Dante Cloud, such as Dante Engine and Dante OSS. If it is modified, please pull requests, otherwise the code will not be synchronized with the official code, which may increase the difficulty of your future upgrade.
For each version upgrade, we will attach a detailed update log: https://www.herodotus.cn/others/log/changelog.html 。 Here, you can see what new features and improvements Dante Cloud has added. For versions with large changes and differences, we will load detailed upgrade guidelines: https://www.herodotus.cn/guide/get-start/notices.html 。 Here, you can see the corresponding upgrade methods for different versions of Dante Cloud.
[12] Communication feedback
[13] , Interface Preview
[14] Who is using Dante Cloud
[15] , Acknowledgement
Sponsor List
S/N |
Sponsor |
Sponsorship time |
S/N |
Sponsor |
Sponsorship time |
S/N |
Sponsor |
Sponsorship time |
one |
Silence |
2021-10-25 |
two |
Potato Stealer |
2021-11-24 |
three |
lorron |
2022-04-04 |
four |
In the cloud |
2022-12-26 |
five |
Xi 晽 |
2022-12-27 |
six |
p911gt3rs |
2023-01-03 |
seven |
jacsty |
2023-01-31 |
eight |
hubert_rust |
2023-03-16 |
nine |
Zkey Z |
2023-03-18 |
ten |
Zhiguo Ouba |
2023-03-27 |
eleven |
michael |
2023-04-07 |
twelve |
Uncle | Alley |
2023-04-11 |
thirteen |
sun_left |
2023-04-19 |
fourteen |
Time, sand |
2023-07-06 |
fifteen |
Old Indian Turtle Dove |
2023-09-09 |
sixteen |
A gust of wind |
2023-12-10 |
seventeen |
Jack |
2024-03-01 |
eighteen |
onehelper |
2024-05-24 |
nineteen |
Ning |
2024-05-29 |
twenty |
|
|
twenty-one |
|
|
Open source project
Thanks for the free open source license provided by JetBrains