Simple and elegant, stable and efficient | Quiet and far reaching, keep improving

Enterprise level microservice architecture based on Spring Authorization Server and new adaptation to OAuth 2.1 protocol

Github warehouse   |   Gitee warehouse   |   Legacy Documents New Version Document

If you find it helpful, please click "Star" in the upper right corner to support it. Thank you!

Important notes

In order to protect the rights and interests of authors, the following explanations are made due to frequent changes in package names, deletion of copyright information of authors, and secondary open source:

1. Since the Dante Cloud project started in version 3.3. X, the open source protocol has been changed to AGPL 3.0.
2. From June 1, 2024, the Dante Engine project will be closed permanently and will not be opened again. This will not affect the use. The code will be continuously updated and uploaded to the central warehouse, which can be viewed through source.jar.
3. If you need to modify Dante Engine code for your own use, you can [Message Registration] , contact the author to open the private database.
4. Commercial Dante Cloud and related projects, whether blocky or responsive, need to apply for authorization. Click [Learn more]

Enterprise level technology platform microservice architecture and service capability development and management platform

Dante Cloud It is the first microservice supporting blocking and responsive integration in China. With " High quality code, low security vulnerabilities "As the core, It adopts the design idea of domain driven model (DDD) and is completely based on the Spring ecological global open source technology and OAuth2.1 protocol, supporting the authentication of intelligent TV, IoT and other IoT devices , satisfied National three-level insurance requirements Support interface Encryption and decryption of national secret digital envelope , anti brushing, advanced anti XSS, SQL injection and other security systems Multi tenant microservice solution 。

location

• Build a mature, complete and comprehensive microservice architecture solution based on OAuth2.1 with front and rear end separation.
• The design and development of enterprise level applications and Internet applications not only take into account the micro service of traditional projects, but also meet the needs of Internet application development and construction and rapid iteration.
• The platform architecture is built using various emerging technologies or mainstream technologies related to the microservice field and its surrounding areas, which is a sharp tool to help quickly cross the architecture technology selection, research and exploration stages.
• The code is concise and standard, and the structure is reasonable and clear. It is a typical and comprehensive case of new technology development and application, helping developers learn and master emerging technologies.

Dante Cloud Responsive Version Feature

• Spring Boot Upgraded to 3.3.0
• Spring Authorization Server Upgraded to 1.3.0
• Fully adopt Java 21, and enable virtual threads by default to improve the processing of blocking operations and reduce the consumption of system resources
• Support traditional Blocking type Micro service and based on Reactor and WebFlux Of Responsive Microservices run in a set of systems at the same time
• Not mandatory Responsive It can be developed in a flexible way according to the requirements of its own project for resource throughput, resource consumption, and special function performance guarantee Responsive still Blocking type To develop corresponding services.
• Keeping the original Dante Cloud Spring Authorization Server On the premise of various features of deep expansion Responsive The dynamic authentication of the service is fully integrated with the existing system (no need to use it in the code @PreAuthorize Write dead permission, all through the background dynamic management)
• Transition to "reactive programming" based on Reactor Reconstruct a large number of core codes to further improve the code quality and operation efficiency of the system
• Re structure all core component modules, further reduce the coupling of each module, reduce the dependence depth of third-party components, simplify the complexity of using each module, use the official writing method closer to Spring Boot ecology, and improve the pluggable and Responsive and Blocking type Adaptability of automatic configuration in different environments
• realization Responsive and Blocking type The perfect integration of different types of services, session sharing systems and custom session systems (who says microservices must not use Session:).
• newly added GRPC Inter service invocation and communication mode, system core inter service invocation support OpenFeign and GRPC Two methods can be switched by modifying the configuration.
• be based on RSocket Full rewrite WebSocket Message system, implementing WebSocket Of Responsive Modification and RSocket Comprehensive integration with Spring Security system. Support multi instance, cross service private messages and broadcasts
• Add OAuth2 independent client, which can be used for client dynamic registration and authorization code mode
• New based on Loki + Grafana The ecological lightweight log center and link tracking solution uses OSS as data storage, greatly reducing resource requirements. It can be used as an alternative to the original Skywalking and ELK heavyweight systems, and can be switched according to actual needs.
• Open the function of pure handwritten dynamic form. It can realize the concatenation of BPMN, dynamic form and Camunda process engine, and realize the operation of workflow (only simple workflow is supported at present)
• Open BPMN online designer function including custom property panel.
• Open the authentication and management module of IoT devices to support the communication and management of IoT devices based on Emqx.
• Open third-party OpenApi packaging modules such as Alibaba Cloud content audit, Baidu OCR, Huanxin, Emqx, Tianyancha, Nacos, PolarisMash, etc
• The front-end project supports Docker operation, and related parameters can be modified by configuring environment variables. It has been uploaded to the Docker Hub and can be downloaded and run directly.

Dante Cloud 3. X Features

1. The core foundation relies on convenient switching

• newly added Spring Cloud Tencent and Spring Cloud Two kinds of infrastructure support, such as native microservice and whole bucket.
• newly added Spring Cloud Alibaba 、 Spring Cloud Tencent and Spring Cloud The three basic settings of the native microservice bucket can be switched to Alibaba, Tencent, Spring and other infrastructure environments in a relatively convenient way. It can be selected according to its own actual needs, and is no longer limited to running in a certain infrastructure environment.

two Spring Authorization Server Full feature support and expansion

• be based on Spring Authorization Server and Spring Data JPA It implements multi tenant system architecture and supports Database and Schema modes.
• be based on Spring Data JPA , Rebuild Spring Authorization Server Basic data storage code, replacing the original JDBC data access method, and breaking Spring Authorization Server The original data storage limitations are expanded to more practical application methods and designs.
• be based on Spring Authorization Server On the basis of OAuth 2.1 specification, add customization Resource Ownership Password (Password) authentication mode, which is compatible with the existing OAuth 2 based, front end and back end separated applications, supports Refresh Token Use of.
• be based on Spring Authorization Server On the basis of OAuth 2.1 specification, add customization Social Credentials (Social login) authentication mode, supporting SMS verification code, WeChat applet JustAuth Third-party application login of, support Refresh Token Use of.
• extend Spring Authorization Server default Client Credentials Mode to realize the real use of Scope permission to verify the interface. Add the permission configuration function of the client scope and decouple it from the existing user permission system
• support Spring Authorization Server Authorization Code PKCE Authentication mode
• stay Spring Authorization Server Standard JWT Token In addition to encryption verification mode, it supports JWT Token The encryption verification method can be dynamically modified through configuration.
• support Opaque Token (opaque token) format and verification method, reducing JWT Token Risk of being captured and resolved. By modifying the configuration parameters, you can set the default token format to be Opaque Token Format or JWT Token Format.
• Full support OpenID Connect (OIDC) protocol, the system can quickly switch between OIDC mode and traditional OAuth2 mode through front-end switch configuration according to the use demand
• Deep expansion Authorization Code 、 Resource Ownership Password 、 Social Credentials Comprehensive integration of several modes IdToken 、 Opaque Token 、 JWT Token With the existing authority system IdToken And custom token extension are two user information transmission methods that do not require a second request to reduce frequent user information requests.
• custom Spring Authorization Server The authorization code mode login authentication page and authorization confirmation page, and the authorization code mode login adopts data encryption transmission. Multiple verification code types are supported, but behavior verification codes are not supported for the time being.
• New based on Spring Authorization Server , supporting authentication modes of intelligent TV, IoT and other IoT devices
• No need to configure in code Spring Security Permission annotation and permission method can realize interface authentication and dynamic modification of permissions. The distributed authentication scheme is adopted to avoid the pressure of unified authentication and repeated authentication of the Gateway
• OAuth2 UserDetails core data supports two modes: direct database acquisition and Feign remote call. The OAuth2 direct connection database mode has better performance, and the scalability of Feign access remote calls is stronger. The policy mode can be adopted through configuration dynamic modification.

3. Integration of all systematic applications and development features

• The whole system session sharing of microservice architecture realizes the unification of Spring Authorization Server, multi instance service, WebSocket, custom session and large front-end session. Sessions under the microservice architecture can be used, but not without 。
• Mixed national secrets SM2 (asymmetric) and SM4 (Symmetric encryption) algorithm, which realizes the dynamic generation and encryption transmission of secret key based on digital envelope technology. The "one person, one code" mechanism is used to realize the dynamic encryption transmission of front and rear data. Spring Authorization Server OAuth 2.1 authorization mode is deeply integrated to build a unified system of data transmission encryption.
• Comprehensive integration @PreAuthorize Annotation permission and URL Permissions are dynamically configured through the backend, without configuring in the code Spring Security Permission annotation and permission method can realize unified management and dynamic modification of interface authentication and permission
• Integrate Spring Cloud Stream and WebSocket, and realize the point-to-point, broadcast message cross instance push, online user real-time statistics in an elegant way under the multi instance environment of WebSocket service, perfectly supporting WebSocket cluster applications.
• Draw lessons from the standardized design idea of JPA, extract and abstract OSS standardized operations, and form a unified Java OSS API specification. Encapsulates a unified REST API that can operate from any manufacturer, builds an application mode that defines a unified and dynamic implementation (similar to Hibernate, an implementation of JPA, and Hibernate supports different databases in the Dialect way), and implements seamless switching and migration of OSS by modifying the configuration without modifying the code
• Self developed based on JetCache Distributed two-level cache, perfectly realizing JPA Hibernate two-level cache, supporting various query data caches and JPA @ManyToMany ， @ManyToOne And other related queries. Perfect solution to the problems that Spring Cache only uses local cache, creating keys is tedious, and paging data cannot be updated. Support multi instance service local cache and remote cache data synchronization, and support Mybatis Plus L2 cache
• The platform unifies error handling, supports user-defined error code system, and integrates effectively OAuth2 、 Spring Validation And organically integrate HTTP status codes. Customizer mode and error code automatic calculation and creation mode are adopted to support flexible definition and extension of error codes at code module level. The response results are more diverse and flexible, and the feedback results are more user-friendly, which is easy to understand and locate the problem.
• The whole system of OkHttp and HttpClient is integrated in a unified way, realizing the integration of OkHttp and HttpClient with RestTemplate and Openfeign. Use Feign configuration parameters uniformly to set parameters for OkHttp and HttpClient. You can strategically select OkHttp or HttpClient as the basic HttpClient for RestTemplate and Openfeign

4. Adoption pnpm monorepo Reconstruct front end

• It does not use any popular open source template, uses a new technology stack, and completely "writes" a new front-end project.
• By referring to the use and design of popular open source versions, the new front-end interface style and operation habits should be as consistent as possible with the current popular way.
• Fully use the features of the Typescript language, solve a large number of type verification problems, and try to avoid the "any" type of use of the Typescript programming language.
• Fully use the new features of Vue3 framework such as Composition Api and Hooks for coding.
• Make full use of Component, Hooks, Typescript and other object-oriented features to extract common components and code, and minimize duplication of engineering code.
• Encapsulates many Quasar basic components and application function components to facilitate the unified modification, maintenance, development and use of code.
• In the production mode, the in-depth performance optimization of project packaging based on Vite3 is carried out.
• It provides container packaging and deployment of engineering production code in docker compose mode.
• This version is based on pnpm and uses the monorepo mode to reconstruct the front-end project. Build the front end of the Monorepo version to pave the way for expanding more functions and adding application level functions
• Extract utils, components, apis, bpmn designer and other related codes to form a shared module.
• The shared module has been optimized and configured, and can be compiled into independent components, which can be released separately in the form of components.
• The code is maintained and developed separately in the form of shared modules to reduce the complexity of existing engineering code and facilitate the extension of subsequent functions and code reuse.

[1] Open source agreement

[2] Overall architecture

Some function demos are being added step by step

(1) Method level dynamic permission

(2) Minio Console uses Dante Cloud login authentication

(3) Service call chain monitoring

[3] Function introduction

See online documentation for details

[4] , technical stack and version description

(1) Spring whole bucket and core technology version

Spring family bucket version correspondence, see: Version Description

(2) Relevant technologies involved:

• Persistence layer framework: Spring Data Jpa&Mybatis Plus
• API gateway: Spring Cloud Gateway
• Service Registration&Discovery and Configuration Center: Alibaba Nacos, Tencent Polaris
• Service consumption: Spring Cloud OpenFeign&RestTemplate&OkHttps
• Load balancing: Spring Cloud Loadbalancer
• Service fusing&degrading&current limiting: Alibaba Sentinel, Tencent Polaris
• Service monitoring: Spring Boot Admin
• Message queue: use Spring Cloud message bus Spring Cloud Bus default Kafka to adapt to RabbitMQ
• Link tracking: Skywalking
• Distributed transaction: Seata
• Data cache: JetCache (Redis+Caffeine) multi-level cache
• Database: Postgresql, MySQL, Oracle
• JSON serialization: Jackson&FastJson
• File service: AliCloud OSS/Minio
• Data debugging: p6spy
• Log Center: ELK
• Log collection: Logstash Logback Encoder

(3) Front end engineering technology stack

• Vue 3
• Vite 5
• Pinia
• Typescript 5
• Quasar 2
• Vue-Router 4
• Vueliate

[5] , version and branch

1、 Version number description

The version number of this system is divided into four sections.

• The first and second paragraphs correspond to the Spring Boot version and are changed according to the Spring Boot version adopted. For example, if Spring Boot 2.4.6 is currently used 2.4. Start of X. X
• The third segment indicates the change of system function
• The fourth segment indicates the system function maintenance and optimization

2、 Branch Description

[6] Engineering structure

 dante-cloud
 ☆ -- configurations -- configuration file script and unified Docker build context directory
 ☆ -- dependencies -- Top dependency of engineering Maven, unified control of version and dependency
 ☆ -- module -- dependent component semi-finished product assembly project
 ☆ -- dante module common -- Module related module common auxiliary code module
 ☆ -- dante module metadata -- permission metadata synchronization module
 ☆ -- dante module social -- social login module
 ☆ -- dante module strategy -- UAA core data access policy module
 ☆ -- packages -- basic core starter
 ☆ -- authorization spring boot starter -- OAuth2 certification foundation starter, mainly used for UAA certification server and single Dante Cloud
 ☆ -- facility spring boot starter -- infrastructure switch depends on starter
 ☆ -- service spring boot starter -- Universal Starter for Platform Access Application Services
 ☆ -- platform -- platform core service
 ☆ -- dante cloud gateway -- service gateway
 ☆ -- dante cloud message -- message service
 ☆ -- dante cloud monitor -- Spring Boot Admin monitoring service
 ☆ -- dante cloud upms -- unified permission management system service
 ☆ -- dante cloud uaa -- account management and unified authentication module
 ☆ -- services -- platform business services
 ☆ -- dante cloud bpmn ability -- workflow service
 ☆ -- dante cloud bpmn logic -- workflow basic code package
 L -- L -- dante cloud oss probability -- object storage service

[7] Project address

• Back end main project address: https://gitee.com/dromara/dante-cloud
• Example project address of back-end monomer version: https://gitee.com/herodotus/dante-cloud-athena
• Front end project address: https://gitee.com/herodotus/dante-cloud-ui

[8] Technical analysis

Dante Cloud Technology Insider High Level Document Column (Cookbook) 。

The objectives of this column are:

• Explained in combination with the author's personal work experience, development experience, technical understanding and Dante Cloud technology implementation
• Covering basic knowledge, principle analysis, high-level use, personal experience, project management, team management and other aspects, try to meet the technical learning needs of friends with different experiences and levels,
• I hope that more friends can quickly master Dante Cloud and related technical content. Even if Dante Cloud is not used in work, the knowledge learned can be applied to other work in the future.

Due to the limited support of the currently used reading products, if you want to purchase the full text of reading, please click the corresponding article link, open it in the computer browser, and then purchase. After purchase, you can read the full text in the applet, otherwise the applet can only read the trial chapters.

S/N	Article Title	pay	explain	Scan code to read
one	Suggestions on Dante Cloud and related knowledge learning methods and learning paths V2	Free Admission
two	Deep analysis of Scope and Role in OAuth 2	Paid, with trial chapters	Exclusive throughout the network, in-depth analysis of the concepts and principles of Scope and Role in OAuth2 protocol and various components of Spring Security ecology, as well as their applications in actual combat
three	Automatic configuration and injection sequence control of Spring Boot 3	Paid, with trial chapters	Key knowledge points of Spring ecology, master the key switches to enter microservices
four	Session sharing and consistency processing of Spring Cloud	Paid, with trial chapters	Analyze the technical difficulties of microservice architecture session sharing in simple terms
five	Authentication and dynamic interface authentication in OAuth 2	Paid, with trial chapters	Follow the Dante Cloud source code to fully grasp the principles and implementation of Spring Security 5&6 and OAuth2 based microservice dynamic interface authentication
six	Detailed explanation of the parameter transfer method of the Rest interface of Spring Boot 3	Paid, with trial chapters	This article gives you a thorough understanding of the "correct opening method" of various parameter transfer methods and methods of Spring Boot Rest“

More content can be viewed [New Version Document]

[9] Safety test

Dante Cloud has passed the software factory safety test and warranty test conducted by a third party. See: Safety test

[10] Participation and contribution

1. Go to your own repo in Gitee fork project
2. Clone fork's past projects, that is, your projects, to your local
3. Modify the code (remember to modify the development branch)
4. Commit code, push to your own library (development branch)
5. Log in to Gitee and you can see a pull request button on your home page. Click it, fill in some instructions, and then submit.
6. Waiting for maintainer to merge

[11] How to upgrade

Try not to modify the source code of projects other than Dante Cloud, such as Dante Engine and Dante OSS. If it is modified, please pull requests, otherwise the code will not be synchronized with the official code, which may increase the difficulty of your future upgrade.

For each version upgrade, we will attach a detailed update log: https://www.herodotus.cn/others/log/changelog.html 。 Here, you can see what new features and improvements Dante Cloud has added. For versions with large changes and differences, we will load detailed upgrade guidelines: https://www.herodotus.cn/guide/get-start/notices.html 。 Here, you can see the corresponding upgrade methods for different versions of Dante Cloud.

[12] Communication feedback

• See [Online Document] Exchange feedback section.

[13] , Interface Preview

[14] Who is using Dante Cloud

[15] , Acknowledgement

Sponsor List

Open source project

• Soybean Admin
• Vue Next Admin
• Vue VBen Admin
• Quasar Admin Template

Thanks for the free open source license provided by JetBrains