Dante Cloud It is an enterprise-level microservice architecture and service capability development platform. The first version fully embracing Spring Authorization Server, a multi-tenant system developed based on the latest versions of Spring Authorization Server 0.4.0, Spring Boot 2.7.8, Spring Cloud 2021.0.5, Spring Cloud Alibaba 2021.0.4.0, Nacos 2.2.0, etc. Following the SpringBoot programming idea, it is highly modular and configurable.It has functions such as service discovery, configuration, circuit breaking, current limiting, downgrading, monitoring, multi-level caching, distributed transactions, and workflow
platform positioning
- Build a mature, complete, comprehensive, OAuth2.1-based microservice architecture solution with front-end and back-end separation.
- Designed and developed for enterprise-level applications and Internet applications, it not only takes into account the micro-service of traditional projects, but also meets the needs of Internet application development and construction, and rapid iteration.
- The platform architecture is built using various emerging technologies or mainstream technologies related to the microservice field and its surroundings, which is a sharp tool to help quickly cross the stage of architecture technology selection and research and exploration.
- The code is concise and standardized, and the structure is reasonable and clear. It is a typical and comprehensive case of new technology development and application, and helps developers learn and master emerging technologies.
[1]why the name was changed to Dante Cloud
Dante Cloud (Dante), original project name Eurynome Cloud, Many friends have reported that the name is too long, difficult to read, and difficult to remember.Therefore after joining Dromara On the occasion of the open source community, the name was changed.
Dantethat is, Dante Alighieri (AD 1265-AD 1321), an Italian poet at the end of the 13th century, the founder of modern Italian, and one of the pioneering figures in the European Renaissance era. “Comedy”) is famous, and later a writer named Boccaccio named it sacred comedy.
He is considered the greatest poet of the Italian Renaissance in the Middle Ages, one of the most outstanding poets in the West, and one of the greatest writers. Engels commented: “The end of the feudal Middle Ages and the beginning of the modern capitalist era are marked by a great figure. This figure is the Italian Dante. He is the last poet of the Middle Ages. the first poet of
The name was changed to Dante Cloud, implying that this project will be like Engels’ evaluation of Dante. In the period of industry change, it can become a link between the past and the future, and help the transformation of enterprise information construction.
[2]release notes
Since November 24, new versions such as Spring Boot 3.0 and Spring Cloud 2022.0.0 were released, and the entire Java community has also entered a new era of Java 17 and Spring Boot 3. Keeping up with the development of Java technology and the Spring community, more new features with better quality and better performance can serve the actual development work. Dante Cloud also upgrades and adapts synchronously. Spring Boot 3.0.2, Spring Cloud 2022.0.0, Spring Cloud Alibaba 2022.0.0.0-RC1, Spring Cloud Tencent 1.8.4-2022.0.0, Nacos 2.2.1-RC The new Dante Cloud 3.0.2.0 version.For attention, please move to the 3.0 branch
[3]the content of this update
- 【major update】
- [升级] Spring Boot version upgrade to 2.7.8
- [重构] Restructure the module structure of the Athena project, simplify the multi-module structure of the project, delete redundant and exemplary structures, and make the purpose and meaning of each module more concise and clear
- 【other updates】
- [新增] For a certain type of interface whose permission verification is not strict, a new permission verification policy is added that only verifies whether it is authenticated or not, and does not verify authorization, so as to improve the flexibility of permission verification and reduce the workload of permission configuration maintenance.
- [新增] Permission verification policy configuration that only verifies whether it is authenticated or not, and does not verify authorization
- [修复] Fix the potential security problem that the permission cache data is lost and the interface request will skip the permission verification in extreme cases.
- [修复] Fix the io.netty.util.internal.OutOfDirectMemoryError problem after Spring Cloud Gateway runs for a long time.
- [优化] Set the default WebSocket connection address to permitAll permission, skip resource server detection, and the WebSocket module will perform permission verification independently.
- [优化] Based on the latest version of axios typescript definition, optimize the front-end @herodotus/core module axios core code to avoid type verification errors during compilation.
- 【Dependency update】
- [升级] Jetcache version upgrade to 2.7.3
- [升级] tencentcloud-sdk-java-sms version upgrade to 3.1.681
- [升级] Alipay-sdk-java version upgraded to 4.35.37.ALL
[4]、Dante Cloud 2.7.X features
1. Front end
- It does not use any popular open source templates, uses a new technology stack, and completely “handwritten” a new front-end project.
- Drawing on the use and design of popular open source versions, the new front-end interface style and operating habits are as consistent as possible with the current popular methods.
- Make full use of Typescript language features, solve a large number of type verification problems, and avoid the “any” type of Typescript programming language usage as much as possible.
- Make full use of new features of the Vue3 framework such as Composition Api and Hooks for code writing.
- Make full use of Component, Hooks, and Typescript object-oriented features to extract common components and code, and reduce engineering duplication as much as possible.
- Encapsulate many Quasar basic components and application function components to facilitate unified modification, maintenance and development of the code.
- In the production mode, the in-depth performance optimization of Vite3-based project packaging is carried out.
- Provide containerized packaging and deployment of engineering production code in the docker-compose mode.
- Support password mode, authorization code mode, SMS mode, third-party socialization and other login modes.
Two, the back end
based on Spring Authorization Server
Deep customization and extension:
based on
Spring Authorization Server
andSpring Data JPA
Realize the multi-tenant system architecture and support two modes of Database and Schema.based on
Spring Data JPA
,rebuildSpring Authorization Server
The basic data storage code replaces the original JDBC data access method and breaks theSpring Authorization Server
The original data storage limitation has been extended to a method and design that is more in line with practical applications.based on
Spring Authorization Server
based on the OAuth 2.1 specification, add customResource Ownership Password
(Password) authentication mode, to be compatible with existing OAuth 2-based applications with front-end and back-end separation, and support the use of Refresh Token.based on
Spring Authorization Server
based on the OAuth 2.1 specification, add customSocial Credentials
(Social login) authentication mode, supports SMS verification code, WeChat applet, third-party application login based on JustAuth, and supports the use of Refresh Token.expand
Spring Authorization Server
defaultClient Credentials
mode, implementClient Credentials
The mode supports the use of Refresh Token.expand
Spring Authorization Server
defaultClient Credentials
Mode, to realize the real verification of the interface by using the Scope authority.Increase the permission configuration function of client Scope and decouple it from the existing user permission systemsupport
Spring Authorization Server
Authorization Code PKCE
authentication modesupport
Spring Authorization Server
In addition to the standard JWT Token encryption verification method, a JWT Token encryption verification method based on a custom certificate is added, which can be dynamically modified through configuration.Support Opaque Token (opaque token) format and verification method, which will reduce the risk of JWT Token being captured and analyzed. You can set the default Token format to be Opaque Token or JWT Token by modifying configuration parameters.
Fully supports the OpenID Connect (OIDC) protocol, when the system is in use, the OIDC mode and the traditional OAuth2 mode can be quickly switched through the front-end switch configuration according to the usage requirements
depth extension
Authorization Code
,Resource Ownership Password
,Social Credentials
Several modes fully integrate IdToken, Opaque Token, JWT Token and the existing permission system, and provide IdToken and custom Token extensions to transfer user information without secondary requests, reducing frequent requests for user information.customize
Spring Authorization Server
Authorization code mode login authentication page and authorization confirmation page, authorization code mode login adopts encrypted data transmission. Multiple types of verification codes are supported, but behavioral verification codes are not supported for now.- Based on JetCache’s multi-level cache support, realize customization
Spring Data JPA
The second-level cache effectively solves the Spring Cache query cache update problem. - fully integrated
@PreAuthorize
Annotation permissions andURL
Permissions are dynamically configured through the backend and do not need to be configured in codeSpring Security
Permission annotations and permission methods can realize interface authentication and dynamic modification of permissions.Adopt a distributed authentication scheme to avoid the pressure of Gateway unified authentication and the problem of repeated authentication - Adopt distributed service independent authentication scheme,
Spring Security
@PreAuthorize
Permission annotations, permission methods, andURL
Permissions are dynamically distributed to corresponding services in real time after being dynamically configured through the backend. OAuth2
UserDetails
Core Data supports direct database acquisition andFeign
There are two modes of remote calling.OAuth2
The performance of the direct connection database mode is better,Feign
Access to remote calls is more scalable. The policy mode can be dynamically modified through configuration.- Based on the custom Session, mixed national secret SM2 (asymmetric) and SM4 (symmetric encryption) algorithms, the secret key is dynamically generated and encrypted for transmission. Utilize the “one person one code mechanism” to realize dynamic encrypted transmission of password mode login data.Cooperate
OAuth2 Client
Verify and protect the rationality and security of interface calls and front-end and back-end data transmission.
[5]interface preview
1. Community vision
Let every open source enthusiast experience the joy of open source.
2. Community official website
https://dromara.org is the official website of the Dromara open source community.
3. Member projects
#Dante #Cloud #released #Spring #Boot #version #upgraded #News Fast Delivery