diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec8957944..870e963ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,3 +39,4 @@
- [feat:add admin http handler.](https://github.com/Tencent/spring-cloud-tencent/pull/1450)
- [feat:upgrade spring cloud 2023 version.](https://github.com/Tencent/spring-cloud-tencent/pull/1451)
- [feat:support concurrency rate limit.](https://github.com/Tencent/spring-cloud-tencent/pull/1455)
+- [feat:support auth.](https://github.com/Tencent/spring-cloud-tencent/pull/1479)
diff --git a/pom.xml b/pom.xml
index cef27d807..5e50af112 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,6 +48,7 @@
spring-cloud-starter-tencent-polaris-circuitbreaker
spring-cloud-starter-tencent-polaris-router
spring-cloud-starter-tencent-polaris-contract
+ spring-cloud-starter-tencent-polaris-auth
spring-cloud-tencent-plugin-starters
spring-cloud-tencent-dependencies
spring-cloud-starter-tencent-all
diff --git a/spring-cloud-starter-tencent-all/pom.xml b/spring-cloud-starter-tencent-all/pom.xml
index 767a25866..a2a5e53f0 100644
--- a/spring-cloud-starter-tencent-all/pom.xml
+++ b/spring-cloud-starter-tencent-all/pom.xml
@@ -54,6 +54,11 @@
com.tencent.cloud
spring-cloud-starter-tencent-trace-plugin
+
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
diff --git a/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java b/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
index c29c48c7b..712a9b9c4 100644
--- a/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
+++ b/spring-cloud-starter-tencent-metadata-transfer/src/main/java/com/tencent/cloud/metadata/core/DecodeTransferMetadataReactiveFilter.java
@@ -97,8 +97,6 @@ public class DecodeTransferMetadataReactiveFilter implements WebFilter, Ordered
TransHeadersTransfer.transfer(serverHttpRequest);
return webFilterChain.filter(serverWebExchange)
- .doOnError(throwable -> LOG.error("handle metadata[{}] error.",
- MetadataContextHolder.get(), throwable))
.doFinally((type) -> MetadataContextHolder.remove());
}
diff --git a/spring-cloud-starter-tencent-polaris-auth/pom.xml b/spring-cloud-starter-tencent-polaris-auth/pom.xml
new file mode 100644
index 000000000..c3fe3df23
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/pom.xml
@@ -0,0 +1,106 @@
+
+
+
+ spring-cloud-tencent
+ com.tencent.cloud
+ ${revision}
+ ../pom.xml
+
+ 4.0.0
+ spring-cloud-starter-tencent-polaris-auth
+ Spring Cloud Starter Tencent Polaris Auth
+
+
+
+
+ com.tencent.cloud
+ spring-cloud-tencent-rpc-enhancement
+
+
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-metadata-transfer
+
+
+
+
+
+ com.tencent.polaris
+ polaris-auth-factory
+
+
+
+ com.tencent.polaris
+ auth-block-allow-list
+
+
+
+ com.tencent.polaris
+ polaris-test-common
+ test
+
+
+
+ com.tencent.polaris
+ polaris-test-mock-discovery
+ test
+
+
+ junit
+ junit
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-starter-webflux
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+
+ org.springframework.boot
+ spring-boot-actuator
+ true
+
+
+
+ org.springframework.boot
+ spring-boot-actuator-autoconfigure
+ true
+
+
+
+ org.mockito
+ mockito-inline
+ test
+
+
+
+ org.mockito
+ mockito-core
+ test
+
+
+
+ net.bytebuddy
+ byte-buddy
+ test
+
+
+
\ No newline at end of file
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java
new file mode 100644
index 000000000..81395d868
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/AuthConfigModifier.java
@@ -0,0 +1,46 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.polaris.context.PolarisConfigModifier;
+import com.tencent.polaris.factory.config.ConfigurationImpl;
+
+/**
+ * Config modifier for auth.
+ *
+ * @author Haotian Zhang
+ */
+public class AuthConfigModifier implements PolarisConfigModifier {
+
+ private final PolarisAuthProperties polarisAuthProperties;
+
+ public AuthConfigModifier(PolarisAuthProperties polarisAuthProperties) {
+ this.polarisAuthProperties = polarisAuthProperties;
+ }
+
+ @Override
+ public void modify(ConfigurationImpl configuration) {
+ configuration.getProvider().getAuth().setEnable(polarisAuthProperties.isEnabled());
+ }
+
+ @Override
+ public int getOrder() {
+ return OrderConstant.Modifier.AUTH_ORDER;
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java
new file mode 100644
index 000000000..7d0da706a
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthAutoConfiguration.java
@@ -0,0 +1,86 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.polaris.auth.filter.AuthReactiveFilter;
+import com.tencent.cloud.polaris.auth.filter.AuthServletFilter;
+import com.tencent.cloud.polaris.context.PolarisSDKContextManager;
+import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration;
+
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import static com.tencent.cloud.polaris.auth.filter.AuthServletFilter.AUTH_FILTER_BEAN_NAME;
+import static jakarta.servlet.DispatcherType.ASYNC;
+import static jakarta.servlet.DispatcherType.ERROR;
+import static jakarta.servlet.DispatcherType.FORWARD;
+import static jakarta.servlet.DispatcherType.INCLUDE;
+import static jakarta.servlet.DispatcherType.REQUEST;
+
+/**
+ * Auto configuration for auth.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@AutoConfigureAfter(PolarisContextAutoConfiguration.class)
+public class PolarisAuthAutoConfiguration {
+
+ /**
+ * Create when web application type is SERVLET.
+ */
+ @Configuration(proxyBeanMethods = false)
+ @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+ protected static class AuthServletFilterConfig {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AuthServletFilter authServletFilter(PolarisSDKContextManager polarisSDKContextManager) {
+ return new AuthServletFilter(polarisSDKContextManager.getAuthAPI());
+ }
+
+ @Bean
+ public FilterRegistrationBean authFilterRegistrationBean(
+ AuthServletFilter authServletFilter) {
+ FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(
+ authServletFilter);
+ registrationBean.setDispatcherTypes(ASYNC, ERROR, FORWARD, INCLUDE, REQUEST);
+ registrationBean.setName(AUTH_FILTER_BEAN_NAME);
+ registrationBean.setOrder(OrderConstant.Server.Servlet.AUTH_FILTER_ORDER);
+ return registrationBean;
+ }
+ }
+
+ /**
+ * Create when web application type is REACTIVE.
+ */
+ @Configuration(proxyBeanMethods = false)
+ @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
+ protected static class AuthReactiveFilterConfig {
+
+ @Bean
+ public AuthReactiveFilter authReactiveFilter(PolarisSDKContextManager polarisSDKContextManager) {
+ return new AuthReactiveFilter(polarisSDKContextManager.getAuthAPI());
+ }
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java
new file mode 100644
index 000000000..3d2f20e83
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthProperties.java
@@ -0,0 +1,39 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * The properties for auth.
+ *
+ * @author Haotian Zhang
+ */
+@ConfigurationProperties("spring.cloud.polaris.auth")
+public class PolarisAuthProperties {
+
+ private boolean enabled = true;
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java
new file mode 100644
index 000000000..adf2412e5
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesAutoConfiguration.java
@@ -0,0 +1,39 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Properties auto configuration of auth.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@EnableConfigurationProperties(PolarisAuthProperties.class)
+public class PolarisAuthPropertiesAutoConfiguration {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AuthConfigModifier authConfigModifier(PolarisAuthProperties polarisAuthProperties) {
+ return new AuthConfigModifier(polarisAuthProperties);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java
new file mode 100644
index 000000000..104ae648d
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/config/PolarisAuthPropertiesBootstrapConfiguration.java
@@ -0,0 +1,34 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+
+/**
+ * Autoconfiguration of auth at bootstrap phase.
+ *
+ * @author Haotian Zhang
+ */
+@Configuration(proxyBeanMethods = false)
+@ConditionalOnProperty("spring.cloud.polaris.enabled")
+@Import(PolarisAuthPropertiesAutoConfiguration.class)
+public class PolarisAuthPropertiesBootstrapConfiguration {
+
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java
new file mode 100644
index 000000000..9c78f88be
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthReactiveFilter.java
@@ -0,0 +1,70 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.filter;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.common.metadata.MetadataContext;
+import com.tencent.cloud.polaris.auth.utils.AuthenticateUtils;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+import reactor.core.publisher.Mono;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.io.buffer.DataBuffer;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+
+import static org.springframework.core.io.buffer.DefaultDataBufferFactory.DEFAULT_INITIAL_CAPACITY;
+
+/**
+ * Reactive filter to authenticate.
+ *
+ * @author Haotian Zhang
+ */
+public class AuthReactiveFilter implements WebFilter, Ordered {
+
+ private final AuthAPI authAPI;
+
+ public AuthReactiveFilter(AuthAPI authAPI) {
+ this.authAPI = authAPI;
+ }
+
+ @Override
+ public int getOrder() {
+ return OrderConstant.Server.Reactive.AUTH_FILTER_ORDER;
+ }
+
+ @Override
+ public Mono filter(ServerWebExchange exchange, WebFilterChain chain) {
+ AuthResponse authResponse = AuthenticateUtils.authenticate(authAPI, MetadataContext.LOCAL_NAMESPACE,
+ MetadataContext.LOCAL_SERVICE, exchange.getRequest().getURI().getPath(), "HTTP",
+ exchange.getRequest().getMethod().name());
+ if (authResponse != null && authResponse.getAuthResult().getCode()
+ .equals(AuthResult.Code.AuthResultForbidden)) {
+ ServerHttpResponse response = exchange.getResponse();
+ response.setRawStatusCode(HttpStatus.FORBIDDEN.value());
+ DataBuffer dataBuffer = response.bufferFactory().allocateBuffer(DEFAULT_INITIAL_CAPACITY);
+ return response.writeWith(Mono.just(dataBuffer));
+ }
+ return chain.filter(exchange);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java
new file mode 100644
index 000000000..9ab896437
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/filter/AuthServletFilter.java
@@ -0,0 +1,67 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.filter;
+
+import java.io.IOException;
+
+import com.tencent.cloud.common.constant.OrderConstant;
+import com.tencent.cloud.common.metadata.MetadataContext;
+import com.tencent.cloud.polaris.auth.utils.AuthenticateUtils;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Servlet filter to authenticate.
+ *
+ * @author Haotian Zhang
+ */
+@Order(OrderConstant.Server.Servlet.AUTH_FILTER_ORDER)
+public class AuthServletFilter extends OncePerRequestFilter {
+
+ /**
+ * Default Filter Registration Bean Name Defined .
+ */
+ public static final String AUTH_FILTER_BEAN_NAME = "authFilterRegistrationBean";
+
+ private final AuthAPI authAPI;
+
+ public AuthServletFilter(AuthAPI authAPI) {
+ this.authAPI = authAPI;
+ }
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+ AuthResponse authResponse = AuthenticateUtils.authenticate(authAPI, MetadataContext.LOCAL_NAMESPACE,
+ MetadataContext.LOCAL_SERVICE, request.getRequestURI(), "HTTP", request.getMethod());
+ if (authResponse != null && authResponse.getAuthResult().getCode()
+ .equals(AuthResult.Code.AuthResultForbidden)) {
+ response.setStatus(HttpStatus.FORBIDDEN.value());
+ return;
+ }
+ filterChain.doFilter(request, response);
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java
new file mode 100644
index 000000000..83fcb462e
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/java/com/tencent/cloud/polaris/auth/utils/AuthenticateUtils.java
@@ -0,0 +1,53 @@
+/*
+ * Tencent is pleased to support the open source community by making spring-cloud-tencent available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.cloud.polaris.auth.utils;
+
+import com.tencent.cloud.common.metadata.MetadataContextHolder;
+import com.tencent.polaris.api.plugin.auth.AuthResult;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.api.rpc.AuthRequest;
+import com.tencent.polaris.auth.api.rpc.AuthResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utils for authenticate.
+ *
+ * @author Haotian Zhang
+ */
+public final class AuthenticateUtils {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AuthenticateUtils.class);
+
+ private AuthenticateUtils() {
+
+ }
+
+ public static AuthResponse authenticate(AuthAPI authAPI, String namespace, String service, String path, String protocol, String method) {
+ // build auth request
+ AuthRequest authRequest = new AuthRequest(namespace, service, path, protocol, method, MetadataContextHolder.get());
+
+ try {
+ return authAPI.authenticate(authRequest);
+ }
+ catch (Throwable throwable) {
+ LOG.error("fail to invoke authenticate of AuthAPI with AuthRequest[{}].", authRequest, throwable);
+ return new AuthResponse(new AuthResult(AuthResult.Code.AuthResultOk));
+ }
+ }
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json
new file mode 100644
index 000000000..f071a15b2
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -0,0 +1,10 @@
+{
+ "properties": [
+ {
+ "name": "spring.cloud.polaris.auth.enabled",
+ "type": "java.lang.Boolean",
+ "defaultValue": true,
+ "description": "Enable polaris auth or not."
+ }
+ ]
+}
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories
new file mode 100644
index 000000000..7cb82fb0c
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring.factories
@@ -0,0 +1,2 @@
+org.springframework.cloud.bootstrap.BootstrapConfiguration=\
+ com.tencent.cloud.polaris.auth.config.PolarisAuthPropertiesBootstrapConfiguration
diff --git a/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 000000000..5c6ccbddf
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-auth/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,2 @@
+com.tencent.cloud.polaris.auth.config.PolarisAuthPropertiesAutoConfiguration
+com.tencent.cloud.polaris.auth.config.PolarisAuthAutoConfiguration
diff --git a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
index 9146986d0..39a28ab89 100644
--- a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
+++ b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/constant/OrderConstant.java
@@ -90,10 +90,15 @@ public class OrderConstant {
*/
public static final int ENHANCED_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ /**
+ * Order of auth filter.
+ */
+ public static final int AUTH_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 11;
+
/**
* Order of rate-limit filter.
*/
- public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 12;
}
/**
@@ -110,10 +115,15 @@ public class OrderConstant {
*/
public static final int ENHANCED_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ /**
+ * Order of auth filter.
+ */
+ public static final int AUTH_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 11;
+
/**
* Order of rate-limit filter.
*/
- public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 10;
+ public static final int RATE_LIMIT_FILTER_ORDER = Ordered.HIGHEST_PRECEDENCE + 12;
}
}
@@ -157,6 +167,11 @@ public class OrderConstant {
*/
public static Integer RATE_LIMIT_ORDER = 2;
+ /**
+ * Order of auth configuration modifier.
+ */
+ public static Integer AUTH_ORDER = 2;
+
/**
* Order of config configuration modifier.
*/
diff --git a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
index 5d6887433..d3a27fcea 100644
--- a/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
+++ b/spring-cloud-tencent-commons/src/main/java/com/tencent/cloud/common/metadata/MetadataContextHolder.java
@@ -165,10 +165,10 @@ public final class MetadataContextHolder {
}
}
// caller disposable metadata to caller custom disposable metadata
- MetadataContainer metadataContainerDownstream = metadataManager.getMetadataContainer(MetadataType.CUSTOM, true);
+ MetadataContainer metadataContainerDownstream = metadataManager.getMetadataContainer(MetadataType.CUSTOM, false);
if (!CollectionUtils.isEmpty(dynamicDisposableMetadata)) {
for (Map.Entry entry : dynamicDisposableMetadata.entrySet()) {
- metadataContainerDownstream.putMetadataStringValue(entry.getKey(), entry.getValue(), TransitiveType.DISPOSABLE);
+ metadataContainerDownstream.putMetadataStringValue(entry.getKey(), entry.getValue(), TransitiveType.NONE);
}
}
// caller application metadata to caller application disposable metadata
diff --git a/spring-cloud-tencent-coverage/pom.xml b/spring-cloud-tencent-coverage/pom.xml
index 8481f826b..f3fa076f1 100644
--- a/spring-cloud-tencent-coverage/pom.xml
+++ b/spring-cloud-tencent-coverage/pom.xml
@@ -69,6 +69,11 @@
spring-cloud-starter-tencent-polaris-contract
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
+
com.tencent.cloud
spring-cloud-starter-tencent-discovery-adapter-plugin
@@ -83,11 +88,11 @@
com.tencent.cloud
spring-cloud-tencent-gateway-plugin
-
+
com.tencent.cloud
spring-cloud-tencent-lossless-plugin
-
+
diff --git a/spring-cloud-tencent-dependencies/pom.xml b/spring-cloud-tencent-dependencies/pom.xml
index d4cf72d3e..81bc748e9 100644
--- a/spring-cloud-tencent-dependencies/pom.xml
+++ b/spring-cloud-tencent-dependencies/pom.xml
@@ -162,6 +162,12 @@
${revision}
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+ ${revision}
+
+
com.tencent.cloud
spring-cloud-starter-tencent-all
diff --git a/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml b/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
index aa82baace..a8e3dedee 100644
--- a/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
+++ b/spring-cloud-tencent-examples/tsf-example/provider-demo/pom.xml
@@ -32,6 +32,11 @@
spring-cloud-starter-tencent-polaris-ratelimit
+
+ com.tencent.cloud
+ spring-cloud-starter-tencent-polaris-auth
+
+
org.springframework.boot
spring-boot-starter-web
diff --git a/spring-cloud-tencent-polaris-context/pom.xml b/spring-cloud-tencent-polaris-context/pom.xml
index acfb7f741..491ef31b9 100644
--- a/spring-cloud-tencent-polaris-context/pom.xml
+++ b/spring-cloud-tencent-polaris-context/pom.xml
@@ -135,6 +135,11 @@
+
+ com.tencent.polaris
+ polaris-auth-factory
+
+
com.tencent.polaris
polaris-client
diff --git a/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java b/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
index dddf5abe4..92f3cb92c 100644
--- a/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
+++ b/spring-cloud-tencent-polaris-context/src/main/java/com/tencent/cloud/polaris/context/PolarisSDKContextManager.java
@@ -30,6 +30,8 @@ import com.tencent.polaris.api.core.ProviderAPI;
import com.tencent.polaris.api.utils.CollectionUtils;
import com.tencent.polaris.assembly.api.AssemblyAPI;
import com.tencent.polaris.assembly.factory.AssemblyAPIFactory;
+import com.tencent.polaris.auth.api.core.AuthAPI;
+import com.tencent.polaris.auth.factory.AuthAPIFactory;
import com.tencent.polaris.circuitbreak.api.CircuitBreakAPI;
import com.tencent.polaris.circuitbreak.factory.CircuitBreakAPIFactory;
import com.tencent.polaris.client.api.SDKContext;
@@ -64,6 +66,7 @@ public class PolarisSDKContextManager {
private volatile static RouterAPI routerAPI;
private volatile static CircuitBreakAPI circuitBreakAPI;
private volatile static LimitAPI limitAPI;
+ private volatile static AuthAPI authAPI;
private volatile static AssemblyAPI assemblyAPI;
private final PolarisContextProperties properties;
private final Environment environment;
@@ -117,6 +120,12 @@ public class PolarisSDKContextManager {
limitAPI = null;
}
+ // destroy AuthAPI
+ if (Objects.nonNull(authAPI)) {
+ ((AutoCloseable) authAPI).close();
+ authAPI = null;
+ }
+
// destroy AssemblyAPI
if (Objects.nonNull(assemblyAPI)) {
((Destroyable) assemblyAPI).destroy();
@@ -198,6 +207,11 @@ public class PolarisSDKContextManager {
return limitAPI;
}
+ public AuthAPI getAuthAPI() {
+ initService();
+ return authAPI;
+ }
+
public AssemblyAPI getAssemblyAPI() {
return assemblyAPI;
}
@@ -254,6 +268,9 @@ public class PolarisSDKContextManager {
// init LimitAPI
limitAPI = LimitAPIFactory.createLimitAPIByContext(serviceSdkContext);
+ // init AuthAPI
+ authAPI = AuthAPIFactory.createAuthAPIByContext(serviceSdkContext);
+
// init AssemblyAPI
assemblyAPI = AssemblyAPIFactory.createAssemblyAPIByContext(serviceSdkContext);