Skip to content

配置参考

CoSec 使用 Spring Boot 的 @ConfigurationProperties 机制实现类型安全的配置。所有属性都以 cosec. 为前缀,由 CoSec.COSEC_PREFIX 常量定义(cosec-api/src/main/kotlin/me/ahoo/cosec/api/CoSec.kt:22)。

配置层次结构

下图展示了配置结构以及属性组之间的关系:

mermaid
flowchart TD
    ROOT["cosec.*"] --> MAIN["cosec.enabled"]
    ROOT --> JWT["cosec.jwt.*"]
    ROOT --> AUTHN["cosec.authentication.*"]
    ROOT --> AUTHZ["cosec.authorization.*"]
    ROOT --> IP2R["cosec.ip2region.*"]
    ROOT --> OPENAPI["cosec.openapi.*"]
    ROOT --> SOCIAL["cosec.social.*"]
    ROOT --> INJECT["cosec.inject-security-context.*"]

    AUTHZ --> LP["authorization.local-policy.*"]
    AUTHZ --> CACHE["authorization.cache.*"]
    AUTHZ --> GW["authorization.gateway.*"]

    JWT --> TV["jwt.token-validity.*"]
    CACHE --> CP["cache.policy.*"]
    CACHE --> CR["cache.role.*"]

    style ROOT fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style MAIN fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style JWT fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style AUTHN fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style AUTHZ fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style IP2R fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style OPENAPI fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style SOCIAL fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style INJECT fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style LP fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style CACHE fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style GW fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style TV fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style CP fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style CR fill:#2d333b,stroke:#6d5dfc,color:#e6edf3

核心属性

cosec.enabled

整个 CoSec 框架的主开关。设置为 false 时,所有自动配置将被跳过。

属性类型默认值
cosec.enabledBooleantrue

定义在 CoSecPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/CoSecProperties.kt:31)中。

JWT 属性(cosec.jwt.*

控制 JWT 令牌的创建和验证。

属性类型默认值描述
cosec.jwt.enabledBooleantrue启用 JWT 认证
cosec.jwt.algorithmEnumhmac256签名算法:hmac256hmac384hmac512
cosec.jwt.secretString必填HMAC 签名的密钥
cosec.jwt.token-validity.accessDurationPT10M访问令牌有效期(10 分钟)
cosec.jwt.token-validity.refreshDurationP7D刷新令牌有效期(7 天)

定义在 JwtPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/jwt/JwtProperties.kt:28)中。条件激活由 @ConditionalOnJwtEnabled 控制(cosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/jwt/ConditionalOnJwtEnabled.kt)。

认证属性(cosec.authentication.*

属性类型默认值描述
cosec.authentication.enabledBooleantrue启用认证

定义在 AuthenticationPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/authentication/AuthenticationProperties.kt:26)中。

授权属性(cosec.authorization.*

控制授权引擎和策略加载行为。

属性类型默认值描述
cosec.authorization.enabledBooleantrue启用授权
cosec.authorization.local-policy.enabledBooleanfalse从本地 JSON 文件加载策略
cosec.authorization.local-policy.locationsSet<String>classpath:cosec-policy/*-policy.json策略文件位置的 Glob 模式
cosec.authorization.local-policy.init-repositoryBooleanfalse启动时使用本地文件初始化策略仓库
cosec.authorization.local-policy.force-refreshBooleanfalse启动时强制刷新本地策略

定义在 AuthorizationPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/authorization/AuthorizationProperties.kt:27)中。

授权缓存属性(cosec.authorization.cache.*

通过 CoCache 控制基于 Redis 的策略和角色权限缓存。

属性类型默认值描述
cosec.authorization.cache.enabledBooleantrue启用缓存
cosec.authorization.cache.key-prefixStringcosecRedis 键前缀
cosec.authorization.cache.policy.initialCapacityInt未设置Guava 缓存初始容量(策略缓存)
cosec.authorization.cache.policy.maximumSizeLong未设置Guava 缓存最大大小(策略缓存)
cosec.authorization.cache.policy.expireAfterWriteLong未设置写入后过期时间(秒)(策略缓存)
cosec.authorization.cache.policy.expireAfterAccessLong未设置访问后过期时间(秒)(策略缓存)
cosec.authorization.cache.role.initialCapacityInt未设置Guava 缓存初始容量(角色缓存)
cosec.authorization.cache.role.maximumSizeLong未设置Guava 缓存最大大小(角色缓存)
cosec.authorization.cache.role.expireAfterWriteLong未设置写入后过期时间(秒)(角色缓存)
cosec.authorization.cache.role.expireAfterAccessLong未设置访问后过期时间(秒)(角色缓存)

定义在 CachePropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/authorization/cache/CacheProperties.kt:34)中。

网关属性(cosec.authorization.gateway.*

属性类型默认值描述
cosec.authorization.gateway.enabledBooleantrue启用 Spring Cloud Gateway 集成

定义在 GatewayPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/authorization/gateway/GatewayProperties.kt:26)中。

IP2Region 属性(cosec.ip2region.*

控制用于基于区域访问控制的 IP 地理定位。

属性类型默认值描述
cosec.ip2region.enabledBooleantrue启用 IP 地理定位

定义在 Ip2RegionPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/ip2region/Ip2RegionProperties.kt:26)中。

OpenAPI 属性(cosec.openapi.*

控制 Swagger/OpenAPI 集成和策略生成端点。

属性类型默认值描述
cosec.openapi.enabledBooleantrue启用 OpenAPI 集成

定义在 OpenAPIPropertiescosec-spring-boot-starter/src/main/kotlin/me/ahoo/cosec/spring/boot/starter/openapi/OpenAPIProperties.kt:26)中。

自动配置激活流程

下图展示了 CoSec 自动配置如何根据属性进行激活:

mermaid
sequenceDiagram
    autonumber
    participant SB as Spring Boot
    participant CA as CoSecAutoConfiguration
    participant JA as JwtAutoConfiguration
    participant AA as AuthAutoConfiguration
    participant AZ as AuthzAutoConfiguration
    participant MA as MatcherFactoryRegister

    SB->>CA: Check @ConditionalOnCoSecEnabled
    Note over CA: cosec.enabled = true
    CA->>CA: Register CoSecModule
    CA->>MA: Register SPI Matchers

    SB->>JA: Check @ConditionalOnJwtEnabled
    Note over JA: cosec.jwt.enabled = true
    JA->>JA: Configure JWT Algorithm, Secret, TokenValidity

    SB->>AA: Check @ConditionalOnAuthenticationEnabled
    Note over AA: cosec.authentication.enabled = true
    AA->>AA: Register Authentication Providers

    SB->>AZ: Check @ConditionalOnAuthorizationEnabled
    Note over AZ: cosec.authorization.enabled = true
    AZ->>AZ: Register SimpleAuthorization
    AZ->>AZ: Load Local Policies (if enabled)

示例 Application.yaml

yaml
cosec:
  # 主开关
  enabled: true

  # JWT 配置
  jwt:
    enabled: true
    algorithm: hmac256           # hmac256 | hmac384 | hmac512
    secret: "my-super-secret-key-at-least-256-bits-long"
    token-validity:
      access: PT30M              # 30 分钟
      refresh: P14D              # 14 天

  # 认证
  authentication:
    enabled: true

  # 授权
  authorization:
    enabled: true
    local-policy:
      enabled: true
      locations:
        - "classpath:cosec-policy/*-policy.json"
      init-repository: true
      force-refresh: false

    # Redis 缓存
    cache:
      enabled: true
      key-prefix: "cosec"
      policy:
        maximumSize: 1000
        expireAfterWrite: 300    # 5 分钟
      role:
        maximumSize: 500
        expireAfterWrite: 300

    # Spring Cloud Gateway
    gateway:
      enabled: true

  # IP 地理定位
  ip2region:
    enabled: true

  # OpenAPI
  openapi:
    enabled: true

功能变体

cosec-spring-boot-starter 模块暴露 Gradle 功能变体,决定包含哪些集成模块:

mermaid
flowchart LR
    STARTER["cosec-spring-boot-starter"] --> W["webmvc-support"]
    STARTER --> WF["webflux-support"]
    STARTER --> GW["gateway-support"]
    STARTER --> OA["oauth-support"]
    STARTER --> CS["cache-support"]
    STARTER --> IP["ip2region-support"]
    STARTER --> OT["opentelemetry-support"]
    STARTER --> OAPI["openapi-support"]

    style STARTER fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style W fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style WF fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style GW fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style OA fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style CS fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style IP fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style OT fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
    style OAPI fill:#2d333b,stroke:#6d5dfc,color:#e6edf3
功能变体包含的模块所需依赖
webmvc-supportcosec-webmvcSpring WebMvc
webflux-supportcosec-webfluxSpring WebFlux
gateway-supportcosec-gatewaySpring Cloud Gateway
oauth-supportcosec-socialJustAuth
cache-supportcosec-cocacheSpring Data Redis + CoCache
ip2region-supportcosec-ip2regionip2region 库
opentelemetry-supportcosec-opentelemetryOpenTelemetry
openapi-supportcosec-openapiSpringDoc OpenAPI

功能变体在 build.gradle.ktscosec-spring-boot-starter/build.gradle.kts:18)中声明。

相关页面

参考资料

基于 Apache License 2.0 发布