7 månader sedan · 77d0075b23
--- a/pom.xml
+++ b/pom.xml
@@ -211,6 +211,12 @@
 
				 			<artifactId>okhttp</artifactId>
			
 
				 			<version>3.14.9</version>
			
 
				 		</dependency>
			
 
				+
			
 
				+		<dependency>
			
 
				+			<groupId>org.mitre.dsmiley.httpproxy</groupId>
			
 
				+			<artifactId>smiley-http-proxy-servlet</artifactId>
			
 
				+			<version>1.11</version>
			
 
				+		</dependency>
			
 
				 	</dependencies>
			
 
				 
			
 
				 	<repositories>
			
--- a/src/main/java/com/shkpr/service/proxycenter/ProxyCenterApplication.java
+++ b/src/main/java/com/shkpr/service/proxycenter/ProxyCenterApplication.java
@@ -1,19 +1,52 @@
 
				 package com.shkpr.service.proxycenter;
			
 
				 
			
 
				+import com.global.base.component.SnowFlakeEx;
			
 
				 import com.global.base.log.LogPrintMgr;
			
 
				+import com.global.base.thread.ThreadPoolProxy;
			
 
				+import com.shkpr.service.proxycenter.globalcache.GlobalData;
			
 
				 import com.shkpr.service.proxycenter.interfaces.sinks.LogPrintSink;
			
 
				+import org.springframework.beans.factory.annotation.Value;
			
 
				 import org.springframework.boot.SpringApplication;
			
 
				 import org.springframework.boot.autoconfigure.SpringBootApplication;
			
 
				 import org.springframework.retry.annotation.EnableRetry;
			
 
				 
			
 
				+import javax.annotation.PostConstruct;
			
 
				+
			
 
				 @SpringBootApplication
			
 
				 @EnableRetry
			
 
				 public class ProxyCenterApplication {
			
 
				+	@Value("${global.server.apr:false}")
			
 
				+	private boolean mBUseApr = false;
			
 
				+
			
 
				+	@Value("${server.port:9999}")
			
 
				+	private int mNPort;
			
 
				+
			
 
				+	@Value("${global.server.id:kpr.proxy.v100}")
			
 
				+	private String mStrServerId;           //本服务的ID
			
 
				+
			
 
				+	@Value("${global.machine.index:0}")
			
 
				+	private int mOwnerMachineIndex;      //本服务所在的部署机器的索引编号
			
 
				+
			
 
				+	@Value("${global.service.index:0}")
			
 
				+	private int mOwnerServiceIndex;     //本服务在部署机器上的服务索引编号
			
 
				+
			
 
				+	@Value("${global.switch.trace.log:true}")
			
 
				+	private boolean mBSwitchTraceLog = true; //是否开启基于TraceId的log记录
			
 
				+
			
 
				+	@PostConstruct
			
 
				+	public void init(){
			
 
				+		ThreadPoolProxy.getInstance().initFixedPoolRes("COMM",200, "COMM");
			
 
				+		LogPrintMgr.getInstance().setSwitchTraceLog(mBSwitchTraceLog);
			
 
				+		GlobalData.getInstance().setServerId(mStrServerId);
			
 
				+		GlobalData.getInstance().setNOwnerMachineIndex(mOwnerMachineIndex);
			
 
				+		GlobalData.getInstance().setNOwnerServiceIndex(mOwnerServiceIndex);
			
 
				+		GlobalData.getInstance().setSwitchTraceLog(mBSwitchTraceLog);
			
 
				+		SnowFlakeEx.init(mOwnerMachineIndex, mOwnerServiceIndex);
			
 
				+	}
			
 
				 
			
 
				 	public static void main(String[] args) {
			
 
				 		com.shkpr.service.proxycenter.globalcache.GlobalData.getInstance().setCpuCores(Runtime.getRuntime().availableProcessors());
			
 
				 		LogPrintMgr.getInstance().initResWithDisruptor(/*GlobalData.getInstance().getCpuCores()*/2, 2, new LogPrintSink());//io型线程池=CPU Core*2；计算型线程池=CPU Core
			
 
				 		SpringApplication.run(ProxyCenterApplication.class, args);
			
 
				 	}
			
 
				-
			
 
				 }
			
--- a/src/main/java/com/shkpr/service/proxycenter/components/BaseASProxyServlet.java
+++ b/src/main/java/com/shkpr/service/proxycenter/components/BaseASProxyServlet.java
@@ -0,0 +1,17 @@
 
				+package com.shkpr.service.proxycenter.components;
			
 
				+
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.io.IOException;
			
 
				+
			
 
				+public class BaseASProxyServlet extends CommonProxyServlet {
			
 
				+    public BaseASProxyServlet(String apiProxy) {
			
 
				+        super(apiProxy);
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
			
 
				+        super.service(servletRequest, servletResponse);
			
 
				+    }
			
 
				+}
			
--- a/src/main/java/com/shkpr/service/proxycenter/components/CommonProxyServlet.java
+++ b/src/main/java/com/shkpr/service/proxycenter/components/CommonProxyServlet.java
@@ -0,0 +1,119 @@
 
				+package com.shkpr.service.proxycenter.components;
			
 
				+
			
 
				+import com.shkpr.service.proxycenter.constants.ApiURI;
			
 
				+import com.shkpr.service.proxycenter.controllerfilter.TokenAuthenticationService;
			
 
				+import com.shkpr.service.proxycenter.dto.ResponseCode;
			
 
				+import org.apache.http.client.HttpClient;
			
 
				+import org.apache.http.client.utils.URIUtils;
			
 
				+import org.apache.http.conn.ssl.NoopHostnameVerifier;
			
 
				+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
			
 
				+import org.apache.http.impl.client.HttpClientBuilder;
			
 
				+import org.mitre.dsmiley.httpproxy.ProxyServlet;
			
 
				+
			
 
				+import javax.net.ssl.SSLContext;
			
 
				+import javax.net.ssl.X509TrustManager;
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.io.IOException;
			
 
				+import java.net.URI;
			
 
				+import java.net.URISyntaxException;
			
 
				+import java.security.SecureRandom;
			
 
				+import java.security.cert.CertificateException;
			
 
				+import java.security.cert.X509Certificate;
			
 
				+
			
 
				+public class CommonProxyServlet extends ProxyServlet {
			
 
				+    private String apiProxy = "https://127.0.0.1:9000/";
			
 
				+
			
 
				+    public CommonProxyServlet(String apiProxy) {
			
 
				+        this.apiProxy = apiProxy;
			
 
				+    }
			
 
				+
			
 
				+    public CommonProxyServlet() {
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected HttpClient createHttpClient() {
			
 
				+        HttpClientBuilder clientBuilder = HttpClientBuilder.create().
			
 
				+                setDefaultRequestConfig(this.buildRequestConfig()).
			
 
				+                setDefaultSocketConfig(this.buildSocketConfig());
			
 
				+        clientBuilder.setMaxConnTotal(this.maxConnections);
			
 
				+        clientBuilder.setMaxConnTotal(maxConnections);
			
 
				+        if (this.useSystemProperties) {
			
 
				+            clientBuilder = clientBuilder.useSystemProperties();
			
 
				+        }
			
 
				+
			
 
				+        SSLContext sslContext = null;
			
 
				+        try {
			
 
				+            sslContext = SSLContext.getInstance("TLS");sslContext.init(null, new X509TrustManager[]{new X509TrustManager() {
			
 
				+                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			
 
				+                }
			
 
				+                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			
 
				+                }
			
 
				+                public X509Certificate[] getAcceptedIssuers() {
			
 
				+                    return new X509Certificate[0];
			
 
				+                }
			
 
				+            }}, new SecureRandom());
			
 
				+        }catch (Exception e){}
			
 
				+
			
 
				+        if (sslContext != null){
			
 
				+            SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
			
 
				+            clientBuilder.setSSLSocketFactory(sslSocketFactory);
			
 
				+        }
			
 
				+        return clientBuilder.build();
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
			
 
				+        /*ResponseCode headerCheck = checkHeader(servletRequest, servletResponse);
			
 
				+        if (headerCheck != ResponseCode.RESULT_NORMAL) {
			
 
				+            HttpTool.handlerHttpErrorStatus(servletResponse, headerCheck);
			
 
				+            return;
			
 
				+        }*/
			
 
				+
			
 
				+        final String destUri = servletRequest.getRequestURI();
			
 
				+        servletRequest.setAttribute(ATTR_TARGET_URI, null);
			
 
				+        if (destUri.startsWith(ApiURI.URI_BASE_PROXY_H)){
			
 
				+            //若不重置super.targetUri；则super.targetUri实际地址为【/data-gw/3th/dma-proxy/*】中*号匹配的部分
			
 
				+            //若重置super.targetUri=XXX; 则super.targetUri实际地址为XXX +【/data-gw/3th/dma-proxy/*】中*号匹配的部分
			
 
				+            super.targetUri = ApiURI.URI_BASE_PROXY_H;
			
 
				+        }else if (destUri.startsWith(ApiURI.URI_TASK_PROXY_H)){
			
 
				+            super.targetUri = ApiURI.URI_TASK_PROXY_H;
			
 
				+        }
			
 
				+
			
 
				+        URI uri = null;
			
 
				+        try {
			
 
				+            uri = new URI(apiProxy);
			
 
				+        } catch (URISyntaxException e) {
			
 
				+            e.printStackTrace();
			
 
				+        }
			
 
				+        servletRequest.setAttribute(ATTR_TARGET_HOST, null);
			
 
				+        super.targetHost = URIUtils.extractHost(uri);
			
 
				+        super.service(servletRequest, servletResponse);
			
 
				+    }
			
 
				+
			
 
				+    private ResponseCode checkHeader(HttpServletRequest servletRequest, HttpServletResponse servletResponse){
			
 
				+        ResponseCode oRes = ResponseCode.RESULT_UNKNOWN;
			
 
				+        String strContentType = servletRequest.getHeader("Content-Type");
			
 
				+        strContentType = strContentType!=null ? strContentType.toLowerCase():"xxx";
			
 
				+        String strContent = servletRequest.getHeader("Content");                       //经测试发现ios只能设置Content
			
 
				+        strContent = strContent!=null ? strContent.toLowerCase():"xxx";
			
 
				+
			
 
				+        String strCompare = TokenAuthenticationService.HEADER_CONTENT_TYPE;
			
 
				+        strCompare = strCompare.toLowerCase();
			
 
				+        String strShortCompare = TokenAuthenticationService.HEADER_SHORT_CONTENT_TYPE;
			
 
				+        strShortCompare = strShortCompare.toLowerCase();
			
 
				+
			
 
				+        if (!strContentType.contains(strCompare)
			
 
				+                && !strContentType.contains(strShortCompare)
			
 
				+                && !strContent.contains(strCompare)
			
 
				+                && !strContent.contains(strShortCompare)){
			
 
				+            oRes = ResponseCode.STATUS_INVALID_CONTENT_TYPE;
			
 
				+        }else {
			
 
				+            oRes = ResponseCode.RESULT_NORMAL;
			
 
				+        }
			
 
				+        return oRes;
			
 
				+    }
			
 
				+
			
 
				+}
			
 
				+
			
--- a/src/main/java/com/shkpr/service/proxycenter/components/TaskASProxyServlet.java
+++ b/src/main/java/com/shkpr/service/proxycenter/components/TaskASProxyServlet.java
@@ -0,0 +1,17 @@
 
				+package com.shkpr.service.proxycenter.components;
			
 
				+
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.io.IOException;
			
 
				+
			
 
				+public class TaskASProxyServlet extends CommonProxyServlet {
			
 
				+    public TaskASProxyServlet(String apiProxy) {
			
 
				+        super(apiProxy);
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
			
 
				+        super.service(servletRequest, servletResponse);
			
 
				+    }
			
 
				+}
			
--- a/src/main/java/com/shkpr/service/proxycenter/configuration/WebMvcConfiguration.java
+++ b/src/main/java/com/shkpr/service/proxycenter/configuration/WebMvcConfiguration.java
@@ -17,7 +17,7 @@ import java.util.TreeMap;
 
				 /**
			
 
				  * 该类主要用来注册各种Controller拦截器
			
 
				  * WebSecurityConfig类中注册的过滤器JWTLoginFilter、JWTAuthenticationFilter优先于该类中注册的拦截器URIInterceptorIntef
			
 
				- * 过滤拦截顺序: JWTLoginFilter--->JWTAuthenticationFilter--->URIInterceptorIntef
			
 
				+ * 过滤拦截顺序: JWTLoginFilter--->SelfAuthenticationFilter--->URIInterceptorIntef
			
 
				  */
			
 
				 @Configuration
			
 
				 @EnableWebMvc
			
--- a/src/main/java/com/shkpr/service/proxycenter/configuration/WebSecurityConfiguration.java
+++ b/src/main/java/com/shkpr/service/proxycenter/configuration/WebSecurityConfiguration.java
@@ -1,19 +1,30 @@
 
				 package com.shkpr.service.proxycenter.configuration;
			
 
				 
			
 
				+import com.shkpr.service.proxycenter.components.BaseASProxyServlet;
			
 
				+import com.shkpr.service.proxycenter.components.TaskASProxyServlet;
			
 
				+import com.shkpr.service.proxycenter.constants.ApiURI;
			
 
				+import com.shkpr.service.proxycenter.controllerfilter.CustomAuthenticationProvider;
			
 
				+import com.shkpr.service.proxycenter.controllerfilter.SelfBizFilterMgr;
			
 
				+import org.mitre.dsmiley.httpproxy.ProxyServlet;
			
 
				 import org.springframework.beans.factory.annotation.Value;
			
 
				+import org.springframework.boot.web.servlet.ServletRegistrationBean;
			
 
				+import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
 
				+import org.springframework.context.annotation.Primary;
			
 
				+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			
 
				 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
			
 
				 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				 import org.springframework.security.config.annotation.web.builders.WebSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			
 
				+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			
 
				 
			
 
				 /**
			
 
				  * 该类主要用来做权限控制的配置、以及注册各种过滤器
			
 
				  * 执行顺序
			
 
				  * (1) 注册验证组件 - configure(AuthenticationManagerBuilder auth)方法中注册自定义验证组件
			
 
				  * (2) 设置验证规则 - configure(HttpSecurity http)方法中设置了各种路由访问规则
			
 
				- * (3) 初始化过滤组件 - JWTLoginFilter 和 JWTAuthenticationFilter 类会初始化
			
 
				+ * (3) 初始化过滤组件 - JWTLoginFilter 和 SelfAuthenticationFilter 类会初始化
			
 
				  */
			
 
				 @Configuration
			
 
				 @EnableWebSecurity
			
@@ -25,6 +36,18 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				     @Value("${global.ops.lan.ip:127.0.0.1}")
			
 
				     private String mStrOpsServerLanIP;
			
 
				 
			
 
				+    @Value("${cloud.proxy.address.base:}")
			
 
				+    private String mStrBaseASProxyAddress = "";
			
 
				+
			
 
				+    @Value("${cloud.proxy.address.task:}")
			
 
				+    private String mStrTaskASProxyAddress = "";
			
 
				+
			
 
				+    @Override
			
 
				+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			
 
				+        //使用自定义身份验证组件
			
 
				+        auth.authenticationProvider(new CustomAuthenticationProvider());
			
 
				+    }
			
 
				+
			
 
				     // 设置 HTTP 验证规则
			
 
				     @Override
			
 
				     protected void configure(HttpSecurity http) throws Exception {
			
@@ -36,8 +59,12 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				 
			
 
				         http.csrf().disable()                                          // 关闭csrf验证
			
 
				                 .authorizeRequests()                                   // 对请求进行认证
			
 
				+                //.antMatchers(ApiURI.URI_BASE_PROXY_XXX).permitAll()
			
 
				                 .antMatchers("/**").permitAll()
			
 
				-                .anyRequest().authenticated();                                                                                          //所有其他请求需要身份认证;
			
 
				+                .anyRequest().authenticated()
			
 
				+                .and()
			
 
				+                .addFilterBefore(new SelfBizFilterMgr("/**", authenticationManager()),
			
 
				+                        UsernamePasswordAuthenticationFilter.class);                                                                                          //所有其他请求需要身份认证;
			
 
				                 /*.addFilterBefore(new ServerStatusMonitorFilter(ThirdApiURI.URI_HGAS_MONITOR_XXX, authenticationManager()),
			
 
				                         UsernamePasswordAuthenticationFilter.class);*/
			
 
				 
			
@@ -51,4 +78,25 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				                 .antMatchers("/static/**");                                                               // 所有/static下的静态资源请求时都忽略访问规则
			
 
				         */
			
 
				     }
			
 
				+
			
 
				+    @Bean(name = "base")
			
 
				+    @Primary
			
 
				+    public ServletRegistrationBean<BaseASProxyServlet> servletServletRegistrationForBase() {
			
 
				+        ServletRegistrationBean<BaseASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
			
 
				+        servletRegistrationBean.setServlet(new BaseASProxyServlet(mStrBaseASProxyAddress));
			
 
				+        servletRegistrationBean.addUrlMappings(String.format("%s/%s", ApiURI.URI_BASE_PROXY_H, "*"));
			
 
				+        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
			
 
				+        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
			
 
				+        return servletRegistrationBean;
			
 
				+    }
			
 
				+
			
 
				+    @Bean(name = "task")
			
 
				+    public ServletRegistrationBean<TaskASProxyServlet> servletServletRegistrationForTask() {
			
 
				+        ServletRegistrationBean<TaskASProxyServlet> servletRegistrationBean = new ServletRegistrationBean<>();
			
 
				+        servletRegistrationBean.setServlet(new TaskASProxyServlet(mStrTaskASProxyAddress));
			
 
				+        servletRegistrationBean.addUrlMappings(String.format("%s/%s", ApiURI.URI_TASK_PROXY_H, "*"));
			
 
				+        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, "false");
			
 
				+        servletRegistrationBean.addInitParameter( "targetUri", "https://127.0.0.1:9000");
			
 
				+        return servletRegistrationBean;
			
 
				+    }
			
 
				 }
			
--- a/src/main/java/com/shkpr/service/proxycenter/constants/ApiURI.java
+++ b/src/main/java/com/shkpr/service/proxycenter/constants/ApiURI.java
@@ -77,88 +77,12 @@ public class ApiURI {
 
				     public static final String URI_XXX_WS = "ws";
			
 
				     public static final String URI_XXX_ORG = "org";
			
 
				 
			
 
				-    public static final String URI_LOGIN = "/gis-ae/login";
			
 
				-    public static final String URI_LOROUT = "/gis-ae/logout";
			
 
				-    public static final String URI_LOGIN_NO_PASS = "/gis-ae/loginNoPass";
			
 
				-    public static final String URI_ACCESS_TOKEN_CHECK = "/gis-ae/apply/access-token-check";
			
 
				-    public static final String URI_FILE_BUSI_XXX = "/files/**";
			
 
				-    public static final String URI_IMAGE_SHOW_XXX = "/imageShow/**";
			
 
				 
			
 
				-    public static final String URI_ALL_BUSI_XXX = "/gis-ae/**";
			
 
				-
			
 
				-    public static final String URI_USERS_H = "/gis-ae/users";
			
 
				-    public static final String URI_USERS_XXX = URI_USERS_H+"/**";
			
 
				-
			
 
				-    public static final String URI_MAINT_H = "/gis-ae/maintenance";
			
 
				-    public static final String URI_MAINT_XXX = URI_MAINT_H+"/**";
			
 
				-
			
 
				-    public static final String URI_LINKED_PATH_H = "/gis-ae/linked-path"; //连通性路径搜索
			
 
				-    public static final String URI_LINKED_PATH_XXX = URI_LINKED_PATH_H+"/**";
			
 
				-
			
 
				-    public static final String URI_NNS_PATH_H = "/gis-ae/nns-path";       //最近邻路径搜索
			
 
				-    public static final String URI_NNS_PATH_XXX = URI_NNS_PATH_H+"/**";
			
 
				-
			
 
				-    public static final String URI_CUSTOMERS_H = "/gis-ae/customer";
			
 
				-    public static final String URI_CUSTOMERS_XXX = URI_CUSTOMERS_H+"/**";
			
 
				-
			
 
				-    public static final String URI_FEATURES_H = "/gis-ae/features";
			
 
				-    public static final String URI_FEATURES_TOTALS_H = URI_FEATURES_H+"/totals";
			
 
				-    public static final String URI_FEATURES_XXX = URI_FEATURES_H+"/**";
			
 
				-    public static final String URI_FEATURES_UPLOAD_H = URI_FEATURES_H+"/upload";
			
 
				-    public static final String URI_FEATURES_IMAGES_H = URI_FEATURES_H+"/images";
			
 
				-    public static final String URI_FEATURES_LABEL_H = URI_FEATURES_H+"/label";
			
 
				-    public static final String URI_FEATURES_LAYER_TEMPLATE_H = URI_FEATURES_H+"/layer-template";
			
 
				-
			
 
				-    public static final String URI_PIPELINE_H = "/gis-ae/pipeline";
			
 
				-    public static final String URI_PIPELINE_TOTALS_H = URI_PIPELINE_H+"/totals";
			
 
				-    public static final String URI_PIPELINE_XXX = URI_PIPELINE_H+"/**";
			
 
				-
			
 
				-    public static final String URI_COMMON_H = "/gis-ae/common";
			
 
				-    public static final String URI_COMMON_XXX = URI_COMMON_H+"/**";
			
 
				-
			
 
				-    public static final String URI_FILES_H = "/gis-ae/files";
			
 
				-    public static final String URI_FILES_XXX = URI_FILES_H+"/**";
			
 
				-
			
 
				-    public static final String URI_PUBLISH_H = "/gis-ae/publish";
			
 
				-    public static final String URI_PUBLISH_XXX = URI_PUBLISH_H+"/**";
			
 
				-
			
 
				-    public static final String URI_TDT_MAP_REQ_H = "/gis-ae/tdt-map";
			
 
				-    public static final String URI_TDT_MAP_REQ_XXX = URI_TDT_MAP_REQ_H+"/**";
			
 
				-
			
 
				-    public static final String URI_EXTEND_POWER_H = "/gis-ae/extend-power";
			
 
				-    public static final String URI_EXTEND_POWER_XXX = URI_EXTEND_POWER_H+"/**";
			
 
				-    public static final String URI_EXTEND_POWER_DIRECT_TABLE_H = URI_EXTEND_POWER_H+"/direct-table";
			
 
				-
			
 
				-    public static final String URI_TOTAL_TEMPLATE_H = "/gis-ae/total-template";
			
 
				-    public static final String URI_TOTAL_TEMPLATE_XXX = URI_TOTAL_TEMPLATE_H + "/**";
			
 
				-
			
 
				-    public static final String URI_ANALY_STATS_REPORT_H = "/gis-ae/analy/stats-report";
			
 
				-    public static final String URI_ANALY_STATS_REPORT_XXX = URI_ANALY_STATS_REPORT_H + "/**";
			
 
				-
			
 
				-    public static final String URI_INTERNAL_H = "/gis-ae/internal";
			
 
				-    public static final String URI_INTERNAL_XXX = URI_INTERNAL_H+"/**";
			
 
				-
			
 
				-    public static final String URI_ELEMENT_CHANGE_H = "/gis-ae/element-change";
			
 
				-    public static final String URI_ELEMENT_CHANGE_XXX = URI_ELEMENT_CHANGE_H + "/**";
			
 
				-    public static final String URI_ELEMENT_CHANGE_APPLY_H = "/gis-ae/element-change/apply";
			
 
				-    public static final String URI_ELEMENT_CHANGE_HANDLE_H = "/gis-ae/element-change/handle";
			
 
				-
			
 
				-    public static final String URI_METADATA_H = "/gis-ae/metadata";
			
 
				-    public static final String URI_METADATA_XXX = URI_METADATA_H+"/**";
			
 
				-    public static final String URI_METADATA_LAYER_TT_H = URI_METADATA_H+"/layer-define";
			
 
				-    public static final String URI_METADATA_PROPERTY_TT_H = URI_METADATA_H+"/property-define";
			
 
				-
			
 
				-    public static final String URI_HGAS_MONITOR_XXX = "/hgas-monitor/**";
			
 
				-    public static final String URI_HGAS_MONITOR_HEALTH = "/hgas-monitor/health"; //应用程序的健康指标信息
			
 
				-    public static final String URI_HGAS_MONITOR_INFO = "/hgas-monitor/info";     //应用程序的自定义基本信息
			
 
				-    public static final String URI_HGAS_MONITOR_ENV = "/hgas-monitor/env";       //应用程序的环境变量
			
 
				-    public static final String URI_HGAS_MONITOR_METRICS ="/hgas-monitor/metrics";//应用程序的重要度量指标信息
			
 
				-    public static final String URI_HGAS_MONITOR_DUMP ="/hgas-monitor/dump";       //应用程序的运行中的线程栈信息
			
 
				-    public static final String URI_HGAS_MONITOR_TRACE ="/hgas-monitor/trace";     //应用程序的基本HTTP跟踪信息
			
 
				+    public static final String URI_INTERNAL_OPS_XXX = "/ops/**";
			
 
				 
			
 
				-    public static final String URI_INTERNAL_PROPERTY_XXX = "/internal/prop/**";
			
 
				-    public static final String URI_INTERNAL_PROPERTY_QUERY = "/internal/prop/query";
			
 
				-    public static final String URI_INTERNAL_PROPERTY_SET = "/internal/prop/set";
			
 
				+    public static final String URI_BASE_PROXY_H = "/base";
			
 
				+    public static final String URI_BASE_PROXY_XXX = "/base/**";
			
 
				 
			
 
				-    public static final String URI_INTERNAL_OPS_XXX = "/ops/**";
			
 
				+    public static final String URI_TASK_PROXY_H = "/task";
			
 
				+    public static final String URI_TASK_PROXY_XXX = "/task/**";
			
 
				 }
			
--- a/src/main/java/com/shkpr/service/proxycenter/controllerfilter/CustomAuthenticationProvider.java
+++ b/src/main/java/com/shkpr/service/proxycenter/controllerfilter/CustomAuthenticationProvider.java
@@ -0,0 +1,25 @@
 
				+package com.shkpr.service.proxycenter.controllerfilter;
			
 
				+
			
 
				+import org.springframework.security.authentication.AuthenticationProvider;
			
 
				+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.core.AuthenticationException;
			
 
				+
			
 
				+public class CustomAuthenticationProvider implements AuthenticationProvider {
			
 
				+    protected String mStrThisSampleName = null;
			
 
				+
			
 
				+    public CustomAuthenticationProvider() {
			
 
				+        this.mStrThisSampleName = this.getClass().getSimpleName();
			
 
				+    }
			
 
				+
			
 
				+    //在JWTLoginFilter::attemptAuthentication()之后执行
			
 
				+    @Override
			
 
				+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
			
 
				+        return null;
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    public boolean supports(Class<?> aClass) {
			
 
				+        return aClass.equals(UsernamePasswordAuthenticationToken.class);
			
 
				+    }
			
 
				+}
			
--- a/src/main/java/com/shkpr/service/proxycenter/controllerfilter/SelfAuthenticationFilter.java
+++ b/src/main/java/com/shkpr/service/proxycenter/controllerfilter/SelfAuthenticationFilter.java
@@ -0,0 +1,36 @@
 
				+package com.shkpr.service.proxycenter.controllerfilter;
			
 
				+
			
 
				+
			
 
				+import org.springframework.security.authentication.AuthenticationManager;
			
 
				+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
			
 
				+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				+import org.springframework.security.web.util.matcher.RequestMatcher;
			
 
				+
			
 
				+import javax.servlet.FilterChain;
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.io.IOException;
			
 
				+
			
 
				+public class SelfAuthenticationFilter extends BasicAuthenticationFilter {
			
 
				+    private RequestMatcher mRequestMatcher = null;
			
 
				+    protected String mStrThisSampleName = null;
			
 
				+
			
 
				+    public SelfAuthenticationFilter(AuthenticationManager authenticationManager){
			
 
				+        super(authenticationManager);
			
 
				+        this.mStrThisSampleName = this.getClass().getSimpleName();
			
 
				+    }
			
 
				+
			
 
				+    public SelfAuthenticationFilter(String url, AuthenticationManager authenticationManager){
			
 
				+        super(authenticationManager);
			
 
				+        this.mStrThisSampleName = this.getClass().getSimpleName();
			
 
				+        if (url != null && !url.isEmpty())
			
 
				+            this.mRequestMatcher = new AntPathRequestMatcher(url);
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
			
 
				+        chain.doFilter(request, response);  //当前URI已匹配成功且已验证成功，向后传递，filter链路执行完毕后，进入自己的拦截器
			
 
				+    }
			
 
				+}
			
 
				+
			
--- a/src/main/java/com/shkpr/service/proxycenter/controllerfilter/SelfBizFilterMgr.java
+++ b/src/main/java/com/shkpr/service/proxycenter/controllerfilter/SelfBizFilterMgr.java
@@ -0,0 +1,30 @@
 
				+package com.shkpr.service.proxycenter.controllerfilter;
			
 
				+
			
 
				+import org.springframework.security.authentication.AuthenticationManager;
			
 
				+
			
 
				+import javax.servlet.FilterChain;
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.io.IOException;
			
 
				+
			
 
				+public class SelfBizFilterMgr extends SelfAuthenticationFilter {
			
 
				+
			
 
				+    public SelfBizFilterMgr(AuthenticationManager authenticationManager)
			
 
				+    {
			
 
				+        this(null, authenticationManager);
			
 
				+    }
			
 
				+
			
 
				+    public SelfBizFilterMgr(String url, AuthenticationManager authenticationManager) {
			
 
				+        super(url,  authenticationManager);
			
 
				+        this.mStrThisSampleName  = this.getClass().getSimpleName();
			
 
				+
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
			
 
				+        //System.out.println(this.mStrThisSampleName+"::doFilterInternal()..."+request.getContextPath()+" " + request.getRequestURI());
			
 
				+        chain.doFilter(request, response); //当前URI没有匹配成功，向后传递继续匹配
			
 
				+    }
			
 
				+}
			
 
				+
			
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -75,17 +75,10 @@ global.license.check.switch=false
 
				 global.internal.operator.account=TriCooperation
			
 
				 global.internal.operator.password=$2b$10$Scz7AoeOTUB69piABNLOEepFU7OesRDRStP43g9r7QFw0Go7KTo4u
			
 
				 
			
 
				-#本机的内部通信可信任口令
			
 
				-global.internal.call.password=Tri@Tech
			
 
				-#基础服务的内部通信可信任口令
			
 
				-cloud.base.service.call.password=Tri@Tech
			
 
				-#工单服务的内部通信可信任口令
			
 
				-cloud.task.service.call.password=Tri@Tech
			
 
				-#基础服务访问地址
			
 
				-#cloud.base.service.address=http://127.0.0.1:9001/
			
 
				-cloud.base.service.address=https://140.246.183.164:9000/
			
 
				-#工单服务访问地址
			
 
				-cloud.task.service.address=https://140.246.183.164:9000/
			
 
				+
			
 
				+cloud.proxy.address.base=https://140.246.183.164:9000/
			
 
				+
			
 
				+cloud.proxy.address.task=https://140.246.183.164:9000/