Merge branch 'master' into master

db/init/mysql/schema.sql

@@ -1299,6 +1299,8 @@ INSERT INTO `plugin_handle` VALUES ('1722804548510507029', '20', 'requestUniqueH
 INSERT INTO `plugin_handle` VALUES ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniqueStrategy', 2, 2, 3, '{"required":"0","rule":""}', '2024-12-13 22:37:48.239', '2024-12-13 22:37:48.239');
 INSERT INTO `plugin_handle` VALUES ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}', '2024-12-13 22:38:05.726', '2024-12-13 22:38:05.726');
 
+INSERT INTO `plugin_handle` VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');
+
 -- ----------------------------
 -- Table structure for resource
 -- ----------------------------

db/init/ob/schema.sql

@@ -1292,6 +1292,8 @@ INSERT INTO `plugin_handle` VALUES ('1722804548510507029', '20', 'requestUniqueH
 INSERT INTO `plugin_handle` VALUES ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniqueStrategy', 2, 2, 3, '{"required":"0","rule":""}', '2024-12-13 22:37:48.239', '2024-12-13 22:37:48.239');
 INSERT INTO `plugin_handle` VALUES ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}', '2024-12-13 22:38:05.726', '2024-12-13 22:38:05.726');
 
+INSERT INTO `plugin_handle` VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');
+
 -- ----------------------------
 -- Table structure for resource
 -- ----------------------------

db/init/og/create-table.sql

@@ -1376,6 +1376,8 @@ INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507029', '20', 'reque
 INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniqueStrategy', 2, 2, 3, '{"required":"0","rule":""}', '2024-12-13 22:37:48.239', '2024-12-13 22:37:48.239');
 INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}', '2024-12-13 22:38:05.726', '2024-12-13 22:38:05.726');
 
+INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');
+
 -- ----------------------------
 -- Table structure for resource
 -- ----------------------------

db/init/oracle/schema.sql

@@ -2191,6 +2191,8 @@ values ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniq
 insert /*+ IGNORE_ROW_ON_DUPKEY_INDEX(plugin_handle(plugin_id, field, type)) */ into plugin_handle (ID, PLUGIN_ID, FIELD, LABEL, DATA_TYPE, TYPE, SORT, EXT_OBJ)
 values ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}');
 
+insert /*+ IGNORE_ROW_ON_DUPKEY_INDEX(plugin_handle(plugin_id, field, type)) */ into plugin_handle (ID, PLUGIN_ID, FIELD, LABEL, DATA_TYPE, TYPE, SORT, EXT_OBJ)
+values ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}');
 
 
 insert /*+ IGNORE_ROW_ON_DUPKEY_INDEX(shenyu_dict(type, dict_code, dict_name)) */ into SHENYU_DICT (ID, TYPE, DICT_CODE, DICT_NAME, DICT_VALUE, "desc", SORT, ENABLED)

db/init/pg/create-table.sql

@@ -1436,6 +1436,8 @@ INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507029', '20', 'reque
 INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniqueStrategy', 2, 2, 3, '{"required":"0","rule":""}', '2024-12-13 22:37:48.239', '2024-12-13 22:37:48.239');
 INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}', '2024-12-13 22:38:05.726', '2024-12-13 22:38:05.726');
 
+INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');
+
 -- ----------------------------
 -- Table structure for resource
 -- ----------------------------

db/upgrade/2.7.0-upgrade-2.7.1-mysql.sql

@@ -0,0 +1,18 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- this file works for MySQL.
+INSERT INTO `plugin_handle` VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');

db/upgrade/2.7.0-upgrade-2.7.1-og.sql

@@ -0,0 +1,18 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- this file works for og.
+INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');

db/upgrade/2.7.0-upgrade-2.7.1-oracle.sql

@@ -0,0 +1,19 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- this file works for Oracle, can not use "`" syntax.
+insert /*+ IGNORE_ROW_ON_DUPKEY_INDEX(plugin_handle(plugin_id, field, type)) */ into plugin_handle (ID, PLUGIN_ID, FIELD, LABEL, DATA_TYPE, TYPE, SORT, EXT_OBJ)
+values ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}');

db/upgrade/2.7.0-upgrade-2.7.1-pg.sql

@@ -0,0 +1,18 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- this file works for PostgreSQL, can not use "`" syntax.
+INSERT INTO "public"."plugin_handle" VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}', '2025-01-02 17:20:50.233', '2025-01-02 17:20:50.233');

db/upgrade/upgrade-guide.md

@@ -4,8 +4,30 @@
 
 ## To Shenyu Users
 
+- 2.7.0-upgrade-2.7.1-mysql.sql
+
+- 2.7.0-upgrade-2.7.1-og.sql
+
+- 2.7.0-upgrade-2.7.1-oracle.sql
+
+- 2.7.0-upgrade-2.7.1-pg.sql
+
+  > this file is the Shenyu upgrade sql from v2.7.0 to v2.7.1
+
+- 2.6.1-upgrade-2.7.0-mysql.sql
+
+- 2.6.1-upgrade-2.7.0-og.sql
+
+- 2.6.1-upgrade-2.7.0-oracle.sql
+
+- 2.6.1-upgrade-2.7.0-pg.sql
+
+  > this file is the Shenyu upgrade sql from v2.6.1 to v2.7.0
+
 - 2.6.0-upgrade-2.6.1-mysql.sql
 
+- 2.6.0-upgrade-2.6.1-og.sql
+
 - 2.6.0-upgrade-2.6.1-oracle.sql
 
 - 2.6.0-upgrade-2.6.1-pg.sql
@@ -14,6 +36,8 @@
 
 - 2.5.1-upgrade-2.6.0-mysql.sql
 
+- 2.5.1-upgrade-2.6.0-og.sql
+
 - 2.5.1-upgrade-2.6.0-oracle.sql
 
 - 2.5.1-upgrade-2.6.0-pg.sql
@@ -45,41 +69,3 @@
 - 2.4.1-upgrade-2.4.2-pg.sql
 
   > this file is the Shenyu upgrade sql from v2.4.1 to v2.4.2
-
-- 2.4.2-upgrade-2.4.3-mysql.sql
-
-- 2.4.2-upgrade-2.4.3-pg.sql
-
-  > this file is the Shenyu upgrade sql from v2.4.2 to v2.4.3
-
-- 2.4.3-upgrade-2.5.0-mysql.sql
-
-- 2.4.3-upgrade-2.5.0-pg.sql
-
-  > this file is the Shenyu upgrade sql from v2.4.3 to v2.5.0
-
-- 2.5.0-upgrade-2.5.1-mysql.sql
-
-- 2.5.0-upgrade-2.5.1-oracle.sql
-
-- 2.5.0-upgrade-2.5.1-pg.sql
-
-  > this file is the Shenyu upgrade sql from v2.5.0 to v2.5.1
-
-- 2.5.1-upgrade-2.6.0-mysql.sql
-
-- 2.5.1-upgrade-2.6.0-oracle.sql
-
-- 2.5.1-upgrade-2.6.0-pg.sql
-
-  > this file is the Shenyu upgrade sql from v2.5.1 to v2.6.0
-
-- 2.6.0-upgrade-2.6.1-mysql.sql
-
-- 2.6.0-upgrade-2.6.1-og.sql
-
-- 2.6.0-upgrade-2.6.1-oracle.sql
-
-- 2.6.0-upgrade-2.6.1-pg.sql
-
-  > this file is the Shenyu upgrade sql from v2.6.0 to v2.6.1

shenyu-admin/src/main/resources/sql-script/h2/schema.sql

@@ -924,6 +924,8 @@ INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,
 INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1722804548510507030', '20', 'respHeaderUniqueStrategy', 'respHeaderUniqueStrategy', 2, 2, 3, '{"required":"0","rule":""}');
 INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1722804548510507031', '20', 'respUniqueHeaders', 'respUniqueHeaders', 2, 2, 4, '{"required":"0","rule":""}');
 
+INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1722804548510507032', '19', 'handleType', 'handleType', 2, 3, 1, '{"required":"0","rule":""}');
+
 /** insert resource for resource */
 INSERT IGNORE INTO `resource` (`id`, `parent_id`, `title`, `name`, `url`, `component`, `resource_type`, `sort`, `icon`, `is_leaf`, `is_route`, `perms`, `status`) VALUES('1346775491550474240','','SHENYU.MENU.PLUGIN.LIST','plug','/plug','PluginList','0','0','dashboard','0','0','','1');
 

shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java

@@ -17,11 +17,6 @@
 
 package org.apache.shenyu.plugin.jwt;
 
-import io.jsonwebtoken.Jwt;
-import io.jsonwebtoken.JwtParser;
-import io.jsonwebtoken.JwtParserBuilder;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.security.Keys;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shenyu.common.dto.RuleData;
 import org.apache.shenyu.common.dto.SelectorData;
@@ -34,11 +29,12 @@
 import org.apache.shenyu.plugin.base.AbstractShenyuPlugin;
 import org.apache.shenyu.plugin.base.utils.CacheKeyUtils;
 import org.apache.shenyu.plugin.jwt.config.JwtConfig;
-import org.apache.shenyu.plugin.jwt.exception.ThrowingFunction;
 import org.apache.shenyu.plugin.jwt.handle.JwtPluginDataHandler;
 import org.apache.shenyu.plugin.jwt.rule.JwtRuleHandle;
 import org.apache.shenyu.plugin.jwt.strategy.JwtConvertStrategy;
 import org.apache.shenyu.plugin.jwt.strategy.JwtConvertStrategyFactory;
+import org.apache.shenyu.plugin.jwt.strategy.JwtPayloadParseStrategy;
+import org.apache.shenyu.plugin.jwt.strategy.JwtPayloadParseStrategyFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
@@ -67,7 +63,7 @@ protected Mono<Void> doExecute(final ServerWebExchange exchange, final ShenyuPlu
         }
         // compatible processing
         String finalAuthorization = compatible(token, authorization);
-        Map<String, Object> jwtBody = checkAuthorization(finalAuthorization, jwtConfig.getSecretKey());
+        Map<String, Object> jwtBody = parseJwtPayload(finalAuthorization, jwtConfig);
         if (Objects.isNull(jwtBody)) {
             Object error = ShenyuResultWrap.error(exchange, ShenyuResultEnum.ERROR_TOKEN);
             return WebFluxResultUtils.result(exchange, error);
@@ -118,29 +114,18 @@ private boolean isAuth2(final String authorization) {
     }
 
     /**
-     * check Authorization.
+     * parse jwt payload.
      *
      * @param authorization the authorization after processing
-     * @param secretKey     secretKey of authorization
+     * @param jwtConfig     the jwt config
      * @return Map
      */
-    private Map<String, Object> checkAuthorization(final String authorization,
-                                                   final String secretKey) {
-
+    private Map<String, Object> parseJwtPayload(final String authorization,
+                                                final JwtConfig jwtConfig) {
         if (StringUtils.isEmpty(authorization)) {
             return null;
         }
-        JwtParserBuilder jwtParserBuilder = Jwts.parser();
-        JwtParser jwtParser = jwtParserBuilder.build();
-        if (jwtParser.isSigned(authorization)) {
-            jwtParserBuilder.verifyWith(Keys.hmacShaKeyFor(secretKey.getBytes()));
-            JwtParser jwtParserExec = jwtParserBuilder.build();
-            Jwt jwt = ThrowingFunction.wrap(() -> jwtParserExec.parse(authorization));
-            if (jwt == null) {
-                return null;
-            }
-            return (Map<String, Object>) jwt.getBody();
-        }
-        return null;
+        JwtPayloadParseStrategy payloadParseStrategy = JwtPayloadParseStrategyFactory.newInstance(jwtConfig.getHandleType());
+        return payloadParseStrategy.parse(jwtConfig.getSecretKey(), authorization);
     }
 }

shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/config/JwtConfig.java

@@ -29,6 +29,11 @@ public class JwtConfig implements Serializable {
      */
     private String secretKey;
 
+    /**
+     * private handleType.
+     */
+    private String handleType;
+
     /**
      * Gets secret key.
      *
@@ -47,4 +52,21 @@ public void setSecretKey(final String secretKey) {
         this.secretKey = secretKey;
     }
 
+    /**
+     * Gets handleType.
+     *
+     * @return jwt payload handle type
+     */
+    public String getHandleType() {
+        return handleType;
+    }
+
+    /**
+     * Sets handleType.
+     *
+     * @param handleType jwt payload handle type
+     */
+    public void setHandleType(final String handleType) {
+        this.handleType = handleType;
+    }
 }

shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/handle/JwtPluginDataHandler.java

@@ -45,16 +45,18 @@ public class JwtPluginDataHandler implements PluginDataHandler {
     public void handlerPlugin(final PluginData pluginData) {
         Map<String, String> configMap = GsonUtils.getInstance().toObjectMap(pluginData.getConfig(), String.class);
         String secretKey = Optional.ofNullable(configMap.get(Constants.SECRET_KEY)).orElse("");
+        String handleType = Optional.ofNullable(configMap.get("handleType")).orElse("default");
         JwtConfig jwtConfig = new JwtConfig();
         jwtConfig.setSecretKey(secretKey);
+        jwtConfig.setHandleType(handleType);
         Singleton.INST.single(JwtConfig.class, jwtConfig);
     }
-    
+
     @Override
     public void removeRule(final RuleData ruleData) {
         CACHED_HANDLE.get().removeHandle(CacheKeyUtils.INST.getKey(ruleData));
     }
-    
+
     @Override
     public void handlerRule(final RuleData ruleData) {
         Optional.ofNullable(ruleData.getHandle()).ifPresent(ruleHandle -> {

shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/strategy/DefaultJwtPayloadParseStrategy.java

@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shenyu.plugin.jwt.strategy;
+
+import io.jsonwebtoken.Jwt;
+import io.jsonwebtoken.JwtParser;
+import io.jsonwebtoken.JwtParserBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.apache.shenyu.plugin.jwt.exception.ThrowingFunction;
+import org.apache.shenyu.spi.Join;
+
+import java.util.Map;
+
+@Join
+public class DefaultJwtPayloadParseStrategy implements JwtPayloadParseStrategy {
+
+    @Override
+    public Map<String, Object> parse(final String secretKey, final String authorization) {
+        JwtParserBuilder jwtParserBuilder = Jwts.parser();
+        jwtParserBuilder.verifyWith(Keys.hmacShaKeyFor(secretKey.getBytes()));
+        JwtParser jwtParser = jwtParserBuilder.build();
+        if (jwtParser.isSigned(authorization)) {
+            Jwt jwt = ThrowingFunction.wrap(() -> jwtParser.parse(authorization));
+            return jwt == null ? null : (Map<String, Object>) jwt.getPayload();
+        }
+        return null;
+    }
+}