[fit] Add comprehensive HTTP client authentication support with @RequestAuth annotation

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/client/TestAuthClient.java

@@ -27,86 +27,105 @@
 @HttpProxy
 @RequestAddress(protocol = "http", host = "localhost", port = "8080")
 @RequestMapping(path = "/http-server/auth")
-/**
- * 接口级别的默认鉴权：API Key
- */
 @RequestAuth(type = AuthType.API_KEY, name = "X-Service-Key", value = "service-default-key")
 public interface TestAuthClient extends TestAuthInterface {
-    @Override
-    @GetMapping(path = "/bearer-static")
     /**
      * 方法级别覆盖：使用 Bearer Token
      */
+    @Override
+    @GetMapping(path = "/bearer-static")
     @RequestAuth(type = AuthType.BEARER, value = "static-bearer-token-12345")
     String testBearerStatic();
 
-    @Override
-    @GetMapping(path = "/bearer-dynamic")
     /**
      * 方法级别覆盖：使用参数驱动的 Bearer Token
      */
+    @Override
+    @GetMapping(path = "/bearer-dynamic")
     String testBearerDynamic(@RequestAuth(type = AuthType.BEARER) String token);
 
-    @Override
-    @GetMapping(path = "/basic-static")
     /**
      * 方法级别覆盖：使用 Basic Auth
      */
+    @Override
+    @GetMapping(path = "/basic-static")
     @RequestAuth(type = AuthType.BASIC, username = "admin", password = "secret123")
     String testBasicStatic();
 
-    @Override
-    @GetMapping(path = "/apikey-header-static")
     /**
      * 方法级别覆盖：API Key 在 Header 中
      */
+    @Override
+    @GetMapping(path = "/apikey-header-static")
     @RequestAuth(type = AuthType.API_KEY, name = "X-API-Key", value = "static-api-key-67890")
     String testApiKeyHeaderStatic();
 
-    @Override
-    @GetMapping(path = "/apikey-query-static")
     /**
      * 方法级别覆盖：API Key 在 Query 参数中
      */
+
+    @Override
+    @GetMapping(path = "/apikey-query-static")
     @RequestAuth(type = AuthType.API_KEY, name = "api_key", value = "query-api-key-111", location = Source.QUERY)
     String testApiKeyQueryStatic();
 
-    @Override
-    @GetMapping(path = "/apikey-dynamic")
     /**
      * 参数驱动的 API Key
      */
+    @Override
+    @GetMapping(path = "/apikey-dynamic")
     String testApiKeyDynamic(@RequestAuth(type = AuthType.API_KEY, name = "X-Dynamic-Key") String apiKey);
 
-    @Override
-    @GetMapping(path = "/dynamic-provider")
     /**
      * 方法级别覆盖：使用动态 Token Provider
      */
+    @Override
+    @GetMapping(path = "/dynamic-provider")
     @RequestAuth(type = AuthType.BEARER, provider = DynamicTokenProvider.class)
     String testDynamicProvider();
 
-    @Override
-    @GetMapping(path = "/custom-provider")
     /**
      * 方法级别覆盖：使用自定义签名 Provider
      */
+    @Override
+    @GetMapping(path = "/custom-provider")
     @RequestAuth(type = AuthType.CUSTOM, provider = CustomSignatureProvider.class)
     String testCustomProvider();
 
-    @Override
-    @GetMapping(path = "/method-override")
     /**
      * 方法级别覆盖：使用 API Key Provider
      */
+    @Override
+    @GetMapping(path = "/method-override")
     @RequestAuth(type = AuthType.API_KEY, provider = ApiKeyProvider.class)
     String testMethodOverride();
 
-    @Override
-    @GetMapping(path = "/combined-auth")
     /**
      * 组合鉴权：服务级 API Key + 用户 Token
      */
+    @Override
+    @GetMapping(path = "/combined-auth")
     @RequestAuth(type = AuthType.BEARER, provider = DynamicTokenProvider.class)
     String testCombinedAuth(@RequestAuth(type = AuthType.API_KEY, name = "X-User-Context") String userToken);
+
+    /**
+     * 参数级别的 Basic Auth - 使用参数覆盖静态配置的 username
+     * <p>演示：方法级别提供完整的 BASIC 认证（username + password），
+     * 参数级别动态覆盖 username 字段（不指定 name 时默认更新 username）</p>
+     */
+    @Override
+    @GetMapping(path = "/basic-dynamic-username")
+    @RequestAuth(type = AuthType.BASIC, username = "static-user", password = "static-password")
+    String testBasicDynamicUsername(@RequestAuth(type = AuthType.BASIC) String username);
+
+    /**
+     * 参数级别的 Basic Auth - 使用参数分别覆盖 username 和 password
+     * <p>演示：方法级别提供完整的 BASIC 认证作为基础，
+     * 参数级别使用 name 属性明确指定要覆盖的字段（username 或 password）</p>
+     */
+    @Override
+    @GetMapping(path = "/basic-dynamic-both")
+    @RequestAuth(type = AuthType.BASIC, username = "base-user", password = "base-password")
+    String testBasicDynamicBoth(@RequestAuth(type = AuthType.BASIC, name = "username") String username,
+            @RequestAuth(type = AuthType.BASIC, name = "password") String password);
 }

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/client/TestAuthInterface.java

@@ -86,4 +86,21 @@ public interface TestAuthInterface {
      * @return 鉴权测试结果
      */
     String testCombinedAuth(String userToken);
+
+    /**
+     * 测试参数级别的 Basic Auth - 单参数更新 username（向后兼容）。
+     *
+     * @param username 用户名
+     * @return 鉴权测试结果
+     */
+    String testBasicDynamicUsername(String username);
+
+    /**
+     * 测试参数级别的 Basic Auth - 双参数分别更新 username 和 password。
+     *
+     * @param username 用户名
+     * @param password 密码
+     * @return 鉴权测试结果
+     */
+    String testBasicDynamicBoth(String username, String password);
 }

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/controller/TestClientController.java

@@ -104,14 +104,21 @@ public Object test(@RequestQuery("type") String type, @RequestQuery("method") St
      */
     @GetMapping(path = "/auth-test")
     public Object authTest(@RequestQuery("method") String method,
-                          @RequestQuery(value = "token", required = false) String token) {
+            @RequestQuery(value = "token", required = false) String token,
+            @RequestQuery(value = "username", required = false) String username,
+            @RequestQuery(value = "password", required = false) String password) {
         switch (method) {
             case "bearerStatic":
                 return authClient.testBearerStatic();
             case "bearerDynamic":
                 return authClient.testBearerDynamic(token != null ? token : "dynamic-test-token");
             case "basicStatic":
                 return authClient.testBasicStatic();
+            case "basicDynamicUsername":
+                return authClient.testBasicDynamicUsername(username != null ? username : "testuser");
+            case "basicDynamicBoth":
+                return authClient.testBasicDynamicBoth(username != null ? username : "testuser",
+                        password != null ? password : "testpass");
             case "apiKeyHeaderStatic":
                 return authClient.testApiKeyHeaderStatic();
             case "apiKeyQueryStatic":

examples/fit-example/07-http-client-proxy/plugin-http-server/src/main/java/modelengine/fit/example/controller/TestAuthServerController.java

@@ -106,4 +106,14 @@ public String testCombinedAuth(@RequestHeader(name = "Authorization") String aut
         }
         return result;
     }
+
+    @GetMapping(path = "/basic-dynamic-username")
+    public String testBasicDynamicUsername(@RequestHeader(name = "Authorization") String authorization) {
+        return "Basic Dynamic Username: " + authorization;
+    }
+
+    @GetMapping(path = "/basic-dynamic-both")
+    public String testBasicDynamicBoth(@RequestHeader(name = "Authorization") String authorization) {
+        return "Basic Dynamic Both: " + authorization;
+    }
 }

examples/fit-example/07-http-client-proxy/run_tests.sh

@@ -174,6 +174,18 @@ run_basic_tests() {
     run_test "Basic Static Auth" \
         "curl -s --max-time $TIMEOUT -X GET \"$BASE_URL/basic-static\" -H \"Authorization: Basic YWRtaW46c2VjcmV0MTIz\" -H \"X-Service-Key: service-default-key\"" \
         "Basic Static Auth: Basic YWRtaW46c2VjcmV0MTIz"
+
+    # testuser:static-password 的 base64 编码 (dGVzdHVzZXI6c3RhdGljLXBhc3N3b3Jk)
+    # 参数覆盖 username: testuser，保留方法级别的 password: static-password
+    run_test "Basic Dynamic Username" \
+        "curl -s --max-time $TIMEOUT -X GET \"$BASE_URL/basic-dynamic-username\" -H \"Authorization: Basic dGVzdHVzZXI6c3RhdGljLXBhc3N3b3Jk\"" \
+        "Basic Dynamic Username: Basic dGVzdHVzZXI6c3RhdGljLXBhc3N3b3Jk"
+
+    # testuser:testpass 的 base64 编码 (dGVzdHVzZXI6dGVzdHBhc3M=)
+    # 参数分别覆盖 username 和 password
+    run_test "Basic Dynamic Both" \
+        "curl -s --max-time $TIMEOUT -X GET \"$BASE_URL/basic-dynamic-both\" -H \"Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=\"" \
+        "Basic Dynamic Both: Basic dGVzdHVzZXI6dGVzdHBhc3M="
 }
 
 # API Key 测试

framework/fit/java/fit-builtin/plugins/fit-client-http/src/main/java/modelengine/fit/client/http/support/HttpProxyCreator.java

@@ -67,7 +67,7 @@ public void onBeanContainerInitialized(BeanContainer container) {
         }
         List<Class<?>> classes = this.scan(container, packages);
         for (Class<?> clazz : classes) {
-            AnnotationParser annotationParser = new AnnotationParser(this.valueFetcher);
+            AnnotationParser annotationParser = new AnnotationParser(this.valueFetcher, container);
             Map<Method, HttpInfo> httpInfoMap = annotationParser.parseInterface(clazz);
             // Scan all interfaces, create proxy objects for each, and register them in the container.
             container.registry()