feat: Add comprehensive HTTP client authentication support

Implement @requestauth annotation with multi-level authentication support for
HTTP client proxy interfaces. The new authentication system supports Bearer tokens,
Basic auth, API keys, and custom authentication providers.

Key Features:
- @requestauth annotation with support for interface, method, and parameter levels
- Multiple auth types: BEARER, BASIC, API_KEY, CUSTOM
- Static configuration and dynamic AuthProvider support
- Flexible parameter locations: HEADER, QUERY, COOKIE
- Priority system: parameter > method > interface level
- Seamless integration with existing Authorization system

Implementation:
- AuthType enum defining supported authentication types
- AuthProvider interface for dynamic authentication
- RequestAuthResolver for annotation parsing
- AuthDestinationSetter for request building integration
- StaticAuthApplier for class/method level static auth
- Extended AnnotationParser to handle multi-level auth annotations

Examples and Tests:
- TestAuthClient demonstrating various auth scenarios
- AuthProvider examples: DynamicTokenProvider, ApiKeyProvider, CustomSignatureProvider
- Server-side TestAuthServerController for auth validation
- Comprehensive unit tests for resolver and setter components
- Updated TestClientController with auth testing endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: CodeCasterX

.gitignore

@@ -7,4 +7,7 @@
 
 # Common
 target/
-build/
+build/
+
+# Claude Code local settings
+.claude/settings.local.json

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/auth/ApiKeyProvider.java

@@ -0,0 +1,30 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  This file is a part of the ModelEngine Project.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+package modelengine.fit.example.auth;
+
+import modelengine.fit.http.client.proxy.Authorization;
+import modelengine.fit.http.client.proxy.auth.AuthProvider;
+import modelengine.fit.http.server.handler.Source;
+import modelengine.fitframework.annotation.Component;
+
+/**
+ * API Key提供器示例。
+ * 提供动态的API Key鉴权。
+ *
+ * @author 季聿阶
+ * @since 2025-01-01
+ */
+@Component
+public class ApiKeyProvider implements AuthProvider {
+
+    @Override
+    public Authorization provide() {
+        // 模拟从配置或环境变量获取API Key
+        String apiKey = "api-key-" + System.currentTimeMillis();
+        return Authorization.createApiKey("X-API-Key", apiKey, Source.HEADER);
+    }
+}

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/auth/CustomSignatureProvider.java

@@ -0,0 +1,77 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  This file is a part of the ModelEngine Project.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+package modelengine.fit.example.auth;
+
+import modelengine.fit.http.client.proxy.Authorization;
+import modelengine.fit.http.client.proxy.RequestBuilder;
+import modelengine.fit.http.client.proxy.auth.AuthProvider;
+import modelengine.fitframework.annotation.Component;
+import modelengine.fitframework.util.StringUtils;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * 自定义签名鉴权提供器示例。
+ * 演示如何实现复杂的自定义鉴权逻辑，如签名算法。
+ *
+ * @author 季聿阶
+ * @since 2025-01-01
+ */
+@Component
+public class CustomSignatureProvider implements AuthProvider {
+
+    @Override
+    public Authorization provide() {
+        return new CustomSignatureAuthorization();
+    }
+
+    /**
+     * 自定义签名鉴权实现。
+     * 在每次请求时生成时间戳和签名。
+     */
+    private static class CustomSignatureAuthorization implements Authorization {
+        private static final String SECRET_KEY = "my-secret-key";
+
+        @Override
+        public void set(String key, Object value) {
+            // 自定义鉴权不需要外部设置参数
+        }
+
+        @Override
+        public void assemble(RequestBuilder builder) {
+            String timestamp = String.valueOf(System.currentTimeMillis());
+            String signature = generateSignature(timestamp);
+
+            builder.header("X-Timestamp", timestamp);
+            builder.header("X-Signature", signature);
+            builder.header("X-App-Id", "fit-example-app");
+        }
+
+        private String generateSignature(String timestamp) {
+            try {
+                String data = timestamp + SECRET_KEY;
+                MessageDigest digest = MessageDigest.getInstance("SHA-256");
+                byte[] hash = digest.digest(data.getBytes(StandardCharsets.UTF_8));
+
+                // 简单的十六进制转换
+                StringBuilder hexString = new StringBuilder();
+                for (byte b : hash) {
+                    String hex = Integer.toHexString(0xff & b);
+                    if (hex.length() == 1) {
+                        hexString.append('0');
+                    }
+                    hexString.append(hex);
+                }
+                return hexString.toString();
+            } catch (NoSuchAlgorithmException e) {
+                throw new RuntimeException("Failed to generate signature", e);
+            }
+        }
+    }
+}

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/auth/DynamicTokenProvider.java

@@ -0,0 +1,29 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  This file is a part of the ModelEngine Project.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+package modelengine.fit.example.auth;
+
+import modelengine.fit.http.client.proxy.Authorization;
+import modelengine.fit.http.client.proxy.auth.AuthProvider;
+import modelengine.fitframework.annotation.Component;
+
+/**
+ * 动态Token提供器示例。
+ * 模拟从某个Token管理器获取动态Token的场景。
+ *
+ * @author 季聿阶
+ * @since 2025-01-01
+ */
+@Component
+public class DynamicTokenProvider implements AuthProvider {
+
+    @Override
+    public Authorization provide() {
+        // 模拟动态获取token
+        String dynamicToken = "dynamic-token-" + System.currentTimeMillis();
+        return Authorization.createBearer(dynamicToken);
+    }
+}

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/client/TestAuthClient.java

@@ -0,0 +1,91 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  This file is a part of the ModelEngine Project.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+package modelengine.fit.example.client;
+
+import modelengine.fit.example.auth.ApiKeyProvider;
+import modelengine.fit.example.auth.CustomSignatureProvider;
+import modelengine.fit.example.auth.DynamicTokenProvider;
+import modelengine.fit.http.annotation.GetMapping;
+import modelengine.fit.http.annotation.HttpProxy;
+import modelengine.fit.http.annotation.RequestAddress;
+import modelengine.fit.http.annotation.RequestAuth;
+import modelengine.fit.http.annotation.RequestMapping;
+import modelengine.fit.http.client.proxy.auth.AuthType;
+import modelengine.fit.http.server.handler.Source;
+
+/**
+ * 鉴权测试客户端实现。
+ * 演示各种@RequestAuth注解的使用方式。
+ *
+ * @author 季聿阶
+ * @since 2025-01-01
+ */
+@HttpProxy
+@RequestAddress(protocol = "http", host = "localhost", port = "8080")
+@RequestMapping(path = "/http-server/auth")
+// 接口级别的默认鉴权：API Key
+@RequestAuth(type = AuthType.API_KEY, name = "X-Service-Key", value = "service-default-key")
+public interface TestAuthClient extends TestAuthInterface {
+
+    @Override
+    @GetMapping(path = "/bearer-static")
+    // 方法级别覆盖：使用Bearer Token
+    @RequestAuth(type = AuthType.BEARER, value = "static-bearer-token-12345")
+    String testBearerStatic();
+
+    @Override
+    @GetMapping(path = "/bearer-dynamic")
+    // 方法级别覆盖：使用参数驱动的Bearer Token
+    String testBearerDynamic(@RequestAuth(type = AuthType.BEARER) String token);
+
+    @Override
+    @GetMapping(path = "/basic-static")
+    // 方法级别覆盖：使用Basic Auth
+    @RequestAuth(type = AuthType.BASIC, username = "admin", password = "secret123")
+    String testBasicStatic();
+
+    @Override
+    @GetMapping(path = "/apikey-header-static")
+    // 方法级别覆盖：API Key在Header中
+    @RequestAuth(type = AuthType.API_KEY, name = "X-API-Key", value = "static-api-key-67890")
+    String testApiKeyHeaderStatic();
+
+    @Override
+    @GetMapping(path = "/apikey-query-static")
+    // 方法级别覆盖：API Key在Query参数中
+    @RequestAuth(type = AuthType.API_KEY, name = "api_key", value = "query-api-key-111", location = Source.QUERY)
+    String testApiKeyQueryStatic();
+
+    @Override
+    @GetMapping(path = "/apikey-dynamic")
+    // 参数驱动的API Key
+    String testApiKeyDynamic(@RequestAuth(type = AuthType.API_KEY, name = "X-Dynamic-Key") String apiKey);
+
+    @Override
+    @GetMapping(path = "/dynamic-provider")
+    // 方法级别覆盖：使用动态Token Provider
+    @RequestAuth(type = AuthType.BEARER, provider = DynamicTokenProvider.class)
+    String testDynamicProvider();
+
+    @Override
+    @GetMapping(path = "/custom-provider")
+    // 方法级别覆盖：使用自定义签名Provider
+    @RequestAuth(type = AuthType.CUSTOM, provider = CustomSignatureProvider.class)
+    String testCustomProvider();
+
+    @Override
+    @GetMapping(path = "/method-override")
+    // 方法级别覆盖：使用API Key Provider
+    @RequestAuth(type = AuthType.API_KEY, provider = ApiKeyProvider.class)
+    String testMethodOverride();
+
+    @Override
+    @GetMapping(path = "/combined-auth")
+    // 组合鉴权：服务级API Key + 用户Token
+    @RequestAuth(type = AuthType.BEARER, provider = DynamicTokenProvider.class)
+    String testCombinedAuth(@RequestAuth(type = AuthType.API_KEY, name = "X-User-Context") String userToken);
+}

examples/fit-example/07-http-client-proxy/plugin-http-client/src/main/java/modelengine/fit/example/client/TestAuthInterface.java

@@ -0,0 +1,89 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  This file is a part of the ModelEngine Project.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+package modelengine.fit.example.client;
+
+/**
+ * 鉴权测试接口定义。
+ * 包含各种鉴权场景的测试方法。
+ *
+ * @author 季聿阶
+ * @since 2025-01-01
+ */
+public interface TestAuthInterface {
+    /**
+     * 测试Bearer Token静态鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testBearerStatic();
+
+    /**
+     * 测试Bearer Token参数驱动鉴权。
+     *
+     * @param token Bearer Token
+     * @return 鉴权测试结果
+     */
+    String testBearerDynamic(String token);
+
+    /**
+     * 测试Basic Auth静态鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testBasicStatic();
+
+    /**
+     * 测试API Key Header静态鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testApiKeyHeaderStatic();
+
+    /**
+     * 测试API Key Query参数静态鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testApiKeyQueryStatic();
+
+    /**
+     * 测试API Key参数驱动鉴权。
+     *
+     * @param apiKey API Key值
+     * @return 鉴权测试结果
+     */
+    String testApiKeyDynamic(String apiKey);
+
+    /**
+     * 测试动态Provider鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testDynamicProvider();
+
+    /**
+     * 测试自定义签名Provider鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testCustomProvider();
+
+    /**
+     * 测试方法级别覆盖接口级别鉴权。
+     *
+     * @return 鉴权测试结果
+     */
+    String testMethodOverride();
+
+    /**
+     * 测试多种鉴权组合（虽然我们说不支持多重鉴权，但可能有组合场景）。
+     *
+     * @param userToken 用户Token
+     * @return 鉴权测试结果
+     */
+    String testCombinedAuth(String userToken);
+}