溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

spring-cloud中zuul自定義service級(jí)別,api級(jí)別的路由白名單

發(fā)布時(shí)間:2020-08-18 18:59:47 來(lái)源:網(wǎng)絡(luò) 閱讀:14458 作者:思緒到處飛 欄目:建站服務(wù)器

主要實(shí)現(xiàn)對(duì)在白名單中的service級(jí)別或者api級(jí)別的網(wǎng)關(guān)路由。

一.service和api級(jí)別的路由

1.service級(jí)別的網(wǎng)關(guān)路由

public class ServiceIdWhiteTableRouteLocator extends DiscoveryClientRouteLocator {
    ...
    //主要重寫(xiě)該方法,在調(diào)用完super的locateRoutes后再與白名單列表比較,提取出交集
    @Override
    protected LinkedHashMap<String, ZuulProperties.ZuulRoute> locateRoutes() {

        LinkedHashMap<String, ZuulProperties.ZuulRoute> routeMaps = super.locateRoutes();
        LinkedHashMap<String, ZuulProperties.ZuulRoute> whiteRouteMaps = new LinkedHashMap<>();
        routeMaps.forEach((k, v) -> {
            if (PatternMatchUtils.simpleMatch(whites, v.getServiceId())) {

                whiteRouteMaps.put(k, v);
            }

        });

        for (ZuulProperties.ZuulRoute route : this.properties.getRoutes().values()) {
            whiteRouteMaps.put(route.getPath(), route);
        }
        return whiteRouteMaps;
    }

    ...
}

2.api級(jí)別的網(wǎng)關(guān)路由

public class PathWhiteTableHandleMapping extends ZuulHandlerMapping {
   ...
   //主要重寫(xiě)該方法,在原有的ZuulHandlerMapping基礎(chǔ)上添加判斷是否在白名單的邏輯
    @Override
    protected Object lookupHandler(String urlPath, HttpServletRequest request) throws Exception {
        if (this.errorController != null && urlPath.equals(this.errorController.getErrorPath())) {
            return null;
        }
        if (isIgnoredPath(urlPath, this.routeLocator.getIgnoredPaths())) return null;
        /**
         * 檢查是否在白名單中,不在白名單中的不路由
         */
        if (!isInPathWhiteTables(urlPath, this.pathWhites)) return null;

        RequestContext ctx = RequestContext.getCurrentContext();
        if (ctx.containsKey("forward.to")) {
            return null;
        }
        if (this.dirty) {
            synchronized (this) {
                if (this.dirty) {
                    registerHandlers();
                    this.dirty = false;
                }
            }
        }
        return super.lookupHandler(urlPath, request);
    }

      private boolean isInPathWhiteTables(String urlPath, Collection<String> pathWhites) {
        for (String whitePath : pathWhites) {
            if (this.pathMatcher.match(whitePath, urlPath)) {
                return true;
            }
        }
        return false;
    }

     public void setPathWhiteTables(Collection<String> whites) {
        this.pathWhites = whites;
    }
   ...
}

二.config配置

1.首先卸載zuul自帶的auto config.

@SpringBootApplication(exclude = ZuulProxyAutoConfiguration.class)<br/>

2.需要全量copy三個(gè)類

org.springframework.cloud.netflix.zuul.RibbonCommandFactoryConfiguration

org.springframework.cloud.netflix.zuul.ZuulProxyAutoConfiguration

org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration

然后修改ZuulServerAutoConfiguration中的zuulHandlerMapping的bean注冊(cè):


   @Bean(value = "discoveryRouteLocator")
    public DiscoveryClientRouteLocator discoveryClientRouteLocator(ServerProperties server, DiscoveryClient discovery) {
        //service白名單注入點(diǎn)
        return new ServiceIdWhiteTableRouteLocator(server.getServlet().getServletPrefix(), discovery, this.zuulProperties, whiteRouteProperties.getWhiteServices());
    }

    @Bean(value = "zuulHandlerMapping")
    public ZuulHandlerMapping zuulHandlerMapping(RouteLocator routes) {
        PathWhiteTableHandleMapping mapping = new PathWhiteTableHandleMapping(routes, zuulController());
        mapping.setErrorController(this.errorController);
        //路徑白名單注入點(diǎn)
        mapping.setPathWhiteTables(whiteRouteProperties.getWhitePaths());
        return mapping;
    }

其中WhiteRouteProperties是一個(gè)裝載配置屬性的屬性類,自己定義即可。ZuulProxyAutoConfiguration需要修改其父類為上述的ZuulServerAutoConfigurationn。

三. 配置文件配置

主要是在application.yaml文件中增加:

zuul:
  #控制service級(jí)別白名單(list)
  white-services:
        - 'hello-server'
  #控制api級(jí)別白名單(list)
  white-paths:
        - '/hello/world'
  routes:
    - url: hello-server
      path: /hello/**
  #默認(rèn)全部不路由
  ignored-services: '*'

上述配置可以實(shí)現(xiàn)將/hello/**該pattern請(qǐng)求路由到hello-server上,由于默認(rèn)設(shè)置全部不路由,通過(guò)zuul.routes加進(jìn)去(看源碼實(shí)現(xiàn)),然后由于設(shè)置了白名單功能,需要在white-services上加上hello-server,而white-paths主要是控制白名單中的某個(gè)service中具體的哪個(gè)api可以被路由,如上可知是僅有/hello/world可以被路由處理。

這樣就實(shí)現(xiàn)了多維度的白名單路由處理。

如有不足,請(qǐng)不吝賜教。

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI