Spring Cloud Gateway and Security Certification

　　1.Spring Cloud Gateway Profile

　　Spring Cloud Spring Cloud Gateway is the official launch of the second generation gateway framework to replace the Zuul gateway. As the gateway traffic, in micro-services system has very role of the gateway routing and forwarding features are common, rights verification, current limit control and so on.

　　2. Create Project

　　In this paper we use the latest version of Spring Cloud "Finchley.SR2", note that the version corresponds Spring Boot is 2x. The official recommendation is: 2.0.6.RELEASE version.

　　Project into the parent package as follows:

　　org.springframework.boot

　　spring-boot-starter-parent

　　2.0.8.RELEASE

　　pom

　　import

　　org.springframework.cloud

　　spring-cloud-dependencies

　　Finchley.SR2

　　pom

　　import

　　org.mybatis.spring.boot

　　mybatis-spring-boot-starter

　　1.3.0

　　com.alibaba

　　dubbo

　　2.6.6

　　com.alibaba.spring

　　spring-context-support

　　1.0.2

　　org.apache.curator

　　curator-framework

　　4.0.1

　　org.apache.zookeeper

　　zookeeper

　　3.4.6

　　org.hibernate

　　hibernate-validator

　　6.0.9.Final

　　gateway gateway service to import the following jar:

　　org.springframework.cloud

　　spring-cloud-starter-gateway

　　org.springframework.boot

　　spring-boot-starter-test

　　test

　　org.springframework.boot

　　spring-boot-starter-aop

　　com.alibaba

　　dubbo

　　com.alibaba.spring

　　spring-context-support

　　org.apache.curator

　　curator-framework

　　org.apache.zookeeper

　　zookeeper

　　org.slf4j

　　slf4j-log4j12

　　Log4j

　　Log4j

　　com.uaf.credit

　　uaf-credit-api

　　org.springframework.boot

　　spring-boot-starter-web

　　Parent Project Management jar unified version of the package, the subproject will not have to add the jar corresponding version number

　　yml configure the gateway services are as follows:

　　server:

　　port: 8817

　　spring:

　　application:

　　name: uaf-credit-gateway

　　security:

　　user:

　　name: wxt

　　password: wxt2016

　　cloud:

　　gateway:

　　routes:

　　- id: credit-auth-route

　　uri: http://10.168.xx.xx:8820/credit-auth/v1

　　predicates:

　　- Path = / credit-auth / v1 / * # paths, the matching of all paths to a user request / credit-auth request beginning

　　logging:

　　config: classpath:logback.xml

　　3.Spring Cloud Gateway filters

　　Spring-Cloud-Gateway in the bag filter has the following three interfaces guitar, GatewayFilter, GlobalFilter, GatewayFilterChain, GlobalGilter global filter GatewayFilter interface gateway interface has filters defined in the same manner. Global filter is a series of special filters, applied to all the route according to the conditions. Gateway filters more granular filter, acting on the specified routes.

　　We can configure multiple GlobalFilter filters to configure the execution order of the filter specified by Priority getOrder () method.

　　@Component

　　public class RequestAuthFilter implements GlobalFilter, Ordered {

　　/**

　　* Mode request verification filter

　　* @param exchange

　　* @param chain

　　* @return reactor.core.publisher.Mono

　　* Author: will

　　* Date: 2019/4/4 14:46

　　*/

　　@Override

　　public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {

　　ServerHttpRequest serverHttpRequest = exchange.getRequest();

　　String method = serverHttpRequest.getMethodValue();

　　if(!"POST".equals(method)){

　　ServerHttpResponse response = exchange.getResponse();

　　. String message = new ResponseUtils () CreditRespMsg (CreditException.ERR_100008, "Illegal Request", null);

　　byte[] bits = message.getBytes(StandardCharsets.UTF_8);

　　DataBuffer buffer = response.bufferFactory().wrap(bits);

　　response.setStatusCode(HttpStatus.UNAUTHORIZED);

　　// specify the encoding, otherwise Chinese garbled in the browser

　　response.getHeaders().add("Content-Type", "text/plain;charset=UTF-8");

　　return response.writeWith(Mono.just(buffer));

　　}

　　return chain.filter(exchange);

　　}

　　/**

　　* priority

　　* @Return int The higher the number the lower the priority

　　* Author: will

　　* Date: 2019/4/4 13:36

　　*/

　　@Override

　　public int getOrder() {

　　return 0;

　　}

　　}

　　4.Spring boot Security Certification

　　Spring Security is committed to providing authentication and authorization management for Java applications. It is a powerful, highly customizable authentication and access control framework definition, this sentence includes two key words: Authentication (authentication) and Authorization (authorization, also known as Access Control).

　　Require secure authentication services need to import the following Jar:

　　org.springframework.boot

　　spring-boot-starter-security

　　yml configuration:

　　server:

　　port: 8820

　　servlet:

　　context-path: /credit-auth

　　spring:

　　application:

　　name: uaf-credit-auth

　　security:

　　user:

　　name: wxt

　　password: wxt2016

　　roles:

　　- USER

　　logging:

　　config: classpath:logback.xml

　　Next, configure the authentication type:

　　@Configuration

　　@EnableWebSecurity

　　public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

　　@Override

　　protected void configure(HttpSecurity http) throws Exception {

　　Before / ** means that all access must be an authentication process can be carried out properly * /

　　http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated();

　　/ ** All the Rest services must be set to no state, in order to enhance operational performance * /

　　http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

　　401 occurs when abnormal / ** * POST request to avoid off csrf /

　　http.csrf().disable();

　　http.authorizeRequests().antMatchers(org.springframework.http.HttpMethod.GET).permitAll();

　　}

　　}

　　There is a problem, if the request for service outside of our service requires Security certification, but our gateway should avoid the need for certification.

　　We implemented by way of GlobalFilter filters Gateway:

　　@Component

　　public class OAuthSignatureFilter implements GlobalFilter, Ordered {

　　/ ** * authorized to access the username /

　　@Value("${spring.security.user.name}")

　　private String securityUserName;

　　/ Password authorized access ** * /

　　@Value("${spring.security.user.password}")

　　private String securityUserPassword;

　　/**

　　* OAuth filter

　　* @param exchange

　　* @param chain

　　* @return reactor.core.publisher.Mono

　　* Author: will

　　* Date: 2019/4/4 13:36

　　*/

　　@Override

　　public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {

　　/ ** oauth authorization * /

　　String auth= securityUserName.concat(":").concat(securityUserPassword);

　　String encodedAuth = new sun.misc.BASE64Encoder().encode(auth.getBytes(Charset.forName("US-ASCII")));

　　// Note that there is a space behind the Basic

　　String authHeader= "Basic " +encodedAuth;

　　// put the authorization information to the headers in

　　ServerHttpRequest serverHttpRequest = exchange.getRequest().mutate().header("Authorization",authHeader).build();

　　// The request will now become the object change

　　ServerWebExchange build =exchange.mutate().request(serverHttpRequest).build();

　　return chain.filter(build);

　　}

　　/**

　　* priority

　　* @Return int The higher the number the lower the priority

　　* Author: will

　　* Date: 2019/4/4 13:36

　　*/

　　@Override

　　public int getOrder() {

　　return 2;

　　}

　　5. New Custom filter

　　gateway which can be customized ordinary filter, you can create a custom GlobalFilter, we implement a custom filter through inheritance AbstractGatewayFilterFactory.

　　yml add the following configuration:

　　spring:

　　application:

　　name: uaf-credit-gateway

　　security:

　　user:

　　name: wxt

　　password: wxt2016

　　cloud:

　　gateway:

　　routes:

　　- id: credit-auth-route

　　uri: http://10.168.xx.xx:8820/credit-auth/v1

　　predicates:

　　- Path = / credit-auth / v1 / * # paths, the matching of all paths to a user request / credit-auth request beginning

　　filters: Wuxi flow of the hospital http://xmobile.wxbhnk120.com/

　　- CreditFilter # attention consistent with the definition of the filter class name

　　CreditFilter.java new class, custom filter lower priority than GlobalFilter

　　@Configuration

　　public class CreditFilter extends AbstractGatewayFilterFactory {

　　public CreditFilter() {

　　super(Config.class);

　　}

　　@Override

　　public GatewayFilter apply(Config config) {

　　MySlf4j.textInfo ( "Credit into the custom filter");

　　return (exchange, chain) -> {

　　String jwtToken = exchange.getRequest().getHeaders().getFirst("Authorization");

　　// check the legality of jwtToken

　　if (jwtToken != null) {

　　// legal

　　// user id will be passed on as a parameter

　　return chain.filter(exchange);

　　}

　　// illegal (unregistered abnormal response)

　　ServerHttpResponse response = exchange.getResponse();

　　// set headers

　　HttpHeaders httpHeaders = response.getHeaders();

　　httpHeaders.add("Content-Type", "application/json; charset=UTF-8");

　　httpHeaders.add("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");

　　// set the body

　　String warningStr = "is not logged or login timeout";

　　DataBuffer bodyDataBuffer = response.bufferFactory().wrap(warningStr.getBytes());

　　return response.writeWith(Mono.just(bodyDataBuffer));

　　};

　　}

　　public static class Config {

　　}

　　@Bean

　　public CreditFilter creditFileterFactory() {

　　return new CreditFilter();

　　}

　　}

　　So far our Gateway and related authorization and authentication configured.