GitHub project code Address : https://github.com/yudiandemingzi/spring-cloud-study
First, check the permissions to build
Normal project development, rights verification could be considered in conjunction with JWT and springSecurity permissions check, the latter will summarize, here to be carried out a simple check permissions-based filtering ZuulFilter filter.
For components zuul in fact function with a certification authority, and that is ZuulFilter filter. ZuulFilter is Zuul core assembly, through the abstract class inheritance, override method achieves several key role custom scheduling request
Use the components include: Eureka, Feign, Zuul, including the following four items:
(1) Eureka-server: 7001 Registration Authority
(2) product-server: 8001 Goods Micro Services
(3) order-server: 9001 Order microService
(4) zuul-gateway: 6001 Zuul gateway
The basic configuration of four related services do not write me here, you can look at a few specific blog before, just write permissions LoginFilter class check here
1, LoginFilter class
/** * Log Filter
* plus Component remember the class notes */ @Component public class LoginFilter extends ZuulFilter { /** * The type of filter, pre-filter */ @Override public String filterType() { return PRE_TYPE; } /** * Filter Order, the smaller the first execution */ @Override public int filterOrder() { return 4; } /** * Filter is in effect * Returns true representatives need permission to check, false representatives do not need to check the user to access */ @Override public boolean shouldFilter() { // shared RequestContext, context object RequestContext requestContext = RequestContext.getCurrentContext(); HttpServletRequest request = requestContext.getRequest(); System.out.println(request.getRequestURI()); // need to check permissions URL if ("/apigateway/order/api/v1/order/save".equalsIgnoreCase(request.getRequestURI())) { return true; } else if ("/apigateway/order/api/v1/order/list".equalsIgnoreCase(request.getRequestURI())) { return true; } else if ("/apigateway/order/api/v1/order/find".equalsIgnoreCase(request.getRequestURI())) { return true; } return false; } /** * Business logic * Returns true only when the above, will enter into the process */ @Override public Object run() throws ZuulException { //JWT RequestContext requestContext = RequestContext.getCurrentContext(); HttpServletRequest request = requestContext.getRequest(); // token objects, it is possible to pass over in the request header, the parameters may also be passed over by the actual development of the first embodiment are generally the request String token = request.getHeader("token"); if (StringUtils.isBlank((token))) { token = request.getParameter("token"); } System.out.println ( "page came token values:" + token); // login validation logic if the token is null, directly returned to the client, the next step without interface calls if (StringUtils.isBlank(token)) { // filtered request, without routing it requestContext.setSendZuulResponse (false); // returns an error code requestContext.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value()); } return null; } }
2, the key explanation
(1) Method Description
filterType: filter types, divided into pre, error, post, route
filterOrder: filter execution order specified by the number, the smaller the number, the first order of execution
shouldFilter: filter if you need to perform true false execution is not performed
run: filter specific logic (above, this is particularly true for the execution logic)
(2) filter Type Description
filter before the request execution: pre
route: processing request, route
post: post-processing execution request is completed filter
error: filter executed when an error occurs
3, the test
First transfer request header and parameters not pass token, validation fails: Returns the status code 401
Incoming token parameter value at the time of
Look back output
Described by simulation verification, returns the user information.
Second, the interface limiting structures
Interface limiting can do nginx level current limit, current limit can also be done at the gateway level, limiting do here at the gateway level, based on the framework to do guava gateway limiting.
First the concept of guava carried out under the framework of the current limiting explain:
It means that substantially every request comes first to get token bucket, to get the release request token, if you set up a token 1000, to take over if, then transferred back to the request requires queuing interface new token to call the interface.
OrderRateLimiterFilter flow restricting filter class
/** * An order limiting Other * are the same as above, except run () is not the same logic */ @Component public class OrderRateLimiterFilter extends ZuulFilter { // 1000 generates tokens per second private static final RateLimiter RATE_LIMITER = RateLimiter.create(1000); @Override public String filterType() { return PRE_TYPE; } @Override public int filterOrder() { return -4; } @Override public boolean shouldFilter() { RequestContext requestContext = RequestContext.getCurrentContext(); HttpServletRequest request = requestContext.getRequest(); //只对订单接口限流 if ("/apigateway/order/api/v1/order/save".equalsIgnoreCase(request.getRequestURI())) { return true; } return false; } @Override public Object run() throws ZuulException { RequestContext requestContext = RequestContext.getCurrentContext(); //就相当于每调用一次tryAcquire()方法,令牌数量减1,当1000个用完后,那么后面进来的用户无法访问上面接口 //当然这里只写类上面一个接口,可以这么写,实际可以在这里要加一层接口判断。 if (!RATE_LIMITER.tryAcquire()) { requestContext.setSendZuulResponse(false); //HttpStatus.TOO_MANY_REQUESTS.value()里面有静态代码常量 requestContext.setResponseStatusCode(HttpStatus.TOO_MANY_REQUESTS.value()); } return null; } }
我只是偶尔安静下来,对过去的种种思忖一番。那些曾经的旧时光里即便有过天真愚钝,也不值得谴责。毕竟,往后的日子,还很长。不断鼓励自己,
At daybreak, but also a new starting point, but also the unknown journey (Col. 10)
Reprinted to: https://www.cnblogs.com/qdhxhz/p/9601170.html