网关:网络的关口,负责请求的路由、转发、身份校验
前端请求不能直接访问微服务,而是要请求网关:
-
网关可以做安全控制,也就是登录身份校验,校验通过才放行
-
通过认证后,网关再根据请求判断应该访问哪个微服务,将请求转发过去
网关路由
配置格式:
spring:cloud:getway:routes:- id: hmall-gatewayuri: lb://gatewaypredicates:- Path=/api/**- id: hmall-itemuri: lb://itempredicates:- Path=/api/items/**路由属性:
网关路由对应的Java类型是routeDefinition,其中常见的属性有:
- id:路由唯一标识
- uri:路由目标地址
- predicates:路由断言,判断请求是否符合当前路由
- filters:路由过滤器,对请求或响应做特俗处理
网关登录校验
在网关内进行JWT校验,在转发之前进行校验
自定义过滤器
网关过滤器有两种
- GatewayFillter:路由过滤器,作用于任意指定的路由;默认不生效,要配置到路由后生效
- GlobalFilter:全局过滤器,作用范围是所有路由;声明后自动生效。
两种过滤器的过滤方法签名完全一致
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;@Component
public class MyGlobalFilter implements GlobalFilter, Ordered {@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain){// TODO 模拟登录校验逻辑//1.获取请求ServerHttpRequest request = exchange.getRequest();//2.过滤器业务处理HttpHeaders headers = request.getHeaders();//获取请求头System.out.println("headers = "+headers);//放行return chain.filter(exchange);}@Overridepublic int getOrder() {//过滤器执行顺序,数值越小,优先级越高return 0;}
}
实现登录校验
自定义一个过滤器
package com.hmall.gateway.filters;import cn.hutool.core.text.AntPathMatcher;
import com.hmall.common.exception.UnauthorizedException;
import com.hmall.gateway.config.AuthProperties;
import com.hmall.gateway.utils.JwtTool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;import org.springframework.http.HttpStatus;import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;import java.util.List;@Component
public class AuthGlobalFilter implements GlobalFilter, Ordered {@Autowiredprivate AuthProperties authProperties;@Autowiredprivate JwtTool jwtTool;private final AntPathMatcher antPathMatcher = new AntPathMatcher();@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {//1.获取requestServerHttpRequest request = exchange.getRequest();//2.判断是否需要做登录拦截if(isExclude(request.getPath().toString())){return chain.filter(exchange);}//3.获取tokenString token = null;List<String> headers = request.getHeaders().get("authorization");if(headers != null && !headers.isEmpty()){token = headers.get(0);}//4.校验并解析tokenLong userId = null;try {userId = jwtTool.parseToken(token);}catch(UnauthorizedException e){//拦截,设置响应状态码ServerHttpResponse response = exchange.getResponse();response.setStatusCode(HttpStatus.UNAUTHORIZED);return response.setComplete();}//5.传递用户信息System.out.println("userId:=" + userId);//6.放行return chain.filter(exchange);}private boolean isExclude(String path){for(String excludePath : authProperties.getExcludePaths()){if(antPathMatcher.match(excludePath, path)){return true;}}return false;}@Overridepublic int getOrder() {return 0;}
}
网关传递用户
1.在网关的登录校验过滤器中,把获取到的用户写入请求头
//传递用户信息String userInfo = userId.toString();ServerWebExchange swe = exchange.mutate().request(builder -> builder.header("user-info", userInfo)).build();2.在common中编写SpringMVC拦截器,获取登录用户
OpenFeign传递用户
