微服务怎么保证 cookie共享

因为微服务 与 微服务 之间 有安全级别
Zuul内部有默认的过滤器,会对请求和响应头信息进行重组,过滤掉敏感的头信息:
那么我们现在 不想丢失这些敏感信息,我们必须加入一个配制,让其跳过对头部敏感信息的初始化.
我们只需要在其yml配置文件中 zuul网关下加入以下配置

zuul:
  prefix: /api
  routes:
    demo-service: /demo/** 
  sensitive-headers: #覆盖敏感信息  允许cookie 通过网关   加入这句 

看下源码: PreDecorationFilter.java

 public Object run() {
     
 		//获取上下文对象
        RequestContext ctx = RequestContext.getCurrentContext();
        String requestURI = this.urlPathHelper.getPathWithinApplication(ctx.getRequest());
        Route route = this.routeLocator.getMatchingRoute(requestURI);
        String location;
        if (route != null) {
     
            location = route.getLocation();
            if (location != null) {
     
                ctx.put("requestURI", route.getPath());
                ctx.put("proxy", route.getId());

				//关注点  如果配置走第一条  不初始化头部信息
				//  会调用 private ZuulProperties properties; 其中 里面封装了 
				//private Set sensitiveHeaders = 
				//                   new LinkedHashSet(Arrays.asList("Cookie", "Set-Cookie", "Authorization"));
				//就能获取到 cookie 中的属性
                if (!route.isCustomSensitiveHeaders()) {
     
                    this.proxyRequestHelper.addIgnoredHeaders((String[])this.properties.getSensitiveHeaders().toArray(new String[0]));
                } else {
     
                //不配置 走这一条  相当于 初始化头部信息
                //会调用  Route route = this.routeLocator.getMatchingRoute(requestURI);
                //其中里面有一个 private Set sensitiveHeaders;  通过构造new 了一个 空集合 获取不到  上下文中的cookie
                    this.proxyRequestHelper.addIgnoredHeaders((String[])route.getSensitiveHeaders().toArray(new String[0]));
                }

                if (route.getRetryable() != null) {
     
                    ctx.put("retryable", route.getRetryable());
                }

                if (!location.startsWith("http:") && !location.startsWith("https:")) {
     
                    if (location.startsWith("forward:")) {
     
                        ctx.set("forward.to", StringUtils.cleanPath(location.substring("forward:".length()) + route.getPath()));
                        ctx.setRouteHost((URL)null);
                        return null;
                    }

                    ctx.set("serviceId", location);
                    ctx.setRouteHost((URL)null);
                    ctx.addOriginResponseHeader("X-Zuul-ServiceId", location);
                } else {
     
                    ctx.setRouteHost(this.getUrl(location));
                    ctx.addOriginResponseHeader("X-Zuul-Service", location);
                }

                if (this.properties.isAddProxyHeaders()) {
     
                    this.addProxyHeaders(ctx, route);
                    String xforwardedfor = ctx.getRequest().getHeader("X-Forwarded-For");
                    String remoteAddr = ctx.getRequest().getRemoteAddr();
                    if (xforwardedfor == null) {
     
                        xforwardedfor = remoteAddr;
                    } else if (!xforwardedfor.contains(remoteAddr)) {
     
                        xforwardedfor = xforwardedfor + ", " + remoteAddr;
                    }

                    ctx.addZuulRequestHeader("X-Forwarded-For", xforwardedfor);
                }

                if (this.properties.isAddHostHeader()) {
     
                    ctx.addZuulRequestHeader("Host", this.toHostHeader(ctx.getRequest()));
                }
            }
        } else {
     
            log.warn("No route found for uri: " + requestURI);
            location = this.getForwardUri(requestURI);
            ctx.set("forward.to", location);
        }

        return null;
    }

这就是设置 这个的源码 有兴趣的同学 可以自行翻阅

你可能感兴趣的:(java)