SpringCloud学习笔记-服务网关-Zuul-权限控制

可以在Zuul的前置过滤器中添加权限控制。

添加 redis 操作工具依赖

		
			org.springframework.boot
			spring-boot-starter-data-redis
		

package com.hx.apigeteway.filter;

import com.hx.apigeteway.utils.CookieUtil;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;

/**
 * 权限校验
 */
@Component
public class AuthFilter extends ZuulFilter {

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public String filterType() {  //过滤器类型  属于前缀
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {  //过滤器顺序  数字越小越靠前
        return PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public boolean shouldFilter() {  // 设置为true  代表这个过滤器是否生效
        return true;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext requestContext=RequestContext.getCurrentContext();
        HttpServletRequest request = requestContext.getRequest();
        /**
         * /order/create  只能买家访问（cookie里有openid）
         * /order/finish  只能买家访问(cookie里面有token,redis里面有值)
         * /product/list   都可访问
         */
        if("/order/order/create".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "openid");
            if(null==cookie||StringUtils.isEmpty(cookie.getValue())){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }
        if("/order/order/finish".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "token");
            if(null==cookie
                    ||StringUtils.isEmpty(cookie.getValue())
                    ||StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format("token_%s",cookie.getValue())))){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }
        return null;
    }
}

这样就能过滤这2个特别要求的url的权限控制。

不过还需要修改配置文件。

server:
  port: 8096
zuul:
# 全部服务都忽略敏感头（全部服务都可以使用cookie）
  sensitive-headers: 
  routes:
    aaa:
      path: /myPruduct/**
      serviceId: product
#    不拦截请求头  
      sensitiveHeaders:
#    简单配置     
#    product: /myPruduct/**
#    排除某些路由,让外面访问不到这些。此处是正则表达 
  ignored-patterns:
    - /**/product/listForOrder

management:
  endpoints:
    web:
      exposure:
        exclude: env,beans
    jmx:
      exposure:
        include: health,info
spring:
  redis:
    host: localhost
    port: 6379

添加 zuul.sensitive-headers:  可以忽略请求头的数据。

下面的是一个cookie的工具类

package com.hx.apigeteway.utils;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CookieUtil {

    /**
     * 设置cookie
     *
     * @param response   请求响应
     * @param name       cookie 名
     * @param value      cookie 值
     * @param maxAge     有效时间、毫秒
     */
    public static void set(HttpServletResponse response, String name, String value, int maxAge) {
        Cookie cookie = new Cookie(name, value);
        cookie.setPath("/");
        cookie.setMaxAge(maxAge);
        response.addCookie(cookie);
    }

    /**
     * 获取cookie
     *
     * @param request
     * @param token
     * @return
     */
    public static Cookie get(HttpServletRequest request, String token) {
        if (null != token) {
            Cookie[] cookies = request.getCookies();
            if (cookies.length > 0) {
                for (Cookie cookie : cookies) {
                    if (token.equals(cookie.getName())) {
                        return cookie;
                    }
                }
            }
        }
        return null;
    }
}