spring-cloud中zuul自定义service级别,api级别的路由白名单

主要实现对在白名单中的service级别或者api级别的网关路由。

一.service和api级别的路由

1.service级别的网关路由

public class ServiceIdWhiteTableRouteLocator extends DiscoveryClientRouteLocator {
    ...
    //主要重写该方法,在调用完super的locateRoutes后再与白名单列表比较,提取出交集
    @Override
    protected LinkedHashMap locateRoutes() {

        LinkedHashMap routeMaps = super.locateRoutes();
        LinkedHashMap whiteRouteMaps = new LinkedHashMap<>();
        routeMaps.forEach((k, v) -> {
            if (PatternMatchUtils.simpleMatch(whites, v.getServiceId())) {

                whiteRouteMaps.put(k, v);
            }

        });

        for (ZuulProperties.ZuulRoute route : this.properties.getRoutes().values()) {
            whiteRouteMaps.put(route.getPath(), route);
        }
        return whiteRouteMaps;
    }

    ...
}

2.api级别的网关路由

public class PathWhiteTableHandleMapping extends ZuulHandlerMapping {
   ...
   //主要重写该方法,在原有的ZuulHandlerMapping基础上添加判断是否在白名单的逻辑
    @Override
    protected Object lookupHandler(String urlPath, HttpServletRequest request) throws Exception {
        if (this.errorController != null && urlPath.equals(this.errorController.getErrorPath())) {
            return null;
        }
        if (isIgnoredPath(urlPath, this.routeLocator.getIgnoredPaths())) return null;
        /**
         * 检查是否在白名单中,不在白名单中的不路由
         */
        if (!isInPathWhiteTables(urlPath, this.pathWhites)) return null;

        RequestContext ctx = RequestContext.getCurrentContext();
        if (ctx.containsKey("forward.to")) {
            return null;
        }
        if (this.dirty) {
            synchronized (this) {
                if (this.dirty) {
                    registerHandlers();
                    this.dirty = false;
                }
            }
        }
        return super.lookupHandler(urlPath, request);
    }

      private boolean isInPathWhiteTables(String urlPath, Collection pathWhites) {
        for (String whitePath : pathWhites) {
            if (this.pathMatcher.match(whitePath, urlPath)) {
                return true;
            }
        }
        return false;
    }

     public void setPathWhiteTables(Collection whites) {
        this.pathWhites = whites;
    }
   ...
}

二.config配置

1.首先卸载zuul自带的auto config.

@SpringBootApplication(exclude = ZuulProxyAutoConfiguration.class)

2.需要全量copy三个类

org.springframework.cloud.netflix.zuul.RibbonCommandFactoryConfiguration

org.springframework.cloud.netflix.zuul.ZuulProxyAutoConfiguration

org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration

然后修改ZuulServerAutoConfiguration中的zuulHandlerMapping的bean注册:


   @Bean(value = "discoveryRouteLocator")
    public DiscoveryClientRouteLocator discoveryClientRouteLocator(ServerProperties server, DiscoveryClient discovery) {
        //service白名单注入点
        return new ServiceIdWhiteTableRouteLocator(server.getServlet().getServletPrefix(), discovery, this.zuulProperties, whiteRouteProperties.getWhiteServices());
    }

    @Bean(value = "zuulHandlerMapping")
    public ZuulHandlerMapping zuulHandlerMapping(RouteLocator routes) {
        PathWhiteTableHandleMapping mapping = new PathWhiteTableHandleMapping(routes, zuulController());
        mapping.setErrorController(this.errorController);
        //路径白名单注入点
        mapping.setPathWhiteTables(whiteRouteProperties.getWhitePaths());
        return mapping;
    }

其中WhiteRouteProperties是一个装载配置属性的属性类,自己定义即可。ZuulProxyAutoConfiguration需要修改其父类为上述的ZuulServerAutoConfigurationn

三. 配置文件配置

主要是在application.yaml文件中增加:

zuul:
  #控制service级别白名单(list)
  white-services:
        - 'hello-server'
  #控制api级别白名单(list)
  white-paths:
        - '/hello/world'
  routes:
    - url: hello-server
      path: /hello/**
  #默认全部不路由
  ignored-services: '*'

上述配置可以实现将/hello/**该pattern请求路由到hello-server上,由于默认设置全部不路由,通过zuul.routes加进去(看源码实现),然后由于设置了白名单功能,需要在white-services上加上hello-server,而white-paths主要是控制白名单中的某个service中具体的哪个api可以被路由,如上可知是仅有/hello/world可以被路由处理。

这样就实现了多维度的白名单路由处理。

如有不足,请不吝赐教。

你可能感兴趣的:(spring-cloud中zuul自定义service级别,api级别的路由白名单)