Zuul permission check, interface current limit
I. Authority verification and Construction
Normal project development, the permission check can consider JWT and springsecurity combination of permission check, this later will summarize, here do a zuulfilter filter based on a simple permission check filtering.
For the component Zuul, in fact, with the function of authorization authentication, that is Zuulfilter filter. Zuulfilter is the core component in Zuul, which, by inheriting the abstract class, overwrite several key methods to achieve the function of custom dispatch request.
The components used include: Eureka, feign, Zuul, including the following four items:
(1) EUREKA-SERVER:7001 Registration Center
(2) product-server:8001 commodity micro-service
(3) order-server:9001 Order micro-service
(4) zuul-gateway:6001 Zuul Gateway
Basic configuration for four services I do not write here, specifically can see the previous several blog, here only write Loginfilter permission check class
1, Loginfilter class
/*** Login Filter
* Remember to add component annotations to the class*/@Component Public classLoginfilterextendsZuulfilter {/*** Filter type, front filter */@Override PublicString filtertype () {returnPre_type; } /*** Filter order, the smaller the more first to execute*/@Override Public int Filterorder () {return4; } /*** Whether the filter is in effect * Returns TRUE indicates that a permission check is required, and false means that no user verification is required to access*/@Override Public Boolean shouldfilter () {//shared RequestContext, context objectRequestContext RequestContext =Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); System.out.println (Request.getrequesturi ()); //permission Check URL required if("/apigateway/order/api/v1/order/save". Equalsignorecase (Request.getrequesturi ())) { return true; } Else if("/apigateway/order/api/v1/order/list". Equalsignorecase (Request.getrequesturi ())) { return true; } Else if("/apigateway/order/api/v1/order/find". Equalsignorecase (Request.getrequesturi ())) { return true; } return false; } /*** Business logic * Only when the above returns True will the method be entered*/@Override PublicObjectRun () throwszuulexception {//JWTRequestContext RequestContext =Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); //token object, it is possible to pass over the request header, it is possible to pass through the parameters, the actual development is generally the request header modeString token = Request.getheader ("token"); if(Stringutils.isblank (token)) {token= Request.getparameter ("token"); } System.out.println ("The token value from the page is:" +token); //Login Check logic if token is NULL, it is returned directly to the client without making the next interface call if(Stringutils.isblank (token)) {//Filter the request and do not route itRequestcontext.setsendzuulresponse (false); //return error codeRequestcontext.setresponsestatuscode (HttpStatus.UNAUTHORIZED.value ()); } return NULL; }}
2. Key Notes
(1) Method description
FilterType : Filter type, divided into pre, error, post, route
Filterorder: Filter execution order, specified by number, the smaller the number, the first order of execution
shouldfilter: If filter needs to perform true to execute false does not execute
Run : Filter specific logic (above is true then this is the concrete execution logic)
(2) Filter type description
Pre: Filter before request execution
Route: processing requests, routing
Post: Filter executed after request processing is complete
Error: The filter that was executed when errors occurred
3. Testing
Before the request header and the parameters are not token, the checksum fails: return 401 status code
Pass in the token value at the time of the argument
Look at the background output
Describes the pass of the analog check and returns the user information.
second, the interface limit flow construction
Interface current limit can be in the nginx level to do the current limit, but also at the gateway level of the current limit, here at the gateway level to do the current limit, based on the guava framework to do the gateway limit flow.
First, the concept of guava frame current limit is explained below:
Its general meaning is that every request comes in first into the bucket to get the token, get the token request release, assuming you set 1000 tokens, if you have finished, then the back to tune the interface request will need to queue and so on to have a new token to call the interface.
Orderratelimiterfilter Current limit filter class
/*** Order Current Limit * Others are the same as above, except that the logic in run () is different*/@Component Public classOrderratelimiterfilterextendsZuulfilter {//generates 1000 tokens per second Private Static FinalRatelimiter Rate_limiter = ratelimiter.create (1000); @Override PublicString FilterType () {returnPre_type; } @Override Public intFilterorder () {return-4; } @Override Public BooleanShouldfilter () {RequestContext RequestContext=Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); //limit flow to order interface only if("/apigateway/order/api/v1/order/save". Equalsignorecase (Request.getrequesturi ())) { return true; } return false; } @Override PublicObject Run ()throwszuulexception {requestcontext RequestContext=Requestcontext.getcurrentcontext (); //is equivalent to every call to the Tryacquire () method, the number of tokens minus 1, when 1000 is exhausted, then the user behind the access to the interface above//of course, here only write the class above an interface, you can write this, the actual can be added here to add a layer of interface judgment. if(!Rate_limiter.tryacquire ()) {Requestcontext.setsendzuulresponse (false); //HttpStatus.TOO_MANY_REQUESTS.value () with static code constantsRequestcontext.setresponsestatuscode (HttpStatus.TOO_MANY_REQUESTS.value ()); } return NULL; }}
I just occasionally calm down and ponder over all the past. It's not worth condemning those old times that have been naïve and dull. After all, the days ahead are still long. Keep encouraging yourself,
The day is bright, is a new beginning, but also the unknown journey (Colonel 10)
Springcloud (8)---zuul permission check, interface current limit