Springcloud (8)---zuul permission check, interface current limit

Source: Internet
Author: User

Zuul permission check, interface current limit

I. Authority verification and Construction

Normal project development, the permission check can consider JWT and springsecurity combination of permission check, this later will summarize, here do a zuulfilter filter based on a simple permission check filtering.

For the component Zuul, in fact, with the function of authorization authentication, that is Zuulfilter filter. Zuulfilter is the core component in Zuul, which, by inheriting the abstract class, overwrite several key methods to achieve the function of custom dispatch request.

The components used include: Eureka, feign, Zuul, including the following four items:

(1) EUREKA-SERVER:7001 Registration Center

(2) product-server:8001 commodity micro-service

(3) order-server:9001 Order micro-service

(4) zuul-gateway:6001 Zuul Gateway

Basic configuration for four services I do not write here, specifically can see the previous several blog, here only write Loginfilter permission check class

1, Loginfilter class
/*** Login Filter
* Remember to add component annotations to the class*/@Component Public classLoginfilterextendsZuulfilter {/*** Filter type, front filter */@Override PublicString filtertype () {returnPre_type; } /*** Filter order, the smaller the more first to execute*/@Override Public int Filterorder () {return4; } /*** Whether the filter is in effect * Returns TRUE indicates that a permission check is required, and false means that no user verification is required to access*/@Override Public Boolean shouldfilter () {//shared RequestContext, context objectRequestContext RequestContext =Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); System.out.println (Request.getrequesturi ()); //permission Check URL required if("/apigateway/order/api/v1/order/save". Equalsignorecase (Request.getrequesturi ())) { return true; } Else if("/apigateway/order/api/v1/order/list". Equalsignorecase (Request.getrequesturi ())) { return true; } Else if("/apigateway/order/api/v1/order/find". Equalsignorecase (Request.getrequesturi ())) { return true; } return false; } /*** Business logic * Only when the above returns True will the method be entered*/@Override PublicObjectRun () throwszuulexception {//JWTRequestContext RequestContext =Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); //token object, it is possible to pass over the request header, it is possible to pass through the parameters, the actual development is generally the request header modeString token = Request.getheader ("token"); if(Stringutils.isblank (token)) {token= Request.getparameter ("token"); } System.out.println ("The token value from the page is:" +token); //Login Check logic if token is NULL, it is returned directly to the client without making the next interface call if(Stringutils.isblank (token)) {//Filter the request and do not route itRequestcontext.setsendzuulresponse (false); //return error codeRequestcontext.setresponsestatuscode (HttpStatus.UNAUTHORIZED.value ()); } return NULL; }}
2. Key Notes

(1) Method description

FilterType : Filter type, divided into pre, error, post, route

Filterorder: Filter execution order, specified by number, the smaller the number, the first order of execution

shouldfilter: If filter needs to perform true to execute false does not execute

Run : Filter specific logic (above is true then this is the concrete execution logic)

(2) Filter type description

Pre: Filter before request execution

Route: processing requests, routing

Post: Filter executed after request processing is complete

Error: The filter that was executed when errors occurred

3. Testing

Before the request header and the parameters are not token, the checksum fails: return 401 status code

Pass in the token value at the time of the argument

Look at the background output

Describes the pass of the analog check and returns the user information.

second, the interface limit flow construction

Interface current limit can be in the nginx level to do the current limit, but also at the gateway level of the current limit, here at the gateway level to do the current limit, based on the guava framework to do the gateway limit flow.

First, the concept of guava frame current limit is explained below:

Its general meaning is that every request comes in first into the bucket to get the token, get the token request release, assuming you set 1000 tokens, if you have finished, then the back to tune the interface request will need to queue and so on to have a new token to call the interface.

Orderratelimiterfilter Current limit filter class
/*** Order Current Limit * Others are the same as above, except that the logic in run () is different*/@Component Public classOrderratelimiterfilterextendsZuulfilter {//generates 1000 tokens per second    Private Static FinalRatelimiter Rate_limiter = ratelimiter.create (1000); @Override PublicString FilterType () {returnPre_type; } @Override Public intFilterorder () {return-4; } @Override Public BooleanShouldfilter () {RequestContext RequestContext=Requestcontext.getcurrentcontext (); HttpServletRequest Request=requestcontext.getrequest (); //limit flow to order interface only        if("/apigateway/order/api/v1/order/save". Equalsignorecase (Request.getrequesturi ())) {            return true; }        return false; } @Override PublicObject Run ()throwszuulexception {requestcontext RequestContext=Requestcontext.getcurrentcontext (); //is equivalent to every call to the Tryacquire () method, the number of tokens minus 1, when 1000 is exhausted, then the user behind the access to the interface above//of course, here only write the class above an interface, you can write this, the actual can be added here to add a layer of interface judgment.         if(!Rate_limiter.tryacquire ()) {Requestcontext.setsendzuulresponse (false); //HttpStatus.TOO_MANY_REQUESTS.value () with static code constantsRequestcontext.setresponsestatuscode (HttpStatus.TOO_MANY_REQUESTS.value ()); }        return NULL; }}


I just occasionally calm down and ponder over all the past. It's not worth condemning those old times that have been naïve and dull. After all, the days ahead are still long. Keep encouraging yourself,

The day is bright, is a new beginning, but also the unknown journey (Colonel 10)

Springcloud (8)---zuul permission check, interface current limit

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.