• Zuul权限检验

    一、达到的目标

    /order/create 只能买家访问

    /order/finish 只能卖家访问

    /product/list 都能访问

    二、创建User工程

    1、创建user工程

    选择的依赖

    2、创建user-dev.yml文件到gitee(码云)

    spring:
  datasource:
      driver-class-name: com.mysql.jdbc.Driver
      username: root
      password: 123456
      url: jdbc:mysql://127.0.0.1:3306/SpringCloud_Sell?characterEncoding=utf-8&useSSL=false
  jpa:
    show-sql: true  

    3、然后在配置中心查看

    4、创建bootstrap.yml

    5、增加EnableDiscoveryClient注解

    6、 pom.xml文件

    增加spring-boot-starter-web

    <dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-jpa</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-redis</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter-config</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-config-client</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
		</dependency>

		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.springframework.cloud</groupId>
				<artifactId>spring-cloud-dependencies</artifactId>
				<version>${spring-cloud.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>

      

    7、最后启动User工程

    查看Eureka中心,可以看到User已经在了。

    8. 然后将User工程进行模块拆分

    二、api-gateway工程

    1、修改api-gateway的配置。全部服务都可传递Cookie

    三、增加权限验证

    1、增加AuthFilter

    /**
 * 权限拦截(区分卖家和买家)
 * Created by Think on 2019/2/16.
 */
@Component
public class AuthFilter extends ZuulFilter{

    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();

        /*
        /order/create 只能买家访问(cookei里有openid)
        /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
        /product/list 都能访问
         */


        if("/order/create".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "openid");
            if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }


        if("/order/finish".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "token");
            if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
                    StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }

        return null;
    }
}

     

    2、启动其它工程

    3、测试

     以上返回是错误的,应该禁止访问。修改如下路径/order/order/create

    /**
 * 权限拦截(区分卖家和买家)
 * Created by Think on 2019/2/16.
 */
@Component
public class AuthFilter extends ZuulFilter{

    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();

        /*
        /order/create 只能买家访问(cookei里有openid)
        /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
        /product/list 都能访问
         */


        if("/order/order/create".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "openid");
            if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }


        if("/order/order/finish".equals(request.getRequestURI())){
            Cookie cookie = CookieUtil.get(request, "token");
            if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
                    StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
            }
        }

        return null;
    }
} 

    然后API-Gateway工程中增加Redis配置

     这样再次请求在返回401.

     先登录,在调用create 创建订单,则可以调用成功。

    同理,测试finish接口

    http://localhost:9000/order/order/finish,返回401

     所以卖家先进行登录操作

    在进行订单finish操作

    4、优化。将AuthFilter拆分成AuthSellerFilter和AuthBuyerFilter

    AuthBuyerFilter.java

    @Component
public class AuthBuyerFilter extends ZuulFilter{

    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public boolean shouldFilter() {
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();

        if("/order/order/create".equals(request.getRequestURI())){
            return  true;
        }
        return false;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();

        /*
        /order/create 只能买家访问(cookei里有openid)
         */
        Cookie cookie = CookieUtil.get(request, "openid");
        if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
        }

        return null;
    }
}

      

    AuthSellerFilter.java
    @Component
public class AuthSellerFilter extends ZuulFilter{

    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public boolean shouldFilter() {
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();
        if("/order/order/finish".equals(request.getRequestURI())){
            return true;
        }
        return false;
    }

    @Override
    public Object run() throws ZuulException {

        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request =  requestContext.getRequest();
        /*
        /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
         */
        Cookie cookie = CookieUtil.get(request, "token");
        if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
                StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
        }
        return null;
    }
}

      
  • 相关阅读:
    继承—泛型
    单例模式
    继承 4—Monkey
    继承 3—A B E
    继承 2—people
    继承 1—Mucic
    面向对象—汽车
    面向对象—封装—汽车
    Linux下查看CPU型号,内存大小,硬盘空间的命令
    redis源码——数据结构与对象
  • 原文地址:https://www.cnblogs.com/linlf03/p/10389176.html
Copyright © 2020-2023  润新知