Zuul权限检验
一、达到的目标
/order/create 只能买家访问
/order/finish 只能卖家访问
/product/list 都能访问
二、创建User工程
1、创建user工程
选择的依赖
2、创建user-dev.yml文件到gitee(码云)
- spring:
- datasource:
- driver-class-name: com.mysql.jdbc.Driver
- username: root
- password: 123456
- url: jdbc:mysql://127.0.0.1:3306/SpringCloud_Sell?characterEncoding=utf-8&useSSL=false
- jpa:
- show-sql: true
3、然后在配置中心查看
4、创建bootstrap.yml
5、增加EnableDiscoveryClient注解
6、 pom.xml文件
增加spring-boot-starter-web
- <dependencies>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-data-jpa</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-data-redis</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-config</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-config-client</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
- </dependency>
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-test</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-dependencies</artifactId>
- <version>${spring-cloud.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
7、最后启动User工程
查看Eureka中心,可以看到User已经在了。
8. 然后将User工程进行模块拆分
二、api-gateway工程
1、修改api-gateway的配置。全部服务都可传递Cookie
三、增加权限验证
1、增加AuthFilter
- /**
- * 权限拦截(区分卖家和买家)
- * Created by Think on 2019/2/16.
- */
- @Component
- public class AuthFilter extends ZuulFilter{
- @Autowired
- private StringRedisTemplate stringRedisTemplate;
- @Override
- public String filterType() {
- return PRE_TYPE;
- }
- @Override
- public int filterOrder() {
- return PRE_DECORATION_FILTER_ORDER - 1;
- }
- @Override
- public boolean shouldFilter() {
- return true;
- }
- @Override
- public Object run() throws ZuulException {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- /*
- /order/create 只能买家访问(cookei里有openid)
- /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
- /product/list 都能访问
- */
- if("/order/create".equals(request.getRequestURI())){
- Cookie cookie = CookieUtil.get(request, "openid");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- }
- if("/order/finish".equals(request.getRequestURI())){
- Cookie cookie = CookieUtil.get(request, "token");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
- StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- }
- return null;
- }
- }
2、启动其它工程
3、测试
以上返回是错误的,应该禁止访问。修改如下路径/order/order/create
- /**
- * 权限拦截(区分卖家和买家)
- * Created by Think on 2019/2/16.
- */
- @Component
- public class AuthFilter extends ZuulFilter{
- @Autowired
- private StringRedisTemplate stringRedisTemplate;
- @Override
- public String filterType() {
- return PRE_TYPE;
- }
- @Override
- public int filterOrder() {
- return PRE_DECORATION_FILTER_ORDER - 1;
- }
- @Override
- public boolean shouldFilter() {
- return true;
- }
- @Override
- public Object run() throws ZuulException {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- /*
- /order/create 只能买家访问(cookei里有openid)
- /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
- /product/list 都能访问
- */
- if("/order/order/create".equals(request.getRequestURI())){
- Cookie cookie = CookieUtil.get(request, "openid");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- }
- if("/order/order/finish".equals(request.getRequestURI())){
- Cookie cookie = CookieUtil.get(request, "token");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
- StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- }
- return null;
- }
- }
然后API-Gateway工程中增加Redis配置
这样再次请求在返回401.
先登录,在调用create 创建订单,则可以调用成功。
同理,测试finish接口
http://localhost:9000/order/order/finish,返回401
所以卖家先进行登录操作
在进行订单finish操作
4、优化。将AuthFilter拆分成AuthSellerFilter和AuthBuyerFilter
AuthBuyerFilter.java
- @Component
- public class AuthBuyerFilter extends ZuulFilter{
- @Autowired
- private StringRedisTemplate stringRedisTemplate;
- @Override
- public String filterType() {
- return PRE_TYPE;
- }
- @Override
- public int filterOrder() {
- return PRE_DECORATION_FILTER_ORDER - 1;
- }
- @Override
- public boolean shouldFilter() {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- if("/order/order/create".equals(request.getRequestURI())){
- return true;
- }
- return false;
- }
- @Override
- public Object run() throws ZuulException {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- /*
- /order/create 只能买家访问(cookei里有openid)
- */
- Cookie cookie = CookieUtil.get(request, "openid");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- return null;
- }
- }
- AuthSellerFilter.java
- @Component
- public class AuthSellerFilter extends ZuulFilter{
- @Autowired
- private StringRedisTemplate stringRedisTemplate;
- @Override
- public String filterType() {
- return PRE_TYPE;
- }
- @Override
- public int filterOrder() {
- return PRE_DECORATION_FILTER_ORDER - 1;
- }
- @Override
- public boolean shouldFilter() {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- if("/order/order/finish".equals(request.getRequestURI())){
- return true;
- }
- return false;
- }
- @Override
- public Object run() throws ZuulException {
- RequestContext requestContext = RequestContext.getCurrentContext();
- HttpServletRequest request = requestContext.getRequest();
- /*
- /order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
- */
- Cookie cookie = CookieUtil.get(request, "token");
- if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
- StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
- requestContext.setSendZuulResponse(false);
- requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
- }
- return null;
- }
- }
Zuul权限检验的更多相关文章
- SpringCloud(8)---zuul权限校验、接口限流
zuul权限校验.接口限流 一.权限校验搭建 正常项目开发时,权限校验可以考虑JWT和springSecurity结合进行权限校验,这个后期会总结,这里做个基于ZuulFilter过滤器进行一个简单的 ...
- Linux下进程的文件访问权限
本文转自 http://blog.csdn.net/chosen0ne/article/details/10581883 对进程校验文件访问权限包括两个部分,一是确定进程的角色(属于哪个用户或者组), ...
- SpringCloud---网关概念、Zuul项目搭建(六)
SpringCloud---网关概念.Zuul项目搭建(六) 一.网关概念 1.什么是路由网关 网关是系统的唯一对外的入口,介于客户端和服务器端之间的中间层,处理非业务功能 提供路由请求.鉴权.监控. ...
- [Z] Linux下进程的文件访问权限
原文链接:http://blog.csdn.net/chosen0ne/article/details/10581883 对进程校验文件访问权限包括两个部分,一是确定进程的角色(属于哪个用户或者组), ...
- Django:RestFramework之-------权限
4.restframework-权限 4.1权限: 权限在单个视图应用. class MyPermission(object): """认证类""&q ...
- SSM项目实战 之 权限管理系统
目录 SSM权限管理系统 项目搭建 1.创建Maven-webapp工程 2.SSM框架集成 3.添加代码生成器 主页搭建 EasyUI主页 员工列表 1.在tree当中指定跳转的地址--暂时用tre ...
- 前后端分离进行权限管理之后端API返回菜单及权限信息(三)
一.动态菜单API的生成 1.API #菜单信息 url(r'^menus$', views.MenuModelView.as_view({"get": "list&qu ...
- springboot使用jwt进行权限验证
springboot使用jwt进行权限验证 依赖准备 首先导入对应的依赖 <dependencies> <dependency> <groupId>org.apac ...
- spring aop注解配置
spring aop是面向切面编程,使用了动态代理的技术,这样可以使业务逻辑的代码不掺入其他乱七八糟的代码 可以在切面上实现合法性校验.权限检验.日志记录... spring aop 用的多的有两种配 ...
随机推荐
- 多路径multipath配置,udev绑定
多路径multipath配置 以root用户登录 1.查看共享磁盘是否挂载成功 #fdisk -l 2.生成配置文件 #mpathconf --enable 修改配置文件权限 #chmod 644 / ...
- arch Linux 安装完,无法通过 SSH 远程连接 root 用户问题
访问 arch Linux 主机的该文件 [root@eric-laptop ~]# vim /etc/ssh/sshd_config 对应注释部分后边补上下边三行: LoginGraceTime 1 ...
- Python requests代理
self.ip=requests.get('http:ip获取') self.ip=(self.ip.text).replace('\r','').replace('\n','') print('IP ...
- Session&Cookie(Introduction、Application)
一Session 1概念: (1)session是会话,是同一连接者所有页面公有的内置对象 (2)session是一段时间,从session创建开始,到session销毁结束,默认时间为30分钟( ...
- struts2必备jar包(2.1.6版本)
struts2必备jar包(2.1.6版本) struts2(2.1.6版本)必备的jar包有6个 struts2-core-2.1.6.jar freemarker-2.3.13.jar commo ...
- Linux下TFTP服务的安装、配置和操作
TFTP是用来下载远程文件的最简单网络协议,它其于UDP协议而实现.嵌入式linux的tftp开发环境包括两个方面:一是linux服务器端的tftp-server支持,二是嵌入式目标系统的tftp ...
- Let me introduce myself
介绍自己,从开学到这上半学期结束,不知道说了多少个版本.开学军训,要自我介绍:军训结束,在班里要自我介绍:参加社团,面试要自我介绍.....不能说对每个人,至少对于我来说,在众人面前开口介绍自己,总还 ...
- UDP协议学习(转)
reference: https://blog.csdn.net/s_lisheng/article/details/73538229 https://blog.cs ...
- go web framework gin 启动流程分析
最主要的package : gin 最主要的struct: Engine Engine 是整个framework的实例,它包含了muxer, middleware, configuration set ...
- 编译darknet出现libpng16.so.16:对‘inflateValidate@ZLIB_1.2.9’未定义的引用
cd /usr/lib/x86_64-linux-gnu sudo ln -s ~/anaconda/lib/libpng16.so.16 libpng16.so.16 sudo ldconfig## ...