微服務網關:
1、身份認證 和 權限校驗
2、服務路由、負載均衡
3、請求限流
搭建服務網關:
網關是一個獨立的服務,同樣需要被注冊中心注冊到,這裡依然使用的是Nacos
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>cloud-demo</artifactId>
<groupId>cn.itcast.demo</groupId>
<version>1.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>gateway</artifactId>
<properties>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<dependencies>
<!--nacos服務注冊發現依賴-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<!--網關gateway依賴-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
</dependencies>
<build>
<finalName>app</finalName>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project> 網關資訊配置:
server:
port: 10010
logging:
level:
cn.itcast: debug
pattern:
dateformat: MM-dd HH:mm:ss:SSS
spring:
application:
name: gateway
cloud:
nacos:
server-addr: nacos:8848 # nacos位址
gateway:
routes:
- id: user-service # 路由标示,必須唯一
uri: lb://userservice # 路由的目标位址
predicates: # 路由斷言,判斷請求是否符合規則
- Path=/user/** # 路徑斷言,判斷路徑是否是以/user開頭,如果是則符合
- id: order-service
uri: lb://orderservice
predicates:
- Path=/order/**
default-filters:
- AddRequestHeader=Truth,Itcast is freaking awesome! server:
port: 10010
logging:
level:
cn.itcast: debug
pattern:
dateformat: MM-dd HH:mm:ss:SSS
spring:
application:
name: gateway
cloud:
nacos:
server-addr: nacos:8848 # nacos位址
gateway:
routes:
- id: user-service # 路由标示,必須唯一
uri: lb://userservice # 路由的目标位址
predicates: # 路由斷言,判斷請求是否符合規則
- Path=/user/** # 路徑斷言,判斷路徑是否是以/user開頭,如果是則符合
- id: order-service
uri: lb://orderservice
predicates:
- Path=/order/**
default-filters:
- AddRequestHeader=Truth,Itcast is freaking awesome! 網關過濾器配置:
server:
port: 10010
logging:
level:
cn.itcast: debug
pattern:
dateformat: MM-dd HH:mm:ss:SSS
spring:
application:
name: gateway
cloud:
nacos:
server-addr: nacos:8848 # nacos位址
gateway:
routes:
- id: user-service # 路由标示,必須唯一
uri: lb://userservice # 路由的目标位址
predicates: # 路由斷言,判斷請求是否符合規則
- Path=/user/** # 路徑斷言,判斷路徑是否是以/user開頭,如果是則符合
- id: order-service
uri: lb://orderservice
predicates:
- Path=/order/**
default-filters:
- AddRequestHeader=Truth,Itcast is freaking awesome! 全局過濾器
package cn.itcast.gateway;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
// @Order(-1) 表示過濾順序
@Component
public class AuthorizeFilter implements GlobalFilter, Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
// 1.擷取請求參數
ServerHttpRequest request = exchange.getRequest();
MultiValueMap<String, String> params = request.getQueryParams();
// 2.擷取參數中的 authorization 參數
String auth = params.getFirst("authorization");
// 3.判斷參數值是否等于 admin
if ("admin".equals(auth)) {
// 4.是,放行
return chain.filter(exchange);
}
// 5.否,攔截
// 5.1.設定狀态碼
exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
// 5.2.攔截請求
return exchange.getResponse().setComplete();
}
@Override // 表示過濾順序
public int getOrder() {
return -1;
}
} 網關跨域攻擊問題處理:
server:
port: 10010
logging:
level:
cn.itcast: debug
pattern:
dateformat: MM-dd HH:mm:ss:SSS
spring:
application:
name: gateway
cloud:
nacos:
server-addr: nacos:8848 # nacos位址
gateway:
routes:
- id: user-service # 路由标示,必須唯一
uri: lb://userservice # 路由的目标位址
predicates: # 路由斷言,判斷請求是否符合規則
- Path=/user/** # 路徑斷言,判斷路徑是否是以/user開頭,如果是則符合
- id: order-service
uri: lb://orderservice
predicates:
- Path=/order/**
default-filters:
- AddRequestHeader=Truth,Itcast is freaking awesome!\
globalcors: # 全局跨域處理
add-to-simple-url-handler-mapping: true # 加入到簡易URL處理器映射 是
cors-configurations:
'[/**]': # 路徑格式, 所有路徑
allowedOrigins: # 允許哪些網站跨域請求
- "http://localhost:8090"
- "http://localhost:8091"
allowedMethods: # 允許的請求方式
- "GET"
- "POST"
- "PUT"
- "DELETE"
- "OPTIONS"
- "HEADER"
allowedHeaders: "*" # 允許在請求頭中攜帶資訊
allowedCrendentials: true # 允許帶Cookie
maxAge: 360000 # 跨域檢測的有效期?