zuul 集成spring security 作爲邊緣路由訪問時的api權限控制策略
- api-server作爲資源服務器。添加zuul控制 在上一節中,security-server中oauth2作爲整個微服務的權限控制中心,主要功能對客戶端的 認證和token的發放,與此向對的就是資源服務器,資源服務器依賴於權限服務器。其他客戶端想要 調用資源服務器的接口,就必須通過權限服務器的認證。
zuul的基本介紹已在第六節中有過基本介紹,可參考第六節 服務端負載均衡
關於資源服務器的api-server的配置使用如下:
- pom 添加依賴
<dependency> <groupId>com.xzg</groupId> <artifactId>online-table-reservation-common</artifactId> <version>v1</version> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-netflix-hystrix-stream</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-hystrix</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
- 基本配置,啓動類@EnableResourceServer標註該服務爲資源服務器
@SpringBootApplication @EnableEurekaClient @EnableResourceServer @Configuration @ComponentScan({"com.xzg.api.service", "com.xzg.common"}) public class ApiApp { private static final Logger LOG = LoggerFactory.getLogger(ApiApp.class); static { // 本地測試 LOG.warn("禁用ssl主機名檢查,開發截斷使用"); HttpsURLConnection.setDefaultHostnameVerifier((hostname, sslSession) -> true); } @LoadBalanced @Bean RestTemplate restTemplate() { return new RestTemplate(); } public static void main(String[] args) { LOG.info("Register MDCHystrixConcurrencyStrategy"); HystrixPlugins.getInstance().registerConcurrencyStrategy(new MDCHystrixConcurrencyStrategy()); SpringApplication.run(ApiApp.class, args); } }
- 配置文件中添加權限認證服務配置
#其他略 security: oauth2: resource: userInfoUri: https://localhost:9001/auth/user management: security: enabled: false
具體配置可參考源碼