zuul 集成spring security 作为边缘路由访问时的api权限控制策略
- api-server作为资源服务器。添加zuul控制 在上一节中,security-server中oauth2作为整个微服务的权限控制中心,主要功能对客户端的 认证和token的发放,与此向对的就是资源服务器,资源服务器依赖于权限服务器。其他客户端想要 调用资源服务器的接口,就必须通过权限服务器的认证。
zuul的基本介绍已在第六节中有过基本介绍,可参考第六节 服务端负载均衡
关于资源服务器的api-server的配置使用如下:
- pom 添加依赖
<dependency> <groupId>com.xzg</groupId> <artifactId>online-table-reservation-common</artifactId> <version>v1</version> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-netflix-hystrix-stream</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-hystrix</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
- 基本配置,启动类@EnableResourceServer标注该服务为资源服务器
@SpringBootApplication @EnableEurekaClient @EnableResourceServer @Configuration @ComponentScan({"com.xzg.api.service", "com.xzg.common"}) public class ApiApp { private static final Logger LOG = LoggerFactory.getLogger(ApiApp.class); static { // 本地测试 LOG.warn("禁用ssl主机名检查,开发截断使用"); HttpsURLConnection.setDefaultHostnameVerifier((hostname, sslSession) -> true); } @LoadBalanced @Bean RestTemplate restTemplate() { return new RestTemplate(); } public static void main(String[] args) { LOG.info("Register MDCHystrixConcurrencyStrategy"); HystrixPlugins.getInstance().registerConcurrencyStrategy(new MDCHystrixConcurrencyStrategy()); SpringApplication.run(ApiApp.class, args); } }
- 配置文件中添加权限认证服务配置
#其他略 security: oauth2: resource: userInfoUri: https://localhost:9001/auth/user management: security: enabled: false
具体配置可参考源码