springcloud-网关(gateway)

概述

\Spring Cloud Gateway旨在提供一种简单而有效的方式来路由到API，并为其提供跨领域的关注，如：安全、监控/指标和容错

常用术语

• Route（路由）: 网关的基本构件。它由一个ID、一个目的地URI、一个谓词（Predicate）集合和一个过滤器（Filter）集合定义。如果集合谓词为真，则路由被匹配。
• Predicate（谓词）: 这是一个 Java 8 Function Predicate。输入类型是 [Spring Framework ServerWebExchange]。这让你可以在HTTP请求中的任何内容上进行匹配，比如header或查询参数。
• Filter（过滤器）: 这些是 [GatewayFilter] 的实例，已经用特定工厂构建。在这里，你可以在发送下游请求之前或之后修改请求和响应。

网关工作原理

客户端向 Spring Cloud Gateway 发出请求。如果Gateway处理程序映射确定一个请求与路由相匹配，它将被发送到Gateway Web处理程序。这个处理程序通过一个特定于该请求的过滤器链来运行该请求。过滤器被分割的原因是，过滤器可以在代理请求发送之前和之后运行逻辑。所有的 "pre" （前）过滤器逻辑都被执行。然后发出代理请求。在代理请求发出后，"post" （后）过滤器逻辑被运行。

业务架构图

开发流程

引入依赖

gateway框架需要引入loadbalancer,否则在访问的时候会出现503异常。

<dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-loadbalancer</artifactId>
</dependency>
<dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>

bootstrap.yml配置

配置nacos

如果不需要nacos的配置，可以不引入nacos的config依赖

<dependency><groupId>com.alibaba.cloud</groupId><artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>

spring:application:name: ssc-cloud-gatewaycloud:nacos:discovery:server-addr: 192.168.201.81:7777namespace: ssc-cloud-idgroup: DEVregister-enabled: true

配置gateway

spring:cloud:gateway:discovery:locator:enabled: trueroutes:- id : ssc-order-id               #路由编号(自定义)
#          uri: https://www.bilibili.com/   #跳转地址(网页跳转)，lb--负载调整（微服务）uri: lb://ssc-cloud-olderpredicates:- Path=/ssc-older/**       #url 的映射名称(让客户看到的)filters:- StripPrefix=1- id: ssc-paycenter-id               #路由编号(自定义)uri: lb://ssc-cloud-paycenterpredicates:- Path=/ssc-pay/**filters:- StripPrefix=1

路由配置规则

序号	名称	解释
1	id	⾃定义的路由 ID，保持唯⼀
2	uri	目标服务地址：以lb:// 开头则表示要去向的微服务名称
3	predicates	路由条件
4	Filter（过滤器）	过滤器是路由转发请求时所经过的过滤逻辑，可⽤于修改请求、响应内容。

predicates断言条件

• Path

  实例: - Path=/ssc-older/

  routes:- id : ssc-older-id          uri: lb://ssc-cloud-olderpredicates:- Path=/ssc-older/**    
  

  解释: 当请求的路径为ssc-older开头的时，转发到ssc-cloud-older微服服务器上，ssc-cloud-older是navcos中微服务注册的名称。

  

• Before

  - Before=2017-01-20T17:42:47.789-07:00[Asia/Shanghai]

  在某个时间之前的请求才会被转发到 http://localhost:9001 服务器上

• After

  - After=2017-01-20T17:42:47.789- 07:00[Asia/Shanghai]

  在某个时间之后的请求才会被转发

• Between

  - Between=2017-01-20T17:42:47.789-07:00[Asia/Shanghai],

  2017-01- 21T17:42:47.789-07:00[Asia/Shanghai]

  在某个时间段之间的才会被转发

• Cookie

  - Cookie=sesionId,ssc-test

  名为ss-old的表单或者满⾜正则old的表单才会被匹配到 进⾏请求转发

  routes:- id : ssc-older-id          uri: lb://ssc-cloud-olderpredicates:- Cookie=sesionId,ssc-test   
  

• Header

  - Header=X-Request-Id

  携带参数X-Request-Id的请求头才会匹配

• Host

  - Host=www.ssc.older.com

  当主机名为www.ssc.older.com的时候直接转发到指定服务器。

• Method

  - Method=GET

  只有GET⽅法才会匹配转发请求，还可以限定POST、PUT等。

  routes:- id : ssc-older-id          uri: lb://ssc-cloud-olderpredicates:- Method=GET,POST  
  

过滤器规则

过滤规则	实例	说明
PrefixPath	- PrefixPath=/app	在请求路径前加上app
PrefixPath	- PrefixPath=/app	在请求路径前加上app
SetPath	SetPath=/app/{path}	通过模板设置路径，转发的规则时会在路径前增加 app，{path}表示原请求路径
RedirectTo		重定向
RemoveRequestHea		去掉某个请求头信息\1. PrefixPath
StripPrefix	Path=/ssc-pay/**	去掉ssc-pay才是真实路径

网关的案例

使用网关进行用户鉴权过滤。

鉴权微服务

api模块

api模块为外界提供接口(openfeign调用),为网关调用需要基于reactor开发。

pom

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>com.wnhz.ssc.cloud.authority</groupId><artifactId>ssc-cloud-authority</artifactId><version>0.0.1-SNAPSHOT</version></parent><groupId>com.wnhz.ssc.cloud.authority.api</groupId><artifactId>ssc-cloud-authority-api</artifactId><dependencies><dependency><groupId>com.playtika.reactivefeign</groupId><artifactId>feign-reactor-webclient</artifactId><version>3.0.3</version></dependency><dependency><groupId>com.playtika.reactivefeign</groupId><artifactId>feign-reactor-cloud</artifactId><version>3.0.3</version></dependency><dependency><groupId>com.playtika.reactivefeign</groupId><artifactId>feign-reactor-spring-configuration</artifactId><version>3.0.3</version></dependency></dependencies>
</project>

openfeign接口

@ReactiveFeignClient(value = "ssc-cloud-authority",url = "http://localhost:12121")
public interface IAuthorityFeign {@GetMapping("/api/authority/login")Mono<HttpResp> login(@RequestParam("username") String username,@RequestParam("password") String password);@PostMapping("/api/authority/verifyToken")Mono<HttpResp> verifyToken(String token);
}

业务接口(sevice)

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>com.wnhz.ssc.cloud.authority</groupId><artifactId>ssc-cloud-authority</artifactId><version>0.0.1-SNAPSHOT</version></parent><groupId>com.wnhz.ssc.cloud.authority.service</groupId><artifactId>ssc-cloud-authority-service</artifactId><dependencies><dependency><groupId>com.wnhz.ssc.cloud.springcloud</groupId><artifactId>ssc-cloud-springcloud</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>com.github.xiaoymin</groupId><artifactId>knife4j-openapi2-spring-boot-starter</artifactId></dependency><dependency><groupId>com.wnhz.ssc.cloud</groupId><artifactId>ssc-cloud-tools</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>com.wnhz.ssc.cloud</groupId><artifactId>ssc-cloud-ssm</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-redis</artifactId></dependency></dependencies>
</project>

配置

bootstrap.yml

spring:cloud:nacos:config:server-addr: ${spring.cloud.nacos.discovery.server-addr}namespace: ${spring.cloud.nacos.discovery.namespace}file-extension: yamlextension-configs:- data-id: db_ssc.yamlgroup: DEVrefresh: true- data-id: redis.yamlgroup: DEVrefresh: truediscovery:server-addr: 192.168.201.107namespace: ssc-cloud-idgroup: DEVapplication:name: ssc-cloud-authority

application

• application-dev.yml

  server:port: 12121
  knife4j:enable: true
  logging:level:com.wnhz: debug
  

• application.yml

  spring:profiles:active: dev
  

启动类

@EnableDiscoveryClient
@SpringBootApplication
public class AuthorityApp {public static void main(String[] args) {SpringApplication.run(AuthorityApp.class);}
}

dao

@Mapper
public interface ILoginDao extends BaseMapper<Login> {
}

异常

/*** 鉴权异常*/
public class AuthorityException extends RuntimeException{public AuthorityException(String message) {super(message);}
}

/*** 用户名或密码错误异常*/
public class BadCredentialsException extends AuthorityException{public BadCredentialsException(String message) {super(message);}
}

service

• 接口

  public interface ILoginService {Login loginCheck(String username, String password);List<Login> findByUsername(String username);
  }
  

• 实现类

  package com.wnhz.ssc.cloud.authority.service.impl;import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
  import com.wnhz.ssc.cloud.authority.dao.ILoginDao;
  import com.wnhz.ssc.cloud.authority.exception.BadCredentialsException;
  import com.wnhz.ssc.cloud.authority.exception.UsernameEmptyException;
  import com.wnhz.ssc.cloud.authority.exception.UsernameNotFoundException;
  import com.wnhz.ssc.cloud.authority.service.ILoginService;
  import com.wnhz.ssc.domain.entity.po.Login;
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.stereotype.Service;
  import org.springframework.util.StringUtils;import java.util.List;
  import java.util.Objects;@Service
  public class LoginServiceImpl implements ILoginService {@Autowiredprivate ILoginDao loginDao;@Overridepublic Login loginCheck(String username, String password) {if (!StringUtils.hasText(username)) throw new UsernameEmptyException("用户名为空异常");LambdaQueryWrapper<Login> lambdaQueryWrapper= new LambdaQueryWrapper<>();lambdaQueryWrapper.eq(Login::getUsername, username);List<Login> logins = findByUsername(username);Login login = logins.stream().filter(lg -> username.equals(lg.getUsername())).findFirst().get();if (Objects.isNull(login)) throw new BadCredentialsException("用户名|密码错误");return login;}/*** 判读用户名是否存在* @param username 用户名* @return 所有查询服务用户名的用户集合*/@Overridepublic List<Login> findByUsername(String username) {List<Login> logins = loginDao.selectList(new LambdaQueryWrapper<Login>().eq(Login::getUsername, username));if (Objects.isNull(logins) || logins.isEmpty()) throw new UsernameNotFoundException("用户名不存在异常");return logins;}
  }
  

controller

package com.wnhz.ssc.cloud.authority.controller;import com.wnhz.ssc.cloud.authority.service.ILoginService;
import com.wnhz.ssc.cloud.tools.exception.jwt.JwtException;
import com.wnhz.ssc.cloud.tools.exception.jwt.JwtExpiredException;
import com.wnhz.ssc.cloud.tools.jwt.JwtUtil;
import com.wnhz.ssc.common.result.HttpResp;
import com.wnhz.ssc.domain.entity.po.Login;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import reactor.core.publisher.Mono;import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;@Api(tags = "鉴权模块api")
@RestController
@RequestMapping("/api/authority")
@Slf4j
public class AuthorityController {@Autowiredprivate ILoginService loginService;@Autowiredprivate StringRedisTemplate stringRedisTemplate;private final String REDIS_PREFIX="token:";/*** 用户登录** @param username* @param password* @return*/@ApiOperation(value = "login", notes = "用户登录验证")@GetMapping("/login")public HttpResp login(String username, String password) {try {Login login = loginService.loginCheck(username, password);log.debug("用户名登录成功:{}",login);Map<String, Object> map = new HashMap<>();map.put("username", username);String token = JwtUtil.getInstance().creatToken(map, 1000 * 30, login.getSign());stringRedisTemplate.opsForValue().set(REDIS_PREFIX+token, login.getSign(),10, TimeUnit.MINUTES);log.debug("token产生成功，并存入redis中:{}",token);return HttpResp.success(new String[]{"ssc_login_token", token});} catch (Exception e) {return HttpResp.failed(e.getMessage());}}/*** 验证token** @param token* @return*/@ApiOperation(value = "verifyToken", notes = "token验证")@GetMapping("/verifyToken")public Mono<HttpResp> verifyToken(String token) {String sign = stringRedisTemplate.opsForValue().get(REDIS_PREFIX+token);log.debug("从redis中获取token的值: {}", sign);if (Objects.isNull(sign)) {return Mono.just(HttpResp.failed("token不存在"));}try {JwtUtil.getInstance().verifyToken(token, sign);return Mono.just(HttpResp.success("token验证成功"));} catch (JwtExpiredException e) {//token已过期,判断是否续期return refreshToken(token, sign);} catch (JwtException e) {return Mono.just(HttpResp.failed(e.getMessage()));}}private Mono<HttpResp> refreshToken(String originalToken, String sign) {Long expireLeftTime = stringRedisTemplate.getExpire(REDIS_PREFIX+originalToken);log.debug("redis中token剩余时间:{}", expireLeftTime);if (expireLeftTime > 0) {//token续期String newToken = JwtUtil.getInstance().cloneToken(originalToken, expireLeftTime);stringRedisTemplate.delete(REDIS_PREFIX+originalToken);stringRedisTemplate.opsForValue().set(REDIS_PREFIX+newToken, sign);log.debug("新token产生成功，续期完成，token==> {}",newToken);return Mono.just(HttpResp.success(new String[]{"ssc_login_token", newToken}));} //token已经过期，redis也过期return Mono.just(HttpResp.failed("token已经过期"));}
}

全局网关

负责对鉴权控制

pom

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><parent><artifactId>wnhz-ssc-cloud</artifactId><groupId>com.wnhz.ssc.cloud</groupId><version>0.0.1-SNAPSHOT</version></parent><modelVersion>4.0.0</modelVersion><groupId>com.wnhz.ssc.cloud.gateway</groupId><artifactId>ssc-cloud-gateway</artifactId><dependencies><dependency><groupId>com.wnhz.ssc.cloud.springcloud</groupId><artifactId>ssc-cloud-springcloud</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>com.wnhz.ssc.cloud.common</groupId><artifactId>ssc-cloud-common</artifactId><version>0.0.1-SNAPSHOT</version></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-gateway</artifactId></dependency><dependency><groupId>com.playtika.reactivefeign</groupId><artifactId>feign-reactor-spring-configuration</artifactId><version>3.0.3</version><scope>compile</scope></dependency><dependency><groupId>com.wnhz.ssc.cloud.authority.api</groupId><artifactId>ssc-cloud-authority-api</artifactId><version>0.0.1-SNAPSHOT</version></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><configuration><outputDirectory>../out</outputDirectory></configuration></plugin></plugins></build>
</project>

配置

bootstrap.yml

spring:main:web-application-type: reactiveapplication:name: ssc-cloud-gatewaycloud:nacos:discovery:server-addr: 192.168.201.81:7777namespace: ssc-cloud-idgroup: DEVregister-enabled: trueconfig:enabled: offgateway:discovery:locator:enabled: trueroutes:- id : ssc-order-id               #路由编号(自定义)
#          uri: https://www.bilibili.com/   #跳转地址(网页跳转)，lb--负载调整（微服务）uri: lb://ssc-cloud-olderpredicates:- Path=/ssc-older/**       #url 的映射名称(让客户看到的)filters:- StripPrefix=1- id: ssc-paycenter-id               #路由编号(自定义)uri: lb://ssc-cloud-paycenterpredicates:- Path=/ssc-pay/**filters:- StripPrefix=1- id: ssc-authority-id               #路由编号(自定义)uri: lb://ssc-cloud-authoritypredicates:- Path=/ssc-auth/**filters:- StripPrefix=1

全局过滤器

package com.wnhz.ssc.cloud.gateway.filter;import com.fasterxml.jackson.databind.ObjectMapper;
import com.wnhz.ssc.cloud.authority.feign.IAuthorityFeign;
import com.wnhz.ssc.common.result.HttpResp;
import com.wnhz.ssc.common.result.RespCode;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Objects;@Component
@Slf4j
public class SscGlobalGatewayFilter implements GlobalFilter, Ordered {@Lazy@Autowiredprivate IAuthorityFeign authorityFeign;private final String LOGIN_TOKEN="ssc_login_token";@SneakyThrows@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {ServerHttpRequest request = exchange.getRequest();ServerHttpResponse response = exchange.getResponse();log.debug("我进入过滤中.....");ObjectMapper objectMapper = new ObjectMapper();DataBuffer dataBuffer = null;String requestURI =request.getURI().getPath() ;log.debug("请求uri:{}",requestURI);if(requestURI.endsWith("/authority/login")){//客户访问登录业务，直接跳转验证return chain.filter(exchange);}//1. Token不存在，客户未登录状态访问系统if(!isLogin(request)) {//如果客户没有登录log.debug("客户还没有登录,重定向到登录(baidu)页面");String redirectUrl = "https://www.baidu.com";log.debug("将客户请求重定向到指定页面: {}", redirectUrl);response.getHeaders().set(HttpHeaders.LOCATION, redirectUrl);//303状态码表示由于请求对应的资源存在着另一个URI，应使用GET方法定向获取请求的资源response.setStatusCode(HttpStatus.SEE_OTHER);response.getHeaders().add("Content-Type", "text/plain;charset=UTF-8");return response.setComplete();}//2. token存在，调用验证微服务验证token是否有效String token = getToken(request);HttpResp block = authorityFeign.verifyToken(token).block();if(block.getCode()== RespCode.FAILED.getCode()){ //token验证失败response.getHeaders().add("Content-Type", "application/json;charset=UTF-8");dataBuffer = response.bufferFactory().wrap(objectMapper.writeValueAsString(block).getBytes(StandardCharsets.UTF_8));return response.writeWith(Mono.just(dataBuffer));}return chain.filter(exchange);}@Overridepublic int getOrder() {return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER - 1;}/*** 客户未登录，没有token* @param request* @return*/private boolean isLogin(ServerHttpRequest request){HttpHeaders headers = request.getHeaders();log.debug("header===> {}", headers);List<String> loginToken = headers.get(LOGIN_TOKEN);if(Objects.nonNull(loginToken)){return true;}return false;}/*** 从请求中获取token* @param request*/private String getToken(ServerHttpRequest request){HttpHeaders headers = request.getHeaders();log.debug("header===> {}", headers);List<String> tokens = headers.get(LOGIN_TOKEN);String token = tokens.get(0);return token;}
}

启动类

package com.wnhz.ssc.cloud.gateway;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import reactivefeign.spring.config.EnableReactiveFeignClients;@SpringBootApplication
@EnableDiscoveryClient
@EnableReactiveFeignClients(basePackages = "com.wnhz.ssc.cloud.authority.feign")
public class GatewayApp {public static void main(String[] args) {SpringApplication.run(GatewayApp.class);}
}

HttpHeaders headers = request.getHeaders();log.debug("header===> {}", headers);List<String> tokens = headers.get(LOGIN_TOKEN);String token = tokens.get(0);return token;
}

}

### 启动类```java
package com.wnhz.ssc.cloud.gateway;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import reactivefeign.spring.config.EnableReactiveFeignClients;@SpringBootApplication
@EnableDiscoveryClient
@EnableReactiveFeignClients(basePackages = "com.wnhz.ssc.cloud.authority.feign")
public class GatewayApp {public static void main(String[] args) {SpringApplication.run(GatewayApp.class);}
}