A, springcloud gateway to intercept the zuul
1, blacklist interception
2, sign test parameters
3, Api Interface verification authority
Second, the interception gateway implementations
1, inheritance ZuulFilter method, implement business logic
@Component @ SLF4J public class GatewayFilter the extends ZuulFilter { @Override public String filterType () { return "pre" ; } @Override public int filterOrder () { return 0 ; } @Override public Boolean shouldFilter () { // read true, The method will run down return to true ; } / ** * business logic processing before the request interceptor * @return * @throwsZuulException * / @Override public Object RUN () throws ZuulException { the RequestContext CTX = RequestContext.getCurrentContext (); // 1. Get request object the HttpServletRequest Request = ctx.getRequest (); // 2. Get the object in response the HttpServletResponse Response = CTX. getResponse (); // 3. acquiring real client ip address String ipAddr = IpUtil.getIpAddr (Request); IF (StringUtils.isEmpty (ipAddr)) { resultError (CTX, "is not able to obtain the ip address" ); } / /4. The dynamic access blacklist, blacklist is determined, in response to the gateway set to false IF ( "127.0.0.1" .equals (ipAddress)) { resultError (CTX, "IP:" ipAddress + + ", Insufficient Access Rights" ) ; } // The transmission parameters signature intercept the Map <String, String> verifyMap = SignUtil.toVerifyMap (request.getParameterMap (), to false ); IF (! {SignUtil.verify (verifyMap)) resultError (CTX, "IP:" ipAddress + + ", Sign Fail" ); } // 6.api permission verification String servletPath = request.getServletPath (); String accessTokenRequest.getParameter = ( "accessToken" ); IF (StringUtils.isEmpty (accessToken)) { resultError (CTX, "the AccessToken CAN BE Not empty" ); } // call interface to verify whether the failure accessToken BaseResponse <the JSONObject> appInfo = verificaCodeServiceFeign.getAppInfo (accessToken); IF (! {isSuccess (appInfo)) resultError (CTX, appInfo.getMsg ()); } return null ; } / ** * returns the error * @param CTX * @param code * @paramerrorMsg * / Private void resultError (CTX the RequestContext, String errorMsg) { ctx.setResponseStatusCode ( 401 ); // gateway does not respond to false forwarding service ctx.setSendZuulResponse ( false ); ctx.setResponseBody (errorMsg); }
Third, the use of the above pattern builder code package
1, based on the builder design pattern Package: Gateway access control
public interface GatewayBuild { /** * 黑名单拦截 */ Boolean blackBlock(RequestContext ctx, String ipAddress, HttpServletResponse response); /** * 参数验签 */ Boolean paramsValidate(RequestContext ctx, String ipAddress, HttpServletRequest request); /** * api权限控制 * * @return */ Boolean apiAuthorize(RequestContext ctx, HttpServletRequest request); }
2, based on the construction of the package design pattern: Build achieved parameter validation, business logic
SLF4J @ @Component public class VerificationBuild the implements GatewayBuild { @Override public Boolean blackBlock (CTX the RequestContext, String ipAddress, the HttpServletResponse Response) { // 4. dynamic read from the database, a blacklist is determined, in response to the gateway set to false IF ( "127.0 .0.1 " .equals (ipAddress)) { resultError (CTX, " IP: "ipAddress + +", Insufficient Access Rights " ); return to false ; } log.info ( " IP >>>>>>: {}, verification by >>>>>>> " , ipAddress); return to true ; } @Override public Boolean paramsValidate(RequestContext ctx, String ipAddress, HttpServletRequest request) { // 5.外网传递参数签名拦截 Map<String, String> verifyMap = SignUtil.toVerifyMap(request.getParameterMap(), false); if(!SignUtil.verify(verifyMap)){ resultError(ctx, "ip:" + ipAddress + ",Sign fail"); return false; } return true; } @Override public Boolean apiAuthorize(RequestContext ctx, HttpServletRequest request) { String servletPath =request.getServletPath (); // Internal accessToken service call does not require validation, if the beginning of the public, represents an authorized party access interface IF (servletPath.substring (0,. 7) .equals ( "/ public"! )) { return to true ; } accessToken String = request.getParameter ( "accessToken" ); log.info ( ">>>>> accessToken verification:" + accessToken); IF (StringUtils.isEmpty (accessToken)) { resultError (CTX, "the accessToken CAN BE Not empty" ); return false ; } // call interface to verify whether the failure accessToken BaseResponse<JSONObject> appInfo = verificaCodeServiceFeign.getAppInfo(accessToken); log.info(">>>>>>data:" + appInfo.toString()); if (!isSuccess(appInfo)) { resultError(ctx, appInfo.getMsg()); return false; } return true; } /** * 网关拦截 * @param ctx * @param code * @param errorMsg */ private void resultError(RequestContext ctx, String errorMsg) { ctx.setResponseStatusCode ( 401 ); // gateway does not respond to false forwarding service ctx.setSendZuulResponse ( false ); ctx.setResponseBody (errorMsg); } }
3, based on the construction of the package design pattern: Build connector
@Component public class GatewayDirector { @Resource(name = "VerificationBuild") private GatewayBuild gatewayBuild; /** * 连接建造者 * @param ctx * @param ipAddress * @param response * @param request */ public void direcot(RequestContext ctx, String ipAddress, HttpServletResponse response, HttpServletRequest request){ // 1.黑名单 Boolean boolBlackBlock = gatewayBuild.blackBlock(ctx, ipAddress, response); if(!boolBlackBlock){ return; } // 2.参数验证 Boolean boolParamsValidate = gatewayBuild.paramsValidate(ctx, ipAddress, request); if(!boolParamsValidate){ return; } // 3.api权限控制 Boolean boolApiAuthorize = gatewayBuild.apiAuthorize(ctx, request); if(!boolApiAuthorize){ return; } } }
4, gateway filters call
@Override public Object RUN () throws ZuulException { // Design Patterns: encapsulating the builder pattern based on the RequestContext CTX = RequestContext.getCurrentContext (); // 1. Get request object the HttpServletRequest Request = ctx.getRequest (); // 2. Get the object in response to the HttpServletResponse response = ctx.getResponse (); // 3. acquiring real client ip address String ipAddr = IpUtil.getIpAddr (Request); IF (StringUtils.isEmpty (ipAddr)) { resultError (CTX, "which did not have ip address to " ); } // 4. package based on the builder pattern: request limit gatewayDirector.direcot(ctx,ipAddr,response,request); return null; }