Based on the builder pattern [a] gateway zuul filter enclosing ||

A, springcloud gateway to intercept the zuul

1, blacklist interception

2, sign test parameters

3, Api Interface verification authority

Second, the interception gateway implementations

1, inheritance ZuulFilter method, implement business logic

@Component 
@ SLF4J
 public  class GatewayFilter the extends ZuulFilter {
 
    @Override 
    public String filterType () {
         return "pre" ; 
    } 

    @Override 
    public  int filterOrder () {
         return 0 ; 
    } 

    @Override 
    public  Boolean shouldFilter () {
         // read true, The method will run down 
        return  to true ; 
    } 


    / ** 
     * business logic processing before the request interceptor 
     * @return 
     * @throwsZuulException
      * / 
    @Override 
    public Object RUN () throws ZuulException { 

        the RequestContext CTX = RequestContext.getCurrentContext ();
         // 1. Get request object 
        the HttpServletRequest Request = ctx.getRequest ();
         // 2. Get the object in response 
        the HttpServletResponse Response = CTX. getResponse (); 

        // 3. acquiring real client ip address 
        String ipAddr = IpUtil.getIpAddr (Request);
         IF (StringUtils.isEmpty (ipAddr)) { 
            resultError (CTX, "is not able to obtain the ip address" ); 
        } 
        / /4. The dynamic access blacklist, blacklist is determined, in response to the gateway set to false 
        IF ( "127.0.0.1" .equals (ipAddress)) { 
            resultError (CTX, "IP:" ipAddress + + ", Insufficient Access Rights" ) ; 
        } 
        // The transmission parameters signature intercept 
        the Map <String, String> verifyMap = SignUtil.toVerifyMap (request.getParameterMap (), to false );
         IF (! {SignUtil.verify (verifyMap)) 
            resultError (CTX, "IP:" ipAddress + + ", Sign Fail" ); 
        } 
        // 6.api permission verification 
        String servletPath = request.getServletPath (); 
        String accessTokenRequest.getParameter = ( "accessToken" ); IF (StringUtils.isEmpty (accessToken)) { 
            resultError (CTX, "the AccessToken CAN BE Not empty" ); 
        } 
        // call interface to verify whether the failure accessToken 
        BaseResponse <the JSONObject> appInfo = verificaCodeServiceFeign.getAppInfo (accessToken); IF (! {isSuccess (appInfo)) 
            resultError (CTX, appInfo.getMsg ()); 
        } 

        return  null ; 

    } 


    / ** 
     * returns the error 
     * @param CTX 
     * @param code 
     * @paramerrorMsg
      * / 
    Private  void resultError (CTX the RequestContext, String errorMsg) { 
        ctx.setResponseStatusCode ( 401 );
         // gateway does not respond to false forwarding service 
        ctx.setSendZuulResponse ( false ); 
        ctx.setResponseBody (errorMsg); 

    }

Third, the use of the above pattern builder code package

1, based on the builder design pattern Package: Gateway access control

public interface GatewayBuild {

    /**
     * 黑名单拦截
     */
    Boolean blackBlock(RequestContext ctx, String ipAddress, HttpServletResponse response);

    /**
     * 参数验签
     */
    Boolean paramsValidate(RequestContext ctx, String ipAddress, HttpServletRequest request);

    /**
     * api权限控制
     *
     * @return
     */
    Boolean apiAuthorize(RequestContext ctx, HttpServletRequest request);
}

2, based on the construction of the package design pattern: Build achieved parameter validation, business logic

SLF4J @ 
@Component 
public  class VerificationBuild the implements GatewayBuild { 
    @Override 
    public Boolean blackBlock (CTX the RequestContext, String ipAddress, the HttpServletResponse Response) {
         // 4. dynamic read from the database, a blacklist is determined, in response to the gateway set to false 
        IF ( "127.0 .0.1 " .equals (ipAddress)) { 
            resultError (CTX, " IP: "ipAddress + +", Insufficient Access Rights " );
             return  to false ; 
        } 
        log.info ( " IP >>>>>>: {}, verification by >>>>>>> " , ipAddress);
         return  to true ;
    }

    @Override
    public Boolean paramsValidate(RequestContext ctx, String ipAddress, HttpServletRequest request) {
        // 5.外网传递参数签名拦截
        Map<String, String> verifyMap = SignUtil.toVerifyMap(request.getParameterMap(), false);
        if(!SignUtil.verify(verifyMap)){
            resultError(ctx, "ip:" + ipAddress + ",Sign fail");
            return false;
        }
        return true;
    }

    @Override
    public Boolean apiAuthorize(RequestContext ctx, HttpServletRequest request) {
        String servletPath =request.getServletPath ();
         // Internal accessToken service call does not require validation, if the beginning of the public, represents an authorized party access interface 
        IF (servletPath.substring (0,. 7) .equals ( "/ public"! )) {
             return  to true ; 
        } 
        accessToken String = request.getParameter ( "accessToken" ); 
        log.info ( ">>>>> accessToken verification:" + accessToken);
         IF (StringUtils.isEmpty (accessToken)) { 
            resultError (CTX, "the accessToken CAN BE Not empty" );
             return  false ; 
        } 
        // call interface to verify whether the failure accessToken
        BaseResponse<JSONObject> appInfo = verificaCodeServiceFeign.getAppInfo(accessToken);
        log.info(">>>>>>data:" + appInfo.toString());
        if (!isSuccess(appInfo)) {
            resultError(ctx, appInfo.getMsg());
            return false;
        }
        return true;
    }

    /**
     * 网关拦截
     * @param ctx
     * @param code
     * @param errorMsg
     */
    private void resultError(RequestContext ctx, String errorMsg) {
        ctx.setResponseStatusCode ( 401 );
         // gateway does not respond to false forwarding service 
        ctx.setSendZuulResponse ( false ); 
        ctx.setResponseBody (errorMsg); 

    } 
}

3, based on the construction of the package design pattern: Build connector

@Component
public class GatewayDirector {

    @Resource(name = "VerificationBuild")
    private GatewayBuild gatewayBuild;
    /**
     * 连接建造者
     * @param ctx
     * @param ipAddress
     * @param response
     * @param request
     */
    public void direcot(RequestContext ctx, String ipAddress, HttpServletResponse response, HttpServletRequest request){

        // 1.黑名单
        Boolean boolBlackBlock = gatewayBuild.blackBlock(ctx, ipAddress, response);
        if(!boolBlackBlock){
            return;
        }
        // 2.参数验证
        Boolean boolParamsValidate = gatewayBuild.paramsValidate(ctx, ipAddress, request);
        if(!boolParamsValidate){
            return;
        }
        // 3.api权限控制
        Boolean boolApiAuthorize = gatewayBuild.apiAuthorize(ctx, request);
        if(!boolApiAuthorize){
            return;
        }

    }
}

4, gateway filters call

@Override
     public Object RUN () throws ZuulException { 

        // Design Patterns: encapsulating the builder pattern based on 
        the RequestContext CTX = RequestContext.getCurrentContext ();
         // 1. Get request object 
        the HttpServletRequest Request = ctx.getRequest ();
         // 2. Get the object in response to 
        the HttpServletResponse response = ctx.getResponse (); 

        // 3. acquiring real client ip address 
        String ipAddr = IpUtil.getIpAddr (Request);
         IF (StringUtils.isEmpty (ipAddr)) { 
            resultError (CTX, "which did not have ip address to " ); 
        } 

        // 4. package based on the builder pattern: request limit
        gatewayDirector.direcot(ctx,ipAddr,response,request);

        return null;



    }