Zuul网关
Zuul路由网关简介及基本使用
Zuul API路由网关服务简介
请看上图,这里的API 路由网关服务 由Zuul实现,主要就是对外提供服务接口的时候,起到了请求的路由和过滤作用,也因此能够隐藏内部服务的接口细节,从来有利于保护系统的安全性;
路由配置
Zuul 路由配置
我们新建一个module microservice-zuul-3001
这里我们的zuul也注册到eureka服务里,端口3001;
我们修改下Hosts,专门为zuul搞个本地域名映射
hosts文件 加下:
127.0.0.1 zuul.huang.com
pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>com.huang</groupId> <artifactId>t226microservice</artifactId> <version>1.0-SNAPSHOT</version> </parent> <artifactId>microservice-zuul-3001</artifactId> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-eureka</artifactId> </dependency> <!-- actuator监控 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <!-- hystrix容错 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-hystrix</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-config</artifactId> </dependency> <!--zuul网关--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-zuul</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
搞一个 application.yml
server:
port: 3001
context-path: /
spring:
application:
name: microservice-zuul
eureka:
instance:
instance-id: microservice-zuul:3001
prefer-ip-address: true
client:
service-url:
defaultZone: http://eureka2001.huang.com:2001/eureka/,http://eureka2002.huang.com:2002/eureka/,http://eureka2003.huang.com:2003/eureka/
info:
groupId: com.huang.testSpringcloud
artifactId: microservice-zuul-3001
version: 1.0-SNAPSHOT
userName: http://huang.com
phone: 123456
建一个主启动类:ZuulApplication_3001
加下@EnableZuulProxy注解
package com.huang.microservicezuul3001; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; import org.springframework.cloud.netflix.zuul.EnableZuulProxy; @SpringBootApplication(exclude={DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class}) @EnableZuulProxy public class MicroserviceZuul3001Application { public static void main(String[] args) { SpringApplication.run(MicroserviceZuul3001Application.class, args); } }
我们测试下:
启动三个eureka 然后再启动下一个1001服务,以及 zuul网关服务;
这里有两个服务;
我们直接请求:http://localhost:1006/student/list 能获取到数据;
我们用 http://zuul.huang.com:3001/microservice-student/student/list 域名+端口+服务名称+请求地址 也能请求到数据;
说明我们的路由基本配置OK
Zuul路由映射配置
上面是zuul的简单使用,从接口地址很轻易的就暴露了服务提供者的唯一标识名microservice-student;有安全风险,我们需要将其隐藏;
ignored-services的作用是将原来的服务提供者唯一标识名禁用;
Prefix的作用是给服务加前缀
yml文件中添加以下配置:
zuul: routes: studentServer.serviceId: microservice-student studentServer.path: /studentServer/** ignored-services: "*" prefix: /huang
配置完毕后可通过以下链接做测试
http://zuul.huang.com:3001/microservice-student/student/list
http://zuul.huang.com:3001/studentServer/student/list
http://zuul.huang.com:3001/huang/microservice-student/student/list
http://zuul.huang.com:3001/huang/studentServer/student/list
对应的配置会出现上面的错误页面,这是正常现象。
Zuul请求过滤配置
比如我们登录某个系统 需要身份验证,用户名密码啥的;
我们请求服务,也可以来设置身份验证,也就是过滤非法请求;Zuul通过ZuulFilter过滤器实现;
一般具体实现的话 每次经过Zuul服务网关 我们都对带来的token进行有效性验证;
我们先定义一个 AccessFilter类:
package com.huang.microservicezuul3001.filter; import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import com.netflix.zuul.exception.ZuulException; import org.apache.log4j.Logger; import javax.servlet.http.HttpServletRequest; public class AccessFilter extends ZuulFilter { Logger logger=Logger.getLogger(AccessFilter.class); /** * 判断该过滤器是否要被执行 */ @Override public boolean shouldFilter() { return true; } /** * 过滤器的具体执行逻辑 */ @Override public Object run() throws ZuulException { RequestContext ctx = RequestContext.getCurrentContext(); HttpServletRequest request = ctx.getRequest(); String parameter = request.getParameter("accessToken"); logger.info(request.getRequestURL().toString()+" 请求访问"); if(parameter==null){ logger.error("accessToken为空!"); ctx.setSendZuulResponse(false); ctx.setResponseStatusCode(401); ctx.setResponseBody("{\"result\":\"accessToken is empty!\"}"); return null; } // token判断逻辑 logger.info(request.getRequestURL().toString()+" 请求成功"); return null; } /** * 过滤器的类型 这里用pre,代表会再请求被路由之前执行 */ @Override public String filterType() { return "pre"; } /** * 过滤器的执行顺序 */ @Override public int filterOrder() { return 0; } }
然后再开启下 Filter配置:
package com.huang.microservicezuul3001; import com.huang.microservicezuul3001.filter.AccessFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ZuulConfig { @Bean public AccessFilter accessFilter(){ return new AccessFilter(); }
浏览器输入地址进行测试
http://zuul.huang.com:3001/huang/studentServer/student/list
http://zuul.huang.com:3001/huang/studentServer/student/list?accessToken=1
测试结果如下