springcloud微服务网关zuul开发实战（五）

 

1、微服务网关介绍和使用场景
简介：讲解网关的作用和使用场景 (画图)

 

1）什么是网关
API Gateway，是系统的唯一对外的入口，介于客户端和服务器端之间的中间层，处理非业务功能 提供路由请求、鉴权、监控、缓存、限流等功能

统一接入
智能路由
AB测试、灰度测试
负载均衡、容灾处理
日志埋点（类似Nignx日志）

流量监控
限流处理
服务降级

安全防护
鉴权处理
监控
机器网络隔离

2）主流的网关
zuul：是Netflix开源的微服务网关，和Eureka,Ribbon,Hystrix等组件配合使用，Zuul 2.0比1.0的性能提高很多

kong: 由Mashape公司开源的，基于Nginx的API gateway

nginx+lua：是一个高性能的HTTP和反向代理服务器,lua是脚本语言，让Nginx执行Lua脚本，并且高并发、非阻塞的处理各种请求

 

2、SpringCloud的网关组件zuul基本使用
简介：讲解zuul网关基本使用

创建工程

1）在任意工程下，File  >>  NEW project

2）

3)

 

1、加入依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.4.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.po</groupId>
    <artifactId>api-gateway</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>api-gateway</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.SR1</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
30             <groupId>org.springframework.cloud</groupId>
31             <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
32         </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    

</project>

 

 

yml

server:
  port: 9000
#服务名称

spring:
  application:
    name: api-gateway

#指定注册中心地址
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/

 

2、启动类加入注解 @EnableZuulProxy
默认集成断路器 @EnableCircuitBreaker

//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//

package org.springframework.cloud.netflix.zuul;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker;
import org.springframework.context.annotation.Import;

15 @EnableCircuitBreaker
@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Import({ZuulProxyMarkerConfiguration.class})
public @interface EnableZuulProxy {
}

 

默认访问规则
http://gateway:port/service-id/**

例子：默认 /order-service/api/v1/order/save?user_id=2&product_id=1
自定义 /xdclass_order/api/v1/order/save?user_id=2&product_id=1

比如：

http://localhost:8781/api/vi/order/save?product_id=2&user_id=5

数据如下：

{"code":0,"data":{"id":0,"productName":"\"iPhone7data from port = 8771\"","tradeNo":"2ca0043f-b105-4707-9aa5-8f4727a1abf5","price":7999,"createTime":"2019-01-06T09:37:50.100+0000","userId":5,"userName":null}}

 

现在通过网关访问

http://localhost:9000/order-service/api/vi/order/save?product_id=2&user_id=5

数据如下：

{"code":0,"data":{"id":0,"productName":"\"iPhone7data from port = 8771\"","tradeNo":"a43c4dd2-f978-4612-97aa-abb2fb735dba","price":7999,"createTime":"2019-01-06T09:39:50.436+0000","userId":5,"userName":null}}

 

同理其他访问

http://localhost:9000/product-service/api/vi/product/findById?id=2

{"id":2,"name":"iPhone7data from port = 8771","price":7999,"store":20}

自定义路由转发：

zuul:
  routes:
    order-service: /apigateway/**

http://localhost:9000/apigateway/api/vi/order/save?product_id=2&user_id=5

{"code":0,"data":{"id":0,"productName":"\"iPhone7data from port = 8771\"","tradeNo":"30bae8a6-ccef-49a0-b9fd-06f3afaceb28","price":7999,"createTime":"2019-01-06T09:53:54.154+0000","userId":5,"userName":null}}

 

环境隔离配置：
需求 ：不想让默认的服务对外暴露接口
/order-service/api/v1/order/save

配置：

#自定义路由映射
zuul:
  routes:
    order-service: /apigateway/**
    product-service: /apigateway/**
  #统一入口为上面的配置，其他入口忽略
  ignored-patterns: /*-service/**
  #忽略整个服务，对外提供接口
  #ignored-services: product-service

 

 

分析：

    这样配置之后，访问路径含有service都不行了，必须是apigateway前缀

/**是任意内容的：均可以访问

经测试将第二个会覆盖第一个，

也就是http://localhost:9000/apigateway/api/vi/order/save?product_id=2&user_id=5访问失败

http://localhost:9000/apigateway/api/vi/product/list可以访问

所有配置修改：

 

1 #自定义路由映射
2 zuul:
3   routes:
4     order-service: /apigateway/order/**
5     product-service: /apigateway/product/**   #统一入口为上面的配置，其他入口忽略
7   ignored-patterns: /*-service/**
8   #忽略整个服务，对外提供接口
9   #ignored-services: product-service

 

 

 

http://localhost:9000/apigateway/order/api/vi/order/save?product_id=2&user_id=5
http://localhost:9000/apigateway/product/api/vi/product/list

注意：如果知道ip也是可以访问的

http://localhost:8771/api/vi/product/findById?id=2

 补充：服务之间的调用都是通过内网访问

 

 

 

3、高级篇幅之Zuul常用问题分析和网关过滤器原理分析

简介：讲解Zuul网关原理和过滤器生命周期，

1、路由名称定义问题
路由映射重复覆盖问题

1 #自定义路由映射
2 zuul:
3   routes:
4     order-service: /apigateway/order/**
5     product-service: /apigateway/product/**   #统一入口为上面的配置，其他入口忽略
7   ignored-patterns: /*-service/**
8   #忽略整个服务，对外提供接口
9   #ignored-services: product-service

 

2、Http请求头过滤问题

1）对order-service服务的save方法进行修改

@RequestMapping("save")
    @HystrixCommand(fallbackMethod = "saveOrderFail")//调用save方法失败则执行saveOrderFail的方法
    public  Object save(@RequestParam("user_id")int userId, @RequestParam("product_id")int productId, HttpServletRequest request){
        String token = request.getHeader("token");
 5         String cookie = request.getHeader("cookie");
 6         System.out.println("token= "+token);
 7         System.out.println("cookie= "+cookie);
        Map<String, Object> data = new HashMap<>();
        data.put("code",0);
        data.put("data",productOrderService.save(userId,productId));
        return data;
    }

 

 

通过Postman访问，在Headers添加token,cookie

控制台

token= sdasdsadasd
cookie= null

 

 cookie没有值？

 为什么呢？

routes源码下

ZuulProperties类

private Set<String> sensitiveHeaders = new LinkedHashSet<>(
            Arrays.asList("Cookie", "Set-Cookie", "Authorization"));

 

已经过滤掉cookie,set-cookie,Authorization这三个参数

 

#自定义路由映射
zuul:
  routes:
    order-service: /apigateway/order/**
    product-service: /apigateway/product/**
  #统一入口为上面的配置，其他入口忽略
7   ignored-patterns: /*-service/**
  #处理http请求头为空的问题
9   sensitive-headers:

 注意：其实zuul就是filter结集合

 

 

4、自定义Zuul过滤器实现登录鉴权实战
简介：自定义Zuul过滤器实现登录鉴权实战

 在api-gateway服务下

1、新建一个filter包

2、新建一个类，实现ZuulFilter，重写里面的方法

 ACL访问控制列表，将路径（/apigateway/order/api/vi/order/save）存放到redis里面

3、在类顶部加注解，@Component,让Spring扫描

 

package com.po.apigateway.filter;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.apache.commons.lang.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
/*
登入过滤器
 */
@Component
public class LoginFilter extends ZuulFilter {

    /*
    前置过滤器
     */
    @Override
    public String filterType() {
        return PRE_TYPE;
    }
    /**
     * 过滤器顺序，越小越先执行
     * @return
     */
    @Override
    public int filterOrder() {
        return 4;
    }
    /**
     * 过滤器是否生效
     * @return
     */
    @Override
    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        //System.out.println("路径1： "+request.getRequestURL());//http://localhost:9000/apigateway/product/api/vi/product/list
       // System.out.println("路径2： "+request.getRequestURI());// /apigateway/product/api/vi/product/list
        if("/apigateway/order/api/vi/order/save".equalsIgnoreCase(request.getRequestURI())){
            return true;//拦截
        }else if("/apigateway/product/api/vi/product/list".equalsIgnoreCase(request.getRequestURI())){
            return true;
        }else if("/apigateway/product/api/vi/product/findById".equalsIgnoreCase(request.getRequestURI())){
            return true;
        }
        return false;
    }
    /**
     * 业务逻辑
     * @return
     */
    @Override
    public Object run() throws ZuulException {

        System.out.println("拦截了 ");
        RequestContext requestContext = RequestContext.getCurrentContext();
        HttpServletRequest request = requestContext.getRequest();
        String token = request.getHeader("token");
        if(StringUtils.isBlank(token)){//post请求的话
             token = request.getParameter("token");
        }
        if(StringUtils.isBlank(token)){ //登录校验逻辑  根据公司情况自定义 JWT技术
            requestContext.setSendZuulResponse(false);//不往下走
            //响应回去状态码 实际开发中对客户访问会带加密过的token过来，解密再判断是否为null,查数据库太慢了
            requestContext.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value());
        }
        return null;
    }
}

 

流程： shouldFilter方法中返回true，才会执行ZuulException 方法。

 

 

5、高级篇幅之高并发情况下接口限流特技
简介：谷歌guava框架介绍，网关限流使用

1、nginx层限流

2、网关层限流

 在filter包下

package com.po.apigateway.filter;

import com.google.common.util.concurrent.RateLimiter;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
/*
订单限流
 */
@Component
public class OrderRateLimiter extends ZuulFilter {
    //每秒产生1000个令牌
 private  static  final RateLimiter RATE_LIMITER=RateLimiter.create(1000);

    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return -4;
    }

    @Override
    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        if("/apigateway/order/api/vi/order/save".equalsIgnoreCase(request.getRequestURI())){
            return true;//拦截
        }
        return false;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext requestContext = RequestContext.getCurrentContext();
        if(!RATE_LIMITER.tryAcquire()){//太多请求
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(HttpStatus.TOO_MANY_REQUESTS.value());
        }
        return null;
    }
}

 

 

6、Zuul微服务网关集群搭建
简介：微服务网关Zull集群搭建

 

 

1、nginx+lvs+keepalive
https://www.cnblogs.com/liuyisai/p/5990645.html