2. 技术
    3. SpringCloudAlibaba+Zuul+OAuth2 (三) 搭建Zuul网关微服务

    SpringCloudAlibaba+Zuul+OAuth2 (三) 搭建Zuul网关微服务

    技术2022-07-14  61

    前面已经搭建了资源认证服务auth 游戏服务game-service 但是现在面临3个问题:

    安全处理和业务逻辑在一起 增加了微服务的复杂性和变更成本随着业务节点的增加 认证服务器压力增大 现在服务都是需要请求auth服务来验证token多个微服务同时暴露 增加了外部访问的复杂性

          综上所述 我们采用JWT+Zuul来实现认证授权 JWT改造也很简单 参考Oauth认证服务器第一篇搭建:https://blog.csdn.net/qq_38723394/article/details/107072233 番外篇配置一下就可以了!

    1.搭建Zuul网关微服务 添加依赖 启动类添加 @EnableZuulProxy注解

    <!--spring-boot版本--> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.5.RELEASE</version> </parent> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!--整合zuul--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-zuul</artifactId> </dependency> <!--整合oauth2--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <dependencyManagement> <dependencies> <!--整合spring cloud--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Hoxton.SR3</version> <type>pom</type> <scope>import</scope> </dependency> <!--整合spring cloud alibaba--> <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-alibaba-dependencies</artifactId> <version>2.2.0.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>

    2.网关yml添加配置

    zuul: routes: token: url: http://localhost:8088 #oauth game: url: http://localhost:8181 #game-service gameApi: url: http://localhost:6000 #game-api 后面新建得微服务 # 设置转发头 敏感信息为null sensitive-headers: security: oauth2: #身份认证信息 client: client-id: gateway_client client-secret: 123456 resource: jwt: #告诉网关在哪里去拿jwt key key-uri: http://localhost:8088/oauth/token_key #org.springframework.security.oauth2.provider.endpoint.TokenKeyEndpoint

    3.编写配置文件

    /** * @Description 网关资源认证配置 * @Date 2020/6/24 16:43 * @Author Jax */ @Configuration @EnableResourceServer public class ZuulSecurityConfig extends ResourceServerConfigurerAdapter { /** * 如果对安全校验不是很高得话,可以不配置这个 默认叫oauth2-resource **/ @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources .resourceId("gateway"); } /** * 配置除了 获取token 不需要认证 其他请求都需要认证 * 根据自己得项目情况做配置 我这里是yml文件配置了前缀/token这个url是用来访问认证服务器 * * @param http * @throws Exception */ @Override public void configure(HttpSecurity http) throws Exception { http.addFilterBefore(new ZuulAuditLogFilter(), ExceptionTranslationFilter.class) .authorizeRequests() .antMatchers("/token/**").permitAll() .anyRequest().authenticated(); } }

    4.做好上面得配置 下面我们新建一个springboot maven项目 game-api 相关依赖如下

    <!--spring-boot 版本--> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.5.RELEASE</version> </parent> <!--spring-cloud spring cloud alibaba版本--> <dependencyManagement> <dependencies> <!--整合spring cloud--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Hoxton.SR3</version> <type>pom</type> <scope>import</scope> </dependency> <!--整合spring cloud alibaba--> <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-alibaba-dependencies</artifactId> <version>2.2.0.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <!--整合oauth2--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>

    game-api yml 添加配置

    server: port: 6000 spring: application: name: game-api security: oauth2: client: client-id: api_client client-secret: 123456 resource: jwt: key-uri: http://localhost:8088/oauth/token_key

    数据库 拷贝一条数据 client_id改名叫game-api

    INSERT INTO `oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES ('api_client', 'gateway,game-api', '$2a$10$HT1fF.8WhP08YblPWphCMeuzJM7AP68LR86uC/kX9tbXIHOxBbkMW', 'read,write', 'password', 'http://127.0.0.1', 'ROLE_PROJECT_ADMIN', 7200, 1800, NULL, 'true');

    编写game-api配置文件

    @Configuration @EnableResourceServer public class OAuthResourceServiceConfig extends ResourceServerConfigurerAdapter { @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId("game-api"); } }

    编写一个controller 来获取当前用户 

    @GetMapping("/user/test") public String getUserMsg(@AuthenticationPrincipal String username){ System.out.println("------->>>获取到的用户username="+username); return username; }

    OK 依次启动oauth , gateway ,game-api 一定要先启动oauth 现在网关启动 要先去认证服务器获取jwt key

    获取令牌 进行访问  搞定!

    6.测试 获取token 及使用token获取用户信息

    获取当前用户信息测试结果

    至此 集成网关Zuul实现认证 完成~!!!

    Processed: 0.059, SQL: 9