一。为什么要有网关
我们先看一个图,如果按照consumer and server(最初的调用方式),如下所示
这样我们要面临如下问题:
1. 用户面临着一对N的问题既用户必须知道每个服务。随着服务的增多难免会....
2.消费端(在这里可能是服务,也有可能为controller等),如何进行安全控制?比如说对调用者身份的验证,防止爬虫,或者限制IP在一定时间内的请求数?
3.即便做了这些验证,那么每个消费端都要重复的编写代码?会不会造成冗余?
那么解决这些问题,我们不妨进行改造一下:
这样我们可以将一对N转成了一对一,用户只需跟网关打交道就好了,这样我们可以在网关里处理身份验证等安全性问题,何乐而不为呢
二。SpringCloud中的zuul
Zuul 是在云平台上提供动态路由,监控,弹性,安全等服务框架,Zuul 相当于是设备和 Netflix 流应用的 Web 网站后端所有请求的前门。同时Zuul使用一系列不同类型的过滤器,使我们能够快速,灵活地将功能应用于我们的安全服务。这些过滤器可帮助我们执行以下功能:
身份验证和安全性 - 识别每个资源的身份验证要求并拒绝不符合要求的请求。
洞察和监测 - 跟踪有意义的数据和统计数据,以便为我们提供准确的生产视图。
动态路由 - 根据需要动态路由请求到不同的后端群集。
压力测试 - 逐渐增加群集流量以衡量性能。
加载Shedding - 为每种类型的请求分配容量并删除超出限制的请求。
静态响应处理 - 直接在边缘建立一些响应,而不是将它们转发到内部群集
多区域弹性 - 跨AWS区域的路由请求,以便扩大我们的ELB使用范围。
1.首先我们先添加spring-cloud对zuul的依赖:
compile('org.springframework.cloud:spring-cloud-starter-zuul')
2.我们创建application.yml配置文件:
spring:
application:
name: gateway-server
server:
port: 8080
eureka:
client:
service-url:
defaultZone: http://localhost:8000/eureka
zuul:
routes:
orders:
path: /orders/**
#url: http://www.baidu.com
serviceId: ORDER-SERVER
pay:
path: /pay/**
serviceId: PAY-SERVER
3.编写启动类
package com.zhibo.springcloud.zuul; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy; @SpringBootApplication
@EnableDiscoveryClient
@EnableZuulProxy
public class ZuulApplication { public static void main(String[] args) {
SpringApplication.run(ZuulApplication.class,args);
}
}
注意@EnableZuulProxy是@EnableZuulServer的一个超集,我们可以通过源代码发现 org.springframework.cloud.netflix.zuul.ZuulProxyAutoConfiguration继承了ZuulServerAutoConfiguration
三。 zuul中的filter
4.1 filter(过滤器)是一个很重要的概念,它可以在真正的请求之前进行必要的业务操作,比如说验证等。那么在zuul中过滤器最核心的接口为IZuulFilter,该接口定义非常简单:
/*
* Copyright 2013 Netflix, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.netflix.zuul; import com.netflix.zuul.exception.ZuulException; /**
* BAse interface for ZuulFilters
*
* @author Mikey Cohen
* Date: 10/27/11
* Time: 3:03 PM
*/
public interface IZuulFilter {
/**
* a "true" return from this method means that the run() method should be invoked
*
* @return true if the run() method should be invoked. false will not invoke the run() method
*/
boolean shouldFilter(); /**
* if shouldFilter() is true, this method will be invoked. this method is the core method of a ZuulFilter
*
* @return Some arbitrary artifact may be returned. Current implementation ignores it.
* @throws ZuulException if an error occurs during execution.
*/
Object run() throws ZuulException; }
而ZuulFilter是一个实现IZuulFilter接口的抽象类,这个类在接口的基础上又添加了如下抽象方法
/**
* to classify a filter by type. Standard types in Zuul are "pre" for pre-routing filtering,
* "route" for routing to an origin, "post" for post-routing filters, "error" for error handling.
* We also support a "static" type for static responses see StaticResponseFilter.
* Any filterType made be created or added and run by calling FilterProcessor.runFilters(type)
*
* @return A String representing that type
*/
abstract public String filterType(); /**
* filterOrder() must also be defined for a filter. Filters may have the same filterOrder if precedence is not
* important for a filter. filterOrders do not need to be sequential.
*
* @return the int order of a filter
*/
abstract public int filterOrder();
我在这里简单解释一下这几个方法作用:
filterType:定义过滤器的类型:常见的有pre(预处理阶段) post(请求原始服务之前) error(发生错误以后) route(请求原始服务之后)
filterOrder:定义多个过滤器的优先级,值越小优先级越高
shouldFilter:值如果为true,那么终会执行run()方法
run : 过滤器实际上执行的内容
4.2 RequestContext是ConcurrentMap的一个子类,这个类可以拿到HttpServletRequest与HttpServletResponse,同时这个类当中的数据可以被多个zuulFilter共享,其中有几个方法值得我们注意以下:
getCurrentContext() 获取ThreadLocal中的RequestContext对象
setSendZuulResponse() 如果设置为false那么将终止对原始地址的路由
setResponseStatusCode() 设置http的状态响应码
addZuulResponseHeader() 设置响应头,通过这个方法我们能解决响应时中文乱码问题
setResponseBody() 设置响应体
4.3 代码示例:实现用户名验证
package com.zhibo.springcloud.zuul; import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; @Component
public class ValidateUserZuulFilter extends ZuulFilter { /**
*
* @return
*/
@Override
public String filterType() {
return "pre";
} @Override
public int filterOrder() {
return 0;
} @Override
public boolean shouldFilter() {
return true;
} @Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
String loginName = request.getParameter("loginName");
if (loginName == null || !"admin".equals(loginName)) {
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(500);
Gson gson = new GsonBuilder().create();
requestContext.addZuulResponseHeader("content-type", "application/json;charset=utf-8");
requestContext.setResponseBody(gson.toJson(new ResponseEntity("没有登录名", HttpStatus.CONFLICT)));
return null;
}
return null;
}
}
四。zuul中超时的设置总结
在这篇文章里已经很详细的说明了,请大家参考:周立的Springcloud超时总结