一、达到的目标
/order/create 只能买家访问
/order/finish 只能卖家访问
/product/list 都能访问
二、创建User工程
1、创建user工程
选择的依赖
2、创建user-dev.yml文件到gitee(码云)
spring:
datasource:
driver-class-name: com.mysql.jdbc.Driver
username: root
password: 123456
url: jdbc:mysql://127.0.0.1:3306/SpringCloud_Sell?characterEncoding=utf-8&useSSL=false
jpa:
show-sql: true
3、然后在配置中心查看
4、创建bootstrap.yml
5、增加EnableDiscoveryClient注解
6、 pom.xml文件
增加spring-boot-starter-web
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
7、最后启动User工程
查看Eureka中心,可以看到User已经在了。
8. 然后将User工程进行模块拆分
二、api-gateway工程
1、修改api-gateway的配置。全部服务都可传递Cookie
三、增加权限验证
1、增加AuthFilter
/**
* 权限拦截(区分卖家和买家)
* Created by Think on 2019/2/16.
*/
@Component
public class AuthFilter extends ZuulFilter{
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public int filterOrder() {
return PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
/*
/order/create 只能买家访问(cookei里有openid)
/order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
/product/list 都能访问
*/
if("/order/create".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "openid");
if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
if("/order/finish".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "token");
if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
return null;
}
}
2、启动其它工程
3、测试
以上返回是错误的,应该禁止访问。修改如下路径/order/order/create
/**
* 权限拦截(区分卖家和买家)
* Created by Think on 2019/2/16.
*/
@Component
public class AuthFilter extends ZuulFilter{
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public int filterOrder() {
return PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
/*
/order/create 只能买家访问(cookei里有openid)
/order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
/product/list 都能访问
*/
if("/order/order/create".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "openid");
if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
if("/order/order/finish".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "token");
if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
return null;
}
}
然后API-Gateway工程中增加Redis配置
这样再次请求在返回401.
先登录,在调用create 创建订单,则可以调用成功。
同理,测试finish接口
http://localhost:9000/order/order/finish,返回401
所以卖家先进行登录操作
在进行订单finish操作
4、优化。将AuthFilter拆分成AuthSellerFilter和AuthBuyerFilter
AuthBuyerFilter.java
@Component
public class AuthBuyerFilter extends ZuulFilter{
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public int filterOrder() {
return PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public boolean shouldFilter() {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
if("/order/order/create".equals(request.getRequestURI())){
return true;
}
return false;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
/*
/order/create 只能买家访问(cookei里有openid)
*/
Cookie cookie = CookieUtil.get(request, "openid");
if(cookie == null || StringUtils.isEmpty(cookie.getValue())){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
return null;
}
}
AuthSellerFilter.java
@Component
public class AuthSellerFilter extends ZuulFilter{
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Override
public String filterType() {
return PRE_TYPE;
}
@Override
public int filterOrder() {
return PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public boolean shouldFilter() {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
if("/order/order/finish".equals(request.getRequestURI())){
return true;
}
return false;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
/*
/order/finish 只能卖家访问(cookie里有token,并且对应redis中的值)
*/
Cookie cookie = CookieUtil.get(request, "token");
if(cookie == null || StringUtils.isEmpty(cookie.getValue()) ||
StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_TEMPLATE,cookie.getValue())))){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
return null;
}
}