上篇文章主要讲解Oauth2模块、user-service模块、feign模块,那么作为重中之重的gateway,我们将其做成资源服务器来进行开发。
一、资源服务器的实现方式
资源服务器在实际开发有两种实现方式:
(1)gateway做网关转发,不做资源服务器,由各个微服务模块自己去做资源服务器;
(2)gateway做网关转发 并且 做资源服务器。
前者方案使得每一个微服务模块都需要导入oauth2相关依赖,并且做处理,过于繁琐且耦合高。
所以本文章在接下来介绍,也就是文章的重点,并且会介绍到如何解决通过gateway去认证授权,跳转到oauth2认证授权后,跳转不回或重定向不到gatway的bug。
二、gateway模块
1、模块结构
2、pom
<dependencies>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<!--加载bootstrap 文件-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
<!--客户端负载均衡loadbalancer-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-loadbalancer</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>com.white</groupId>
<artifactId>common</artifactId>
<version>1.0</version>
<scope>compile</scope>
</dependency>
</dependencies>3、bootstrap
server:
port: 10000
spring:
application:
name: gateway
profiles:
active: dev
cloud:
gateway:
routes:
- id: user
uri: lb://user-service # 客户端负载均衡 loadbalancer
predicates:
- Path=/user/**,/admin/**
- id: order
uri: lb://order-service
predicates:
- Path=/order/**
- id: oauth
uri: lb://oauth-service
predicates:
- Path=/uaa/**
nacos:
discovery:
server-addr: localhost:8848
redis:
host: 127.0.0.1
port: 6379
security:
oauth2:
resourceserver:
jwt:
#配置RSA的公钥访问地址 端口对应上篇文章的oauth2模块服务的端口
jwk-set-uri: 'http://localhost:8101/uaa/rsa/publicKey'
main:
web-application-type: reactive4.GatewayApp启动类
@SpringBootApplication(exclude= {DataSourceAutoConfiguration.class})
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class GatewayApp
{
public static void main( String[] args )
{
SpringApplication.run(GatewayApp.class,args);
}
}
5.IgnoreUrlsConfig
package com.white.gateway.config;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class IgnoreUrlsConfig {
public List<String> getUrls() {
ArrayList<String> objects = new ArrayList<>();
objects.add("/uaa/**");
objects.add("/user/**");
return objects;
}
}
6.IgnoreUrlsRemoveJwtFilter
package com.white.gateway.filter;
import com.white.gateway.config.IgnoreUrlsConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springf
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
