Spring云网关 使用谓词检查标头授权
是否可以使用spring云网关配置的谓词部分检查标头授权,我的目标是在一个或多个endpoint上进行一些基本授权
我正在使用应用程序.yml 进行路由配置
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://service:8000
predicates:
- Path=/service/
**- Header= ??**
filters:
- name: CircuitBreaker
args:
name: slow
fallbackUri: forward:/fallback/service
共有2个答案
下面是我基于spring gateway的示例。如果没有头授权,访问http://localhost:20000/,响应代码是404。如果添加授权,响应代码为405,表示访问正常。请根据需要更改路径。
主要类别定义
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
@SpringBootApplication
public class DemogatewayApplication {
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http.httpBasic().and()
.csrf().disable()
.authorizeExchange()
.pathMatchers("/anything/**").authenticated()
.anyExchange().permitAll()
.and()
.build();
}
@Bean
public MapReactiveUserDetailsService reactiveUserDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();
return new MapReactiveUserDetailsService(user);
}
public static void main(String[] args) {
SpringApplication.run(DemogatewayApplication.class, args);
}
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>spring-cloud-gateway-sample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>spring-cloud-gateway-sample</name>
<description>Demo project for Spring Cloud Gateway</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.RC2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
application.yml定义
server:
port: 20000
spring:
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://www.sohu.com
predicates:
- Path=/
- Header=Authorization, Bearer [0-9a-zA-Z-.]*
弄清了语法,只有满足这两个条件才能路由到服务
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://service:8000
predicates:
- Path=/service/
- Header=Authorization, Basic password
filters:
- name: CircuitBreaker
args:
name: slow
fallbackUri: forward:/fallback/service
-
我在Spring Cloud Gateway上工作,我想用查询谓词定义一个路由,当任何查询参数值匹配时,这个路由应该匹配。 例如:我正在寻找一个场景,其中单个查询谓词可以获取多个匹配值。这可能吗? Spring Cloud 文档仅讨论如何匹配查询谓词的单个值 - https://cloud.spring.io/spring-cloud-gateway/multi/multi_gateway-req
-
在下面的spring cloud gateway配置中,我试图用匹配路径结束,但它不能匹配路径: spring cloud gateway打印以下日志:
-
我正在使用3.1.0版本的Spring Cloud Gateway,我需要帮助来检查和修复我的路由配置的路径谓词过滤器。 我试图在路径之间使用正则表达式,路由在我的配置中看起来像这样: 虽然这是一个有效的正则表达式,但我收到了路径请求的404错误代码: /random/path/12/update 因此,我需要帮助来找出这个usecase的正确配置。
-
我不熟悉spring微服务世界。由于我处于学习阶段,我尝试并实施了以下内容。 > 路由(能够使用Spring云网关进行路由) 负载平衡(Netflix Eureka) 限速和断路器 我只需要一些澄清和建议,说明在这些情况下该怎么做: 因为我已经创建了身份验证/授权作为一个单独的微服务集中。现在我如何实现这样的每个请求必须包含jwt令牌和通过API网关调用其他微服务也应该检查哪个用户有权限访问其他微
-
当我使用spring cloud gateway集成spring cloud sleuth时,我发现性能比单独使用spring cloud gateway慢得多。是否有优化方案? 机器配置:6芯,16g Spring云网关:5331.9 tps Spring云网关Spring云侦探:4119.47 tps “Spring云网关”比“Spring云网关Spring云侦探”慢约1000-2000tps
-
我想自定义发现定位器行为。例如,我的例子之一是从路由到名为的服务。为此,我使用以下配置: