SpringCloudAlibaba+Zuul+OAuth2 (三) 搭建Zuul网关微服务

前面已经搭建了资源认证服务auth 游戏服务game-service 但是现在面临3个问题：

1. 安全处理和业务逻辑在一起 增加了微服务的复杂性和变更成本
2. 随着业务节点的增加 认证服务器压力增大 现在服务都是需要请求auth服务来验证token
3. 多个微服务同时暴露 增加了外部访问的复杂性

      综上所述 我们采用JWT+Zuul来实现认证授权 JWT改造也很简单 参考Oauth认证服务器第一篇搭建：https://blog.csdn.net/qq_38723394/article/details/107072233 番外篇配置一下就可以了！

1.搭建Zuul网关微服务 添加依赖 启动类添加 @EnableZuulProxy注解

    <!--spring-boot版本--><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.2.5.RELEASE</version></parent><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><!--整合zuul--><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-netflix-zuul</artifactId></dependency><!--整合oauth2--><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-oauth2</artifactId></dependency><dependencyManagement><dependencies><!--整合spring cloud--><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>Hoxton.SR3</version><type>pom</type><scope>import</scope></dependency><!--整合spring cloud alibaba--><dependency><groupId>com.alibaba.cloud</groupId><artifactId>spring-cloud-alibaba-dependencies</artifactId><version>2.2.0.RELEASE</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement>

2.网关yml添加配置

zuul:routes:token:url: http://localhost:8088        #oauthgame:url: http://localhost:8181        #game-servicegameApi:                            url: http://localhost:6000        #game-api 后面新建得微服务# 设置转发头 敏感信息为nullsensitive-headers:
security:oauth2:#身份认证信息client:client-id: gateway_clientclient-secret: 123456resource:jwt:#告诉网关在哪里去拿jwt keykey-uri: http://localhost:8088/oauth/token_key  #org.springframework.security.oauth2.provider.endpoint.TokenKeyEndpoint

3.编写配置文件

/*** @Description 网关资源认证配置* @Date 2020/6/24 16:43* @Author Jax*/
@Configuration
@EnableResourceServer
public class ZuulSecurityConfig extends ResourceServerConfigurerAdapter {/*** 如果对安全校验不是很高得话，可以不配置这个 默认叫oauth2-resource **/@Overridepublic void configure(ResourceServerSecurityConfigurer resources) throws Exception {resources.resourceId("gateway");}/*** 配置除了 获取token 不需要认证 其他请求都需要认证* 根据自己得项目情况做配置 我这里是yml文件配置了前缀/token这个url是用来访问认证服务器 ** @param http* @throws Exception*/@Overridepublic void configure(HttpSecurity http) throws Exception {http.addFilterBefore(new ZuulAuditLogFilter(), ExceptionTranslationFilter.class).authorizeRequests().antMatchers("/token/**").permitAll().anyRequest().authenticated();}
}

4.做好上面得配置 下面我们新建一个springboot maven项目 game-api 相关依赖如下

<!--spring-boot 版本-->
<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.2.5.RELEASE</version>
</parent><!--spring-cloud  spring cloud alibaba版本--><dependencyManagement><dependencies><!--整合spring cloud--><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>Hoxton.SR3</version><type>pom</type><scope>import</scope></dependency><!--整合spring cloud alibaba--><dependency><groupId>com.alibaba.cloud</groupId><artifactId>spring-cloud-alibaba-dependencies</artifactId><version>2.2.0.RELEASE</version><type>pom</type><scope>import</scope></dependency></dependencies>
</dependencyManagement><!--整合oauth2-->
<dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId>
</dependency>

game-api yml 添加配置

server:port: 6000
spring:application:name: game-api
security:oauth2:client:client-id: api_clientclient-secret: 123456resource:jwt:key-uri: http://localhost:8088/oauth/token_key

数据库 拷贝一条数据 client_id改名叫game-api

INSERT INTO `oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES ('api_client', 'gateway,game-api', '$2a$10$HT1fF.8WhP08YblPWphCMeuzJM7AP68LR86uC/kX9tbXIHOxBbkMW', 'read,write', 'password', 'http://127.0.0.1', 'ROLE_PROJECT_ADMIN', 7200, 1800, NULL, 'true');

编写game-api配置文件

@Configuration
@EnableResourceServer
public class OAuthResourceServiceConfig extends ResourceServerConfigurerAdapter {@Overridepublic void configure(ResourceServerSecurityConfigurer resources) throws Exception {resources.resourceId("game-api");}}

编写一个controller 来获取当前用户 

@GetMapping("/user/test")
public String getUserMsg(@AuthenticationPrincipal String username){System.out.println("------->>>获取到的用户username="+username);return username;
}

OK 依次启动oauth ， gateway ，game-api 一定要先启动oauth 现在网关启动 要先去认证服务器获取jwt key

获取令牌 进行访问  搞定！

6.测试 获取token 及使用token获取用户信息

获取当前用户信息测试结果

至此 集成网关Zuul实现认证 完成~！！！