spring security的OAuth2單點登陸代碼分析

ZUUL ignore的header

0 = "authorization"
1 = "set-cookie"
2 = "expires"
3 = "x-content-type-options"
4 = "x-xss-protection"
5 = "cookie"
6 = "x-frame-options"
7 = "cache-control"
8 = "pragma"

委託過濾器的列表

 

0 = {WebAsyncManagerIntegrationFilter@8254} 
1 = {SecurityContextPersistenceFilter@8253} 
2 = {HeaderWriterFilter@8252} 
3 = {CsrfFilter@8251} 
4 = {SecurityConfiguration$2@8250} 
5 = {LogoutFilter@8247} 
6 = {OAuth2ClientAuthenticationProcessingFilter@8367} 
7 = {RequestCacheAwareFilter@8366} 
8 = {SecurityContextHolderAwareRequestFilter@8365} 
9 = {AnonymousAuthenticationFilter@8364} 
10 = {SessionManagementFilter@8363} 
11 = {ExceptionTranslationFilter@8362} 
12 = {FilterSecurityInterceptor@8777} 

 

ZUUL的配置項

public class ZuulConstants {
    public static final String ZUUL_CASSANDRA_ENABLED = "zuul.cassandra.enabled";
    public static final String ZUUL_NIWS_CLIENTLIST = "zuul.niws.clientlist";
    public static final String DEFAULT_NFASTYANAX_READCONSISTENCY = "default.nfastyanax.readConsistency";
    public static final String DEFAULT_NFASTYANAX_WRITECONSISTENCY = "default.nfastyanax.writeConsistency";
    public static final String DEFAULT_NFASTYANAX_SOCKETTIMEOUT = "default.nfastyanax.socketTimeout";
    public static final String DEFAULT_NFASTYANAX_MAXCONNSPERHOST = "default.nfastyanax.maxConnsPerHost";
    public static final String DEFAULT_NFASTYANAX_MAXTIMEOUTWHENEXHAUSTED = "default.nfastyanax.maxTimeoutWhenExhausted";
    public static final String DEFAULT_NFASTYANAX_MAXFAILOVERCOUNT = "default.nfastyanax.maxFailoverCount";
    public static final String DEFAULT_NFASTYANAX_FAILOVERWAITTIME = "default.nfastyanax.failoverWaitTime";
    public static final String ZUUL_CASSANDRA_KEYSPACE = "zuul.cassandra.keyspace";
    public static final String ZUUL_CASSANDRA_MAXCONNECTIONSPERHOST = "zuul.cassandra.maxConnectionsPerHost";
    public static final String ZUUL_CASSANDRA_HOST = "zuul.cassandra.host";
    public static final String ZUUL_CASSANDRA_PORT = "zuul.cassandra.port";
    public static final String ZUUL_EUREKA = "zuul.eureka.";
    public static final String ZUUL_AUTODETECT_BACKEND_VIPS = "zuul.autodetect-backend-vips";
    public static final String ZUUL_RIBBON_NAMESPACE = "zuul.ribbon.namespace";
    public static final String ZUUL_RIBBON_VIPADDRESS_TEMPLATE = "zuul.ribbon.vipAddress.template";
    public static final String ZUUL_CASSANDRA_CACHE_MAX_SIZE = "zuul.cassandra.cache.max-size";
    public static final String ZUUL_HTTPCLIENT = "zuul.httpClient.";
    public static final String ZUUL_USE_ACTIVE_FILTERS = "zuul.use.active.filters";
    public static final String ZUUL_USE_CANARY_FILTERS = "zuul.use.canary.filters";
    public static final String ZUUL_FILTER_PRE_PATH = "zuul.filter.pre.path";
    public static final String ZUUL_FILTER_POST_PATH = "zuul.filter.post.path";
    public static final String ZUUL_FILTER_ROUTING_PATH = "zuul.filter.routing.path";
    public static final String ZUUL_FILTER_CUSTOM_PATH = "zuul.filter.custom.path";

    //This property turns on the admin page. Note that the admin page should be only accessed internally
    //and should be protected from general access
    public static final String ZUUL_FILTER_ADMIN_ENABLED = "zuul.filter.admin.enabled";
    public static final String ZUUL_FILTER_ADMIN_REDIRECT = "zuul.filter.admin.redirect.path";


    public static final String ZUUL_DEBUG_REQUEST = "zuul.debug.request";
    public static final String ZUUL_DEBUG_PARAMETER = "zuul.debug.parameter";
    public static final String ZUUL_ROUTER_ALT_ROUTE_VIP = "zuul.router.alt.route.vip";
    public static final String ZUUL_ROUTER_ALT_ROUTE_HOST = "zuul.router.alt.route.host";
    public static final String ZUUL_ROUTER_ALT_ROUTE_PERMYRIAD = "zuul.router.alt.route.permyriad";
    public static final String ZUUL_ROUTER_ALT_ROUTE_MAXLIMIT = "zuul.router.alt.route.maxlimit";
    public static final String ZUUL_NIWS_DEFAULTCLIENT = "zuul.niws.defaultClient";
    public static final String ZUUL_DEFAULT_HOST = "zuul.default.host";
    public static final String ZUUL_HOST_SOCKET_TIMEOUT_MILLIS = "zuul.host.socket-timeout-millis";
    public static final String ZUUL_HOST_CONNECT_TIMEOUT_MILLIS = "zuul.host.connect-timeout-millis";
    public static final String ZUUL_INCLUDE_DEBUG_HEADER = "zuul.include-debug-header";
    public static final String ZUUL_INITIAL_STREAM_BUFFER_SIZE = "zuul.initial-stream-buffer-size";
    public static final String ZUUL_SET_CONTENT_LENGTH = "zuul.set-content-length";
    public static final String ZUUL_DEBUGFILTERS_DISABLED = "zuul.debugFilters.disabled";
    public static final String ZUUL_DEBUG_VIP = "zuul.debug.vip";
    public static final String ZUUL_DEBUG_HOST = "zuul.debug.host";

    // Prevent instantiation
    private ZuulConstants() {
        throw new AssertionError("Must not instantiate constant utility class");
    }

}

Ribbon的配置項(com/netflix/client/config/DefaultClientConfigImpl.java:70)

putDefaultIntegerProperty(CommonClientConfigKey.MaxHttpConnectionsPerHost, getDefaultMaxHttpConnectionsPerHost());
putDefaultIntegerProperty(CommonClientConfigKey.MaxTotalHttpConnections, getDefaultMaxTotalHttpConnections());
putDefaultBooleanProperty(CommonClientConfigKey.EnableConnectionPool, getDefaultEnableConnectionPool());
putDefaultIntegerProperty(CommonClientConfigKey.MaxConnectionsPerHost, getDefaultMaxConnectionsPerHost());
putDefaultIntegerProperty(CommonClientConfigKey.MaxTotalConnections, getDefaultMaxTotalConnections());
putDefaultIntegerProperty(CommonClientConfigKey.ConnectTimeout, getDefaultConnectTimeout());
putDefaultIntegerProperty(CommonClientConfigKey.ConnectionManagerTimeout, getDefaultConnectionManagerTimeout());
putDefaultIntegerProperty(CommonClientConfigKey.ReadTimeout, getDefaultReadTimeout());
putDefaultIntegerProperty(CommonClientConfigKey.MaxAutoRetries, getDefaultMaxAutoRetries());
putDefaultIntegerProperty(CommonClientConfigKey.MaxAutoRetriesNextServer, getDefaultMaxAutoRetriesNextServer());
putDefaultBooleanProperty(CommonClientConfigKey.OkToRetryOnAllOperations, getDefaultOkToRetryOnAllOperations());
putDefaultBooleanProperty(CommonClientConfigKey.FollowRedirects, getDefaultFollowRedirects());
putDefaultBooleanProperty(CommonClientConfigKey.ConnectionPoolCleanerTaskEnabled, getDefaultConnectionPoolCleanerTaskEnabled());
putDefaultIntegerProperty(CommonClientConfigKey.ConnIdleEvictTimeMilliSeconds, getDefaultConnectionidleTimeInMsecs());
putDefaultIntegerProperty(CommonClientConfigKey.ConnectionCleanerRepeatInterval, getDefaultConnectionIdleTimertaskRepeatInMsecs());
putDefaultBooleanProperty(CommonClientConfigKey.EnableGZIPContentEncodingFilter, getDefaultEnableGzipContentEncodingFilter());
String proxyHost = ConfigurationManager.getConfigInstance().getString(getDefaultPropName(CommonClientConfigKey.ProxyHost.key()));
if (proxyHost != null && proxyHost.length() > 0) {
    setProperty(CommonClientConfigKey.ProxyHost, proxyHost);
}
Integer proxyPort = ConfigurationManager
        .getConfigInstance()
        .getInteger(
                getDefaultPropName(CommonClientConfigKey.ProxyPort),
                (Integer.MIN_VALUE + 1)); // + 1 just to avoid potential clash with user setting
if (proxyPort != (Integer.MIN_VALUE + 1)) {
    setProperty(CommonClientConfigKey.ProxyPort, proxyPort);
}
putDefaultIntegerProperty(CommonClientConfigKey.Port, getDefaultPort());
putDefaultBooleanProperty(CommonClientConfigKey.EnablePrimeConnections, getDefaultEnablePrimeConnections());
putDefaultIntegerProperty(CommonClientConfigKey.MaxRetriesPerServerPrimeConnection, getDefaultMaxRetriesPerServerPrimeConnection());
putDefaultIntegerProperty(CommonClientConfigKey.MaxTotalTimeToPrimeConnections, getDefaultMaxTotalTimeToPrimeConnections());
putDefaultStringProperty(CommonClientConfigKey.PrimeConnectionsURI, getDefaultPrimeConnectionsUri());
putDefaultIntegerProperty(CommonClientConfigKey.PoolMinThreads, getDefaultPoolMinThreads());
putDefaultIntegerProperty(CommonClientConfigKey.PoolMaxThreads, getDefaultPoolMaxThreads());
putDefaultLongProperty(CommonClientConfigKey.PoolKeepAliveTime, getDefaultPoolKeepAliveTime());
putDefaultTimeUnitProperty(CommonClientConfigKey.PoolKeepAliveTimeUnits, getDefaultPoolKeepAliveTimeUnits());
putDefaultBooleanProperty(CommonClientConfigKey.EnableZoneAffinity, getDefaultEnableZoneAffinity());
putDefaultBooleanProperty(CommonClientConfigKey.EnableZoneExclusivity, getDefaultEnableZoneExclusivity());
putDefaultStringProperty(CommonClientConfigKey.ClientClassName, getDefaultClientClassname());
putDefaultStringProperty(CommonClientConfigKey.NFLoadBalancerClassName, getDefaultNfloadbalancerClassname());
putDefaultStringProperty(CommonClientConfigKey.NFLoadBalancerRuleClassName, getDefaultNfloadbalancerRuleClassname());
putDefaultStringProperty(CommonClientConfigKey.NFLoadBalancerPingClassName, getDefaultNfloadbalancerPingClassname());
putDefaultBooleanProperty(CommonClientConfigKey.PrioritizeVipAddressBasedServers, getDefaultPrioritizeVipAddressBasedServers());
putDefaultFloatProperty(CommonClientConfigKey.MinPrimeConnectionsRatio, getDefaultMinPrimeConnectionsRatio());
putDefaultStringProperty(CommonClientConfigKey.PrimeConnectionsClassName, getDefaultPrimeConnectionsClass());
putDefaultStringProperty(CommonClientConfigKey.NIWSServerListClassName, getDefaultSeverListClass());
putDefaultStringProperty(CommonClientConfigKey.VipAddressResolverClassName, getDefaultVipaddressResolverClassname());
putDefaultBooleanProperty(CommonClientConfigKey.IsClientAuthRequired, getDefaultIsClientAuthRequired());
// putDefaultStringProperty(CommonClientConfigKey.RequestIdHeaderName, getDefaultRequestIdHeaderName());
putDefaultBooleanProperty(CommonClientConfigKey.UseIPAddrForServer, getDefaultUseIpAddressForServer());
putDefaultStringProperty(CommonClientConfigKey.ListOfServers, "");

具體爲CommonClientConfigKey

public static final IClientConfigKey<String> AppName = new CommonClientConfigKey<String>("AppName"){};

public static final IClientConfigKey<String> Version = new CommonClientConfigKey<String>("Version"){};
    
public static final IClientConfigKey<Integer> Port = new CommonClientConfigKey<Integer>("Port"){};

public static final IClientConfigKey<Integer> SecurePort = new CommonClientConfigKey<Integer>("SecurePort"){};

public static final IClientConfigKey<String> VipAddress = new CommonClientConfigKey<String>("VipAddress"){};

public static final IClientConfigKey<Boolean> ForceClientPortConfiguration = new CommonClientConfigKey<Boolean>("ForceClientPortConfiguration"){}; // use client defined port regardless of server advert

public static final IClientConfigKey<String> DeploymentContextBasedVipAddresses = new CommonClientConfigKey<String>("DeploymentContextBasedVipAddresses"){};

public static final IClientConfigKey<Integer> MaxAutoRetries = new CommonClientConfigKey<Integer>("MaxAutoRetries"){};

public static final IClientConfigKey<Integer> MaxAutoRetriesNextServer = new CommonClientConfigKey<Integer>("MaxAutoRetriesNextServer"){};

public static final IClientConfigKey<Boolean> OkToRetryOnAllOperations = new CommonClientConfigKey<Boolean>("OkToRetryOnAllOperations"){};

public static final IClientConfigKey<Boolean> RequestSpecificRetryOn = new CommonClientConfigKey<Boolean>("RequestSpecificRetryOn"){};

public static final IClientConfigKey<Integer> ReceiveBufferSize = new CommonClientConfigKey<Integer>("ReceiveBufferSize"){};