java B2B2C Springcloud電子商務平臺源碼-自定義feign配置與服務調用的安全驗證

時間 2019-12-04

標籤 java b2b2c springcloud 電子商務平臺源碼自定義 feign 配置服務調用安全驗證欄目 Java 简体版

原文原文鏈接

feign的使用，能夠簡化服務之間的調用，讓服務之間調用更加優雅，本文從feign自定義配置和建立feign完成服務之間複雜權限驗證，來進一步理解和定製feign。java

須要JAVA Spring Cloud大型企業分佈式微服務雲構建的B2B2C電子商務平臺源碼一零三八七七四六二六web

自定義配置spring

建立Feign的配置類瀏覽器

@Configuration
public class FeignConfiguration{
     @Bean
     public Contract feignContract(){
         return new feign.Contract.Default();
    }

    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor(){
         return new BasicAuthRequestInterceptor("user","password");
   }
}
複製代碼

說明：第一個@Bean配置是在FeignClient中的接口中使用Feign自帶的註解；第二個@Bean配置是在請求接口中要進行基於Http Basic的認證後才能調用。bash

FeignClient接口引用配置app

@FeignClient(name="hello", configuration=FeignConfiguration.class)
public interface HelloService{
    @RequestLine("GET /message")
    HelloMessage hello();
}
複製代碼

須要注意的是： FeignConfiguration類不能包含在主應用程序上下文的@ComponentScan中，不然該配置會被全部的@FeignClient共享。分佈式

Ribbon的自定義配置中也須要注意這個問題。ide

服務調用的複雜權限認證spring-boot

上面演示了服務之間能夠經過自定義配置完成基於Http Basic的認證，可是不能知足根據不一樣的角色不一樣的用戶執行不一樣的操做，即服務之間的調用有更復雜的權限要求，就不能知足要求了，這時候要針對feign作進一步的改進。微服務

引入spring-security（服務提供者）

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
複製代碼

關鍵權限配置（服務提供者）

package com.example.helloauth.configuration;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.Collection;

/**
 * @author billjiang 475572229@qq.com
 * @create 17-8-26
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
    }


    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }

    @Autowired
    private CustomUserDetailService userDetailService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        auth.userDetailsService(this.userDetailService).passwordEncoder(this.passwordEncoder());
    }

    @Component
    class CustomUserDetailService implements UserDetailsService{
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{
            if("user".equals(username)){
                return new SecurityUser("user","123456","user-role");
            }else if("admin".equals(username)){
                return new SecurityUser("admin","123456","admin-role");
            }else{
                return null;
            }
        }
    }

    class SecurityUser implements UserDetails{
        private static final long serialVersionUID=1L;

        public SecurityUser(String username,String password,String role){
            super();
            this.username=username;
            this.password=password;
            this.role=role;
        }

        public SecurityUser(){

        }

        @Override
        public Collection<? extends GrantedAuthority> getAuthorities() {
            Collection<GrantedAuthority> authorities=new ArrayList<>();
            SimpleGrantedAuthority authority=new SimpleGrantedAuthority(this.role);
            authorities.add(authority);
            return authorities;
        }


        private Long id;
        private String username;
        private String password;
        private String role;

        public Long getId() {
            return id;
        }

        public void setId(Long id) {
            this.id = id;
        }

        @Override
        public String getUsername() {
            return username;
        }

        @Override
        public boolean isAccountNonExpired() {
            return true;
        }

        @Override
        public boolean isAccountNonLocked() {
            return true;
        }

        @Override
        public boolean isCredentialsNonExpired() {
            return true;
        }

        @Override
        public boolean isEnabled() {
            return true;
        }

        public void setUsername(String username) {
            this.username = username;
        }

        @Override
        public String getPassword() {
            return password;
        }

        public void setPassword(String password) {
            this.password = password;
        }

        public String getRole() {
            return role;
        }

        public void setRole(String role) {
            this.role = role;
        }
    }

}
複製代碼

啓動項目hello-auth後,能夠見到頁面須要輸入用戶名和密碼才能訪問。

服務消費者hello-auth-feign修改

去掉啓動類上的@EnableFeignClients註解

去掉接口的@FeignClient的註解

package com.example.helloauthconsumerfeign.service;

import com.example.helloauthconsumerfeign.model.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;

/**
 * @author billjiang 475572229@qq.com
 * @create 17-8-23
 */
//@FeignClient(value="hello-auth")
public interface HelloAuthService {

    @GetMapping("/{id}")
    User findById(@PathVariable("id") Long id);


}
複製代碼

編寫Controller類以下

package com.example.helloauthconsumerfeign.controller;

import com.example.helloauthconsumerfeign.model.User;
import com.example.helloauthconsumerfeign.service.HelloAuthService;
import feign.Client;
import feign.Contract;
import feign.Feign;
import feign.auth.BasicAuthRequestInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import feign.codec.Decoder;
import feign.codec.Encoder;
import org.springframework.cloud.netflix.feign.FeignClientsConfiguration;
import org.springframework.context.annotation.Import;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;


/**
 * @author billjiang 475572229@qq.com
 * @create 17-8-26
 */
@Import(FeignClientsConfiguration.class)
@RestController
public class HelloAuthFeignController {
    private HelloAuthService userAuthService;

    private HelloAuthService adminAuthService;

    @Autowired
    public HelloAuthFeignController(Decoder decoder, Encoder encoder, Client client, Contract contract){
        this.userAuthService= Feign.builder().client(client).encoder(encoder).decoder(decoder).contract(contract)
                .requestInterceptor(new BasicAuthRequestInterceptor("user","123456"))
                .target(HelloAuthService.class,"http://hello-auth/");

        this.adminAuthService= Feign.builder().client(client).encoder(encoder).decoder(decoder).contract(contract)
                .requestInterceptor(new BasicAuthRequestInterceptor("admin","123456"))
                .target(HelloAuthService.class,"http://hello-auth/");
    }

    @GetMapping("/user/{id}")
    public User findByIdUser(@PathVariable Long id){
        return this.userAuthService.findById(id);
    }


    @GetMapping("/admin/{id}")
    public User findByIdAdmin(@PathVariable Long id){
        return this.adminAuthService.findById(id);
    }


}
複製代碼

消費者調用

在瀏覽器器分別輸入http://localhost:8031/admin/1和http://localhost:8031/user/2則能夠完成服務之間受權的調用。在實際業務中會根據不一樣的角色，執行不一樣的業務操做，基於以上示例能夠在服務之間完成複雜的服務鑑權。

java B2B2C Springcloud電子商務平臺源碼