SpringCloud微服务快速入坑
关键词:Spring Cloud、Spring Boot、Eureka、Zuul、Feign、Oauth2
初入服务端,菜鸟一枚
Spring Cloud 是基于Spring Boot的一整套完善的微服务框架,包含服务发现注册、配置中心、消息总线、负载均衡、断路器、数据监控等一系列组件,能够简单快速的的入坑微服务架构。
Spring Cloud的版本与Spring Boot有一定的对应关系,截至目前最新的稳定版本应该是Spring Cloud Greenwich + Spring Boot 2.1.x
服务治理
为什么需要服务治理
随着业务不断增长,为了追求更高的性能支撑业务,集群的引入使得服务架构的复杂度大大提升。庞大的集群容易出现各种各样的问题:
- 过多的服务URL配置困难
- 负载均衡分配节点压力过大的情况下也需要部署集群
- 服务依赖混乱,启动顺序不清晰
- 过多服务导致性能指标分析难度较大,需要监控
简单来说主要是通过服务治理可以通过服务名来访问服务,不需要通过url来直接访问,这样子可以有利于负载均衡实现与服务间解耦。
Eureka 入门
- maven依赖
<!-- 服务端 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>
<!-- 客户端 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
复制代码
- 服务端application.yml
spring:
application:
# 服务名
name: eureka-server
server:
# 端口
port: 8001
eureka:
instance:
hostname: localhost
client:
register-with-eureka: false
fetch-registry: false
复制代码
- 客户端application.yml
spring:
application:
# 服务名
name: xxx
eureka:
client:
serviceUrl:
# 指定服务注册中心的位置
defaultZone: http://localhost:8001/eureka/
复制代码
- 服务端注解@EnableEurekaServer
// import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
// 启动一个服务注册中心提供给其他应用进行对话
@EnableEurekaServer
@SpringBootApplication
public class EurekaServiceApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaServiceApplication.class, args);
}
}
复制代码
- 客户端注解@EnableEurekaClient
@EnableEurekaClient
@SpringBootApplication
public class EurekaServiceApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaServiceApplication.class, args);
}
}
复制代码
- 发现服务(查看已注册服务)
@Slf4j
@RestController
public class DcController {
@Autowired
DiscoveryClient mDiscoveryClient;
@GetMapping("/dc")
public Result dc() throws Exception {
// 发现服务
String services = "Services: " + mDiscoveryClient.getServices();
log.info(services);
return ResultUtils.resultData(ResultEnum.SUCCESS, "eureka-client返回的数据:" + services);
}
}
复制代码
- 其他
网页直接访问服务端可以查看当前已经注册了哪些服务
ex: http://localhost:8001/
服务网关
- 简介
服务网关是微服务架构中一个不可或缺的部分。通过服务网关统一向外系统提供REST API,具备服务路由、过滤、负载均衡等功能,也可以实现用户认证功能。目前用的比较多的有Zuul、Spring Cloud Gateway,Spring Cloud Gateway依赖Spring Boot和Spring Webflux提供的Netty runtime,是目前官方推荐的网关,但是我在使用过程中OAuth出现了问题,所以还是用的Zuul。
Zuul
- maven依赖
<!-- eureka客户端 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-zuul</artifactId>
</dependency>
复制代码
- application.yml
server:
port: 8002
spring:
application:
# 指定微服务的名称
name: api-gateway
zuul:
host:
connect-timeout-millis: 20000
socket-timeout-millis: 20000
ignoredServices: '*'
prefix: /api # 设置一个公共的前缀
routes:
auth-service:
path: /auth/**
sensitiveHeaders:
serviceId: service-auth
consumer-service:
path: /consumer/**
sensitiveHeaders:
serviceId: eureka-consumer
client-service:
path: /client/**
sensitiveHeaders:
serviceId: eureka-client
add-proxy-headers: true
include-debug-header: true
eureka:
client:
serviceUrl:
# 指定服务注册中心的位置
defaultZone: http://localhost:8001/eureka/
logging:
level:
com.netflix: DEBUG
复制代码
- 添加@EnableZuulProxy注解启动网关服务
@EnableZuulProxy
@EnableEurekaClient
@SpringBootApplication
public class ApiZuulApplication {
public static void main(String[] args) {
SpringApplication.run(ApiZuulApplication.class, args);
}
}
复制代码
- 其它
如果不使用路由,直接通过服务名访问服务,我在测试过程中遇到了Oauth一直显示认证失败的问题。
服务通信
简介
服务间通信实际上是通过Url(RestFul)来进行通信的,通过服务治理我们可以通过服务名等方式进行服务间通信
以下方式均调用的其他服务的同一个方法,服务名为 eureka-client
@Slf4j
@RestController
public class DcController {
@Autowired
DiscoveryClient mDiscoveryClient;
@GetMapping("/dc")
public Result dc() throws Exception {
// 发现服务
String services = "Services: " + mDiscoveryClient.getServices();
log.info(services);
return ResultUtils.resultData(ResultEnum.SUCCESS, "eureka-client返回的数据:" + services);
}
}
复制代码
LoadBalancerClient
LoadBalancerClient是带有负载均衡的最基础的服务间通信组件
- 启动配置
// 加入到服务治理
@EnableEurekaClient
@SpringBootApplication
public class Application {
// 初始化RestTemplate,用来真正发起REST请求
@Bean
public RestTemplate restTemplate() {
return new RestTemplate();
}
public static void main(String[] args) {
new SpringApplicationBuilder(Application.class).web(true).run(args);
}
}
复制代码
- 使用方法
@Slf4j
@RequestMapping("/lbc")
@RestController
public class LbcController {
@Autowired
LoadBalancerClient loadBalancerClient;
@Autowired
RestTemplate restTemplate;
/**
* 通过loadBalancerClient的choose函数来负载均衡的选出一个eureka-client的服务实例,
* 这个服务实例的基本信息存储在ServiceInstance中,然后通过这些对象中的信息拼接出访问/dc接口的详细地址,
* 最后再利用RestTemplate对象实现对服务提供者接口的调用。
*/
@GetMapping("/consumer")
public Result dc() {
ServiceInstance serviceInstance = loadBalancerClient.choose("eureka-client");
String url = "http://" + serviceInstance.getHost() + ":" + serviceInstance.getPort() + "/dc";
log.info(url);
return restTemplate.getForObject(url, Result.class);
}
}
复制代码
Ribbn
Spring Cloud Ribbon是基于Netflix Ribbon实现的一套客户端负载均衡的工具。它是一个基于HTTP和TCP的客户端负载均衡器。
- maven依赖
<!-- Ribbn -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-ribbon</artifactId>
<version>1.4.7.RELEASE</version>
</dependency>
复制代码
- 启动配置
// 相对于LoadBalancerClient只添加一个@LoadBalanced的注解
@EnableEurekaClient
@SpringBootApplication
public class Application {
@Bean
@LoadBalanced
public RestTemplate restTemplate() {
return new RestTemplate();
}
public static void main(String[] args) {
new SpringApplicationBuilder(Application.class).web(true).run(args);
}
}
复制代码
- 使用方法
// 相对于LoadBalancerClient调用方式简化了一点点
@Slf4j
@RequestMapping("/ribbon")
@RestController
public class RibbonController {
@Autowired
RestTemplate restTemplate;
@GetMapping("/consumer")
public Result consumer() {
return restTemplate.getForObject("http://eureka-client/dc", Result.class);
}
}
复制代码
Feign
这个是我比较喜欢的方式,调用简单,也可以通过 RequestInterceptor
统一设置Header用来做用户认证
- maven依赖
<!-- Feign -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-feign</artifactId>
<version>1.4.7.RELEASE</version>
</dependency>
复制代码
- 启动配置,只需要添加一个注解即可
// 通过@EnableFeignClients注解开启扫描Spring Cloud Feign客户端的功能
@EnableFeignClients
@EnableEurekaClient
@SpringBootApplication
public class EurekaConsumerApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaConsumerApplication.class, args);
}
}
复制代码
-
使用方法
-
第一步先定义一个接口文件
/**
* 创建一个Feign的客户端接口定义。
* 使用@FeignClient注解来指定这个接口所要调用的服务名称,
* 接口中定义的各个函数使用Spring MVC的注解就可以来绑定服务提供方的REST接口
* <p>
*
* @author 张钦
* @date 2019/10/31
*/
@FeignClient(name = "eureka-client")
public interface DcClient {
@GetMapping("/dc")
Result consumer();
}
复制代码
- 第二步直接调用定义的接口就可以
@RequestMapping("/feign")
@RestController
public class FeignController {
@Autowired
DcClient mDcClient;
@GetMapping("/consumer")
public Result consumer() {
return mDcClient.consumer();
}
}
复制代码
-
通过
RequestInterceptor拦截器为服务请求添加Oauth2认证参数
@Component
public class SecuringRequestInterceptor implements RequestInterceptor {
@Override
public void apply(RequestTemplate requestTemplate) {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder
.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
String authorization = request.getHeader("Authorization");
if (!StringUtils.isEmpty(authorization)) {
requestTemplate.header("Authorization", authorization);
}
}
}
复制代码
Oauth2.0
Oauth2.0认证占用本文大半篇幅,但也是简单使用,后期准备在补一篇完整的 Spring Cloud Oauth2
使用水文。
Spring Cloud Oauth依赖了Spring Security,所以角色权限认证均使用的Spring Security的方式认证。
本文仅使用Redis存储Oauth2相关数据
- 授权服务器maven文件
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<!-- 监控系统健康情况 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!-- 对spring-cloud-starter-security、spring-security-oauth2、spring-security-jwt这3个依赖的整合 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
复制代码
- Oauth2有三张基础表,可以根据业务增加字断,表结构如下:
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for role -- ---------------------------- DROP TABLE IF EXISTS `role`; CREATE TABLE `role` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; -- ---------------------------- -- Table structure for user -- ---------------------------- DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `username` varchar(255) NOT NULL, `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `UK_sb8bbouer5wak8vyiiy4pf2bx` (`username`) ) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8; -- ---------------------------- -- Table structure for user_role -- ---------------------------- DROP TABLE IF EXISTS `user_role`; CREATE TABLE `user_role` ( `user_id` bigint(20) NOT NULL, `role_id` bigint(20) NOT NULL, KEY `FKa68196081fvovjhkek5m97n3y` (`role_id`), KEY `FK859n2jvi8ivhui0rl0esws6o` (`user_id`), CONSTRAINT `FK859n2jvi8ivhui0rl0esws6o` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`), CONSTRAINT `FKa68196081fvovjhkek5m97n3y` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; SET FOREIGN_KEY_CHECKS = 1; 复制代码
-
先写一下获取用户信息吧
Oauth2默认调用
org.springframework.security.core.userdetails.UserDetailsService获取用户信息,所以我们继承UserDetailsService重写loadUserByUsername方法来实现获取用户的方法。-
创建一个
AuthUserDetailsService类
@Slf4j @Service("userDetailService") public class AuthUserDetailsService implements UserDetailsService { @Autowired private UserDao mUserDao; @Autowired private UserRoleDao mUserRoleDao; @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { List<UserDo> userDos = mUserDao.listUserByUserName(userName); if (userDos == null || userDos.size() == 0) { throw new UsernameNotFoundException("用不存在"); } UserDo userDo = userDos.get(0); List<RoleDo> roleDos = mUserRoleDao.listRoleByUserId(userDo.getId()); userDo.setAuthorities(roleDos); log.info(userDo.toString()); return userDo; } } 复制代码-
UserDo实现了UserDetails的相关接口
@Data public class UserDo implements UserDetails, Serializable { private Long id; private String username; private String password; private List<RoleDo> authorities; @Override public Collection<? extends GrantedAuthority> getAuthorities() { return authorities; } /** * 过期性 :true:没过期 false:过期 * * @return */ @Override public boolean isAccountNonExpired() { return true; } /** * 锁定性 :true:未锁定 false:已锁定 * * @return */ @Override public boolean isAccountNonLocked() { return true; } /** * 有效性 :true:凭证有效 false:凭证无效 * * @return */ @Override public boolean isCredentialsNonExpired() { return true; } /** * 可用性 :true:可用 false:不可用 * * @return */ @Override public boolean isEnabled() { return true; } } 复制代码-
RoleDo
从上面代码可以看到
getAuthorities方法返回的集合数据里面的对象继承了GrantedAuthority,所以我们的RoleDo要实现GrantedAuthority接口@Data public class RoleDo implements GrantedAuthority, Serializable { private Long id; private String name; @Override public String getAuthority() { return name; } } 复制代码 -
创建一个
-
WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthUserDetailsService userDetailService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.anyRequest()
.and()
.authorizeRequests()
// 放行 /oauth/ 下面的Api
.antMatchers("/oauth/**")
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* 不定义没有password grant_type
*
* @return
* @throws Exception
*/
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
// TODO: 用户密码加密方式
public static void main(String[] args) {
System.out.println(new BCryptPasswordEncoder().encode("123456"));
}
}
复制代码
- OAuth2AuthorizationConfig
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Autowired
private AuthUserDetailsService userDetailService;
private static final String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("sdwfqin");
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(redisConnectionFactory);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 将客户端的信息存储在内存中
clients.inMemory()
// 创建了一个client名为android的客户端
.withClient("android")
.secret(finalSecret)
// 配置验证类型
.authorizedGrantTypes("password", "refresh_token")
// 配置客户端域
.scopes("mobile")
.and()
.withClient("service")
.secret(finalSecret)
.authorizedGrantTypes("client_credentials", "refresh_token")
.scopes("service");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// 配置Token的存储方式
endpoints
// 读取用户的验证信息
.userDetailsService(userDetailService)
// 注入WebSecurityConfig配置的bean
.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.tokenServices(redisTokenServices());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
// 允许表单认证
.allowFormAuthenticationForClients()
// 对获取Token的请求不再拦截
.tokenKeyAccess("permitAll()")
// 验证获取Token的验证信息
.checkTokenAccess("isAuthenticated()");
}
@Bean
public DefaultTokenServices redisTokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);
// token有效期自定义设置,默认12小时
tokenServices.setAccessTokenValiditySeconds(60 * 60 * 12);
// refresh_token默认30天
tokenServices.setRefreshTokenValiditySeconds(60 * 60 * 24 * 7);
return tokenServices;
}
}
复制代码
- 为其他服务暴露获取用户信息的接口
@Slf4j
@RestController
@RequestMapping("/user")
public class UserController {
@RequestMapping(value = "/current", method = RequestMethod.GET)
public Principal getUser(Principal principal) {
log.info(">>>>>>>>>>>>>>>>>>>>>>>>");
log.info(principal.toString());
log.info(">>>>>>>>>>>>>>>>>>>>>>>>");
return principal;
}
@GetMapping("/register")
public Result register() {
return ResultUtils.resultData(ResultEnum.SUCCESS, "注册");
}
}
复制代码
-
授权服务上面的资源服务配置
ResourceServerConfig
@Slf4j
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//当权限不足时返回
resources.accessDeniedHandler((request, response, e) -> {
log.error("【accessDeniedHandler】{}", e.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
// 统一认证失败返回的异常
response.getWriter()
.write(objectMapper.writeValueAsString(ResultUtils.errorData(ResultEnum.AUTHORITY_ERROR)));
});
//当token不正确时返回
resources.authenticationEntryPoint((request, response, e) -> {
log.error("【authenticationEntryPoint】{}", e.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
response.getWriter()
.write(objectMapper.writeValueAsString(ResultUtils.errorData(ResultEnum.TOKEN_ERROR)));
});
}
@Override
public void configure(HttpSecurity http) throws Exception {
// 配置哪些请求需要验证
http.csrf().disable()
.httpBasic().disable()
.authorizeRequests()
// 放行start
.antMatchers("/user/register")
.permitAll()
// 放行end
// ==========
// 认证start
.anyRequest()
.authenticated();
}
}
复制代码
-
资源服务器鉴权
- maven文件
<!-- 对spring-cloud-starter-security、spring-security-oauth2、spring-security-jwt这3个依赖的整合 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> 复制代码- ResourceServerConfig配置跟上面的基本相似,设置服务内的放行规则
@Slf4j @Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { private ObjectMapper objectMapper = new ObjectMapper(); @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { // 设置资源服务器id,需要与认证服务器对应 // resources.resourceId("service-auth"); //当权限不足时返回 resources.accessDeniedHandler((request, response, e) -> { log.error("【accessDeniedHandler】{}", e.getMessage()); response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE); response.getWriter() .write(objectMapper.writeValueAsString(ResultUtils.errorData(ResultEnum.AUTHORITY_ERROR))); }); //当token不正确时返回 resources.authenticationEntryPoint((request, response, e) -> { log.error("【authenticationEntryPoint】{}", e.getMessage()); response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE); response.getWriter() .write(objectMapper.writeValueAsString(ResultUtils.errorData(ResultEnum.TOKEN_ERROR))); }); } @Override public void configure(HttpSecurity http) throws Exception { // 配置哪些请求需要验证 http.csrf().disable() .httpBasic().disable() .authorizeRequests() .anyRequest() .authenticated(); } } 复制代码- application.yml
通过走zuul的路由访问。
security: oauth2: resource: user-info-uri: http://localhost:8002/api/auth/user/current client: client-id: service client-secret: sdwfqin access-token-uri: http://localhost:8002/api/auth/oauth/token user-authorization-uri: http://localhost:8002/api/auth/oauth/authorize scope: service 复制代码
正文到此结束
- 本文标签: 服务端 tab json ribbon 负载均衡 final 微服务 配置 关键词 bean web TCP springboot servlet Eureka 配置中心 压力 client IDE message Collection authenticate 实例 Spring cloud js 锁 zab map http Service java 代码 Spring Security maven list zuul tar build 2019 redis Logging IO 认证 Android springcloud https 参数 Proxy sql core spring Netty Security Spring Boot db value Netflix Connection 部署 数据 ACE mapper 测试 App token struct mybatis 服务注册 集群 src rmi API Authorization id 端口 key Feign CDN consumer 加密 UI Word ORM 服务器 CTO bug ip REST 注册中心 cat dist mysql RESTful connectionFactory
- 版权声明: 本文为互联网转载文章,出处已在文章中说明(部分除外)。如果侵权,请联系本站长删除,谢谢。
- 本文海报: 生成海报一 生成海报二
热门推荐
相关文章
Loading...
![[HBLOG]公众号](https://www.liuhaihua.cn/img/qrcode_gzh.jpg)
