场景说明:
* 该类uri不需要登陆,但又不允许外网通过网关调用,只允许微服务间在内网调用
* 为了方便拦截此场景的uri,我们自己约定一个规范,及uri中含有-anon/internal
* 如在oauth登陆的时候用到根据username查询用户
* 用户系统提供的查询接口/users-anon/internal肯定不能做登录拦截,而该接口也不能对外网暴露
* 如果有此类场景的uri,请用这种命名格式
sping cloud zuul 网关过滤
import javax.servlet.http.HttpServletRequest;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.PatternMatchUtils;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
@Component
public class InternalURIAccessFilter extends ZuulFilter {
@Override
public Object run() {
RequestContext requestContext = RequestContext.getCurrentContext();
requestContext.setResponseStatusCode(HttpStatus.FORBIDDEN.value());
requestContext.setResponseBody(HttpStatus.FORBIDDEN.getReasonPhrase());
requestContext.setSendZuulResponse(false);
return null;
}
@Override
public boolean shouldFilter() {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
return PatternMatchUtils.simpleMatch("*-anon/internal*", request.getRequestURI());
}
@Override
public int filterOrder() {
return 0;
}
@Override
public String filterType() {
return FilterConstants.PRE_TYPE;
}
}