Zuul gateway service of spring cloud
Why do I need a gateway?
We know that we want to enter a service itself. Obviously, we don't have a particularly good way to directly enter the IP address + port number. We know that this method is very bad. This method is very problematic. First, it exposes the IP address of our physical machine. When others see your IP address, they will know where the service is deployed, so that others can easily attack.
Second, we have so many services, do we need to call them one by one? Let's assume that we have done a permission authentication. Each of our customers accesses service programs running on different JVMs on different machines. Each of our services needs a service authentication. Is this annoying? It's obviously annoying.
Then we are faced with these two and their general problems, and we need a way to solve them. First of all, let's look at the exposure of the IP address and the single point problem caused by the death of the IP address. Do I have to dynamically maintain the list of services for the service itself? Do I need to call the service itself? Do I also need something like load balancing,
There are also things about IP address exposure. Do I need to make an agent, like the reverse agent of nginx, and deploy public modules on this thing, such as permission verification of all entries. Therefore, we now need zuul API gateway. It solves the above problem. If you want to call a service, it will map you and map the IP address of your service to
If you enter a path and it matches, it will access the service for you. It will have a request forwarding process. Like nginx, the instance of the service machine has specific strength. It will not directly access the IP. It will go to the Eureka registry to get the instance ID of the service, that is, the name of the service. I use the load balancing ribbon of the client again to access one of the service instances.
The API gateway is mainly used to solve the problem of external calls of the service itself and permission verification. You can integrate and call a series of filters here, such as Shiro and spring security.
Zuul can realize the following functions by loading the dynamic filtering mechanism:
1. Verification and security: identify the verification requirements for various resources and reject those requests that do not meet the requirements.
2. Review and monitoring: track meaningful data and statistical results at the edge, so as to bring us accurate production status conclusions.
3. Dynamic routing: dynamically route requests to different back-end clusters as needed.
4. Stress test: gradually increase the load flow to the cluster to calculate the performance level.
5. Load distribution: allocate corresponding capacity for each load type, and discard requests exceeding the limit value.
6. Static response processing: a partial response is directly established at the edge to prevent it from flowing into the internal cluster.
7. Multi area flexibility: request routing across AWS area aims to diversify the use of ELB and ensure that the edge position is as close to the user as possible.
Then come down for a small practical demo
The first step is to create a zuul module under the original project and introduce dependencies. The code is as follows:
Then mark the @ enablezuulproxy annotation on the startup class. The code is as follows:
Then start the registry and two Hello service providers in the previous article, and then run it to see its request forwarding function to see if it polls the two services,
Enter localhost: 5000 / Hello service / Hello, as follows:
Then refresh again:
You can see that zuul has distributed the request. It is mapped to a specific machine according to your service name Hello servie. Isn't this the function of a reverse proxy?
Zuul can also perform request filtering. Let's perform token verification to demonstrate. First, we need to create a tokenfilter class to inherit zuulfilter and implement its four interfaces. The code is as follows:
Filtertype: returns a string representing the filter type. Four filter types with different lifecycles are defined in zuul, as follows:
1. pre: it can be called before the request is routed. In the phase of the routing mapping, it is looking for the routing map table.
2. Route: called when routing a request. The specific route forwarding filter will be called when the routing router forwards a specific request
3. Error: called when an error occurs while processing a request
4. Post: the filter will be called only after routing and error are run. It is in the final stage
Here is a statement about the exception that occurs when the zuul filter executes the network request. The exception caught by the try catch cannot be directly thrown to the page in the filter. Exceptions thrown by the application can be returned. The solution is to use context in catch The set () method returns to the page. As follows:
Next, you need to add this filter to spring to manage it. The code is as follows:
Next, let's start the startup class and access without token first, as follows:
It can be seen that a message without permission is returned. Here, the token is usually placed in the request header. We didn't do that here just for demonstration,
Then take the token to access, as follows:
You can see that our request has been put away.
Here I will also talk about what is the default route. Delete zuul's configuration from the routing configuration, as follows:
Then restart to continue the access, as follows:
It can be seen that we can still continue to access. We don't have any configuration, but we can still access. That's because your service name Hello service is automatically declared here by default.
Well, if I don't want it to be declared automatically for me and I want to define it myself, I can use zuu in the YML configuration file Ignored services can filter itself like a filter, as follows:
Then let's talk about the mapping rules, for example
The two zuul configuration mapping paths here have / Hello service /. You can see that / Hello service / * * includes / Hello service / ext / * * whether there is a conflict between the two paths when matching, and how to deal with it? Who matches first?
Here is the order defined in YML. If it is application The order of the configuration files in properties format cannot be guaranteed. The configuration files in YML format are in order, which can be guaranteed. Note here.
What if we want to define matching rules? Then we need to define a bean in the startup class, which determines your route, as follows:
There will be no demonstration here. You can find the information slowly when you need it.
There are also ignored patterns:, as follows:
Ignored patterns: means to block the path of / hello / * * even if you can't / Hello service / hello / * * and still block it. We can further refine this configuration. For example, if I don't want to route the / Hello interface, we can configure it as above
What if we also want to configure a service prefix? The code is as follows:
You can see that the services you access must be prefixed with / API /, such as / API / Hello service/**
What if we want to jump to my local if we still want to make a path access?
I hope the user can automatically jump to this method when accessing / local. At this time, we need to use zuul's local jump. The configuration method is as follows:
Some of our commonly used, spring security, or some third-party components, will get some of your cookie information. For security reasons, zuul gateway will kill all your cookie information. There is no way to make cookies. It was killed by default.
Here zuul provides zuul Sensitive headers to make these cookies and headers for you. Don't filter these information. Control your sensitive information.
By default, sensitive header information cannot be transmitted through the API gateway. We can make it transmitted through the following configuration:
It can also be used with some detailed configurations of hystrix, as mentioned earlier. Not here
The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support programming tips.