1. 回顾
上文讲解了自定义Feign。但是在某些场景下,前文自定义Feign的方式满足不了需求,此时可使用Feign Builder API手动创建Feign。
本文围绕以下场景,为大家讲解如何手动创建Feign。
- 用户微服务的接口需要登录后才能调用,并且对于相同的API,不同角色的用户有不同的行为。
- 让电影微服务中的同一个Feign接口,使用不同的账号登录,并调用用户微服务的接口。
2. 修改用户微服务
> 复制项目 microservice-provider-user,将 ArtifactId 修改为 microservice-provider-user-with-auth
> 添加Spring Security依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
> 创建 Spring Security的配置类
package com.itmuch.cloud.microserviceprovideruserwithauth.security; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import java.util.ArrayList; import java.util.Collection; public class SecurityUser implements UserDetails { private static final long serialVersoinUID = 1L; private Long id; private String username; private String password; private String role; public SecurityUser() { } public SecurityUser(String username, String password, String role) { this.username = username; this.password = password; this.role = role; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); SimpleGrantedAuthority authority = new SimpleGrantedAuthority(this.role); authorities.add(authority); return authorities; } @Override public String getPassword() { return password; } @Override public String getUsername() { return username; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } public Long getId() { return id; } public void setId(Long id) { this.id = id; } public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } }
package com.itmuch.cloud.microserviceprovideruserwithauth.security; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; @Component public class CustomUserDetailsService implements UserDetailsService { /** * 模拟两个账户 * ① 账号是user,密码是password1,角色是user-role * ② 账号时候admin,密码是password1,角色是admin-role * @param username * 用户名 * @return * * @throws UsernameNotFoundException */ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { if ("user".equals(username)) { return new SecurityUser("user", "password1", "user-role"); } else if ("admin".equals(username)) { return new SecurityUser("admin", "password2", "admin-role"); } else { return null; } } }
package com.itmuch.cloud.microserviceprovideruserwithauth.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CustomUserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { // 所有的请求,都需要经过HTTP basic认证
http .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); } @Bean public PasswordEncoder passwordEncoder() { // 明文编码器。这个一个不做任何操作的密码编码器,是Spring提供给我们做明文测试的
return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder()); } }
> 修改Controller,在其中打印当前登录的用户信息
package com.itmuch.cloud.microserviceprovideruserwithauth.controller; import com.itmuch.cloud.microserviceprovideruserwithauth.dao.UserRepository; import com.itmuch.cloud.microserviceprovideruserwithauth.pojo.User; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RestController; import java.util.Collection; @RestController public class UserController { private static final Logger LOGGER = LoggerFactory.getLogger(UserController.class); @Autowired private UserRepository userRepository; @GetMapping("/{id}") public User findById(@PathVariable Long id) { Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (principal instanceof UserDetails) { UserDetails user = (UserDetails) principal; Collection<? extends GrantedAuthority> collections = user.getAuthorities(); for (GrantedAuthority ga: collections) { // 打印当前登录用户的信息
UserController.LOGGER.info("当前用户是{}, 角色是{}", user.getUsername(), ga.getAuthority()); } } else { UserController.LOGGER.warn("ε=(´ο`*)))唉,出现问题了"); } User findOne = userRepository.findById(id).get(); return findOne; } }
> 启动 microservice-discovery-eureka
> 启动 microservice-provider-user-with-auth
> 访问 http://localhost:8000/1,弹出登录对话框
> 使用 user/password1 登录,可在控制台看到如下日志
> 使用 admin/password2 登录,可在控制台看到如下日志
3. 修改电影微服务
> 复制项目 microservice-consumer-movie-feign,将 ArtifactId 修改为 microservice-consumer-movie-feign-manual
> 去掉Feign接口 UserFeignClient上的@FeignClient注解
package com.itmuch.cloud.microserviceconsumermoviefeignmanual.feign; import com.itmuch.cloud.microserviceconsumermoviefeignmanual.pojo.User; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; public interface UserFeignClient { @GetMapping(value = "/{id}") User findById(@PathVariable("id") Long id); }
> 去掉启动类上的 @EnableFeignClients 注解
package com.itmuch.cloud.microserviceconsumermoviefeignmanual; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.context.annotation.Bean; import org.springframework.web.client.RestTemplate; @SpringBootApplication @EnableDiscoveryClient public class MicroserviceConsumerMovieFeignManualApplication { public static void main(String[] args) { SpringApplication.run(MicroserviceConsumerMovieFeignManualApplication.class, args); } }
> 修改 Controller
package com.itmuch.cloud.microserviceconsumermoviefeignmanual.controller; import com.itmuch.cloud.microserviceconsumermoviefeignmanual.feign.UserFeignClient; import com.itmuch.cloud.microserviceconsumermoviefeignmanual.pojo.User; import feign.Client; import feign.Contract; import feign.Feign; import feign.auth.BasicAuthRequestInterceptor; import feign.codec.Decoder; import feign.codec.Encoder; import org.springframework.cloud.openfeign.FeignClientsConfiguration; import org.springframework.context.annotation.Import; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RestController; @Import(FeignClientsConfiguration.class) // Spring Cloud为Feign默认提供的配置类
@RestController public class MovieController { private UserFeignClient userUserFeignClient; private UserFeignClient adminUserFeignClient; public MovieController(Decoder decoder, Encoder encoder, Client client, Contract contract) { this.userUserFeignClient = Feign.builder().client(client).encoder(encoder).decoder(decoder).contract(contract) .requestInterceptor(new BasicAuthRequestInterceptor("user", "password1")) .target(UserFeignClient.class, "http://microservice-provider-user/"); this.adminUserFeignClient = Feign.builder().client(client).encoder(encoder).decoder(decoder).contract(contract) .requestInterceptor(new BasicAuthRequestInterceptor("admin", "password2")) .target(UserFeignClient.class, "http://microservice-provider-user/"); } @GetMapping("/user-user/{id}") public User findByIdUser(@PathVariable Long id) { return this.userUserFeignClient.findById(id); } @GetMapping("/user-admin/{id}") public User findByIdAdmin(@PathVariable Long id) { return this.adminUserFeignClient.findById(id); } }
> 启动 microservice-discovery-eureka
> 启动 microservice-provider-user-with-auth
> 启动 microservice-consumer-movie-feign-manual
> 访问 http://localhost:8010/user-user/1,可正常获取结果,并且在用户微服务控制台打印如下日志
> 访问 http://localhost:8010/user-admin/1,可正常获取结果,并且在用户微服务控制台打印如下日志
4. 总结
由测试不难发现,手动创建Feign的方式更加灵活。
下文将讲解Feign对集成的支持、对压缩的支持、日志、构造多参数请求等。敬请期待~~~
5. 参考
周立 --- 《Spring Cloud与Docker微服务架构与实战》