spring boot / cloud (八) 使用RestTemplate来构建远程调用服务

spring boot / cloud (八) 使用RestTemplate来构建远程调用服务

前言

上周因家里突发急事,请假一周,故博客没有正常更新

RestTemplate介绍:

思路

RestTemplate虽然提供了丰富的API,但是这些API过于底层,如果不稍加控制,让开发人员随意使用,那后续的代码也将会变的五花八门,难以维护.

同时,当系统规模大了之后,将会有更多的服务,并且服务之间的调用关系也将更加复杂,如果不进行管控治理的话,同样,项目同期也将越来越不可控,

最后,服务间调用也需要有明确的权限认证机制,最好是能通过配置的方式来明确,哪些服务可以调用那些服务.从而来把控项目的复杂度.

本文将从以下几点来提供一个解决问题的思路:

通过spring boot的@ConfigurationProperties机制来定义远程服务的元数据,从而实现权限认证的配置化

使用HandlerInterceptor来进行拦截,实现权限的验证

定义通用Rms类,来规范RestTemplate的使用

实现

1.实现权限配置

1.定义Application元数据

public class ApplicationMeta implements Serializable {
//ID
private static final long serialVersionUID = 1L;
//服务ID
private String serviceId;
//私钥
private String secret;
//权限
private String purview;
//所有服务的调用权限(优先判定)
private Boolean all = false;
//禁止服务调用
private Boolean disabled = false;
//描述
private String description;
}

2.定义Service元数据

public class ServiceMeta implements Serializable {
//ID
private static final long serialVersionUID = 1L;
//应用名称
private String owner;
//地址
private String uri;
//服务方法
private String method;
//是否HTTPS
private Boolean isHttps = false;
//描述
private String description;

3.定义RmsProperties类

@Component
@ConfigurationProperties(prefix = "org.itkk.rms.properties")
public class RmsProperties implements Serializable {
//ID
private static final long serialVersionUID = 1L;
//应用清单(应用名称 : 应用地址)
private Map<String, ApplicationMeta> application;
//服务路径(服务编号 : 服务元数据)
private Map<String, ServiceMeta> service;

4.在properties文件中进行配置

#定义了一个叫udf-demo(跟spring boot的应用ID一致),设置了私钥,以及可调用的服务
org.itkk.rms.properties.application.udf-demo.serviceId=127.0.0.1:8080
org.itkk.rms.properties.application.udf-demo.secret=ADSFHKW349546RFSGF
org.itkk.rms.properties.application.udf-demo.purview=FILE_3
org.itkk.rms.properties.application.udf-demo.all=false
org.itkk.rms.properties.application.udf-demo.disabled=false
org.itkk.rms.properties.application.udf-demo.description=sample application

#定义了一个叫FILE_3的服务,后续使用这个服务编号进行调用即可
org.itkk.rms.properties.service.FILE_3.owner=udf-demo
org.itkk.rms.properties.service.FILE_3.uri=/service/file/download
org.itkk.rms.properties.service.FILE_3.method=POST
org.itkk.rms.properties.service.FILE_3.isHttps=false
org.itkk.rms.properties.service.FILE_3.description=文件下载

2.实现权限校验

1.定义RmsAuthHandlerInterceptor拦截器

public class RmsAuthHandlerInterceptor implements HandlerInterceptor {
//环境标识
private static final String DEV_PROFILES = "dev";
//配置
@Autowired
private RmsProperties rmsProperties;
//环境变量
@Autowired
private Environment env;

@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response,
Object handler) {

.......

}
}

2.完善preHandle方法-取出认证信息

String rmsApplicationName = request.getHeader(Constant.HEADER_RMS_APPLICATION_NAME_CODE);
if (StringUtils.isBlank(rmsApplicationName)) {
rmsApplicationName = request.getParameter(Constant.HEADER_RMS_APPLICATION_NAME_CODE);
}
//获取认证信息(sign)
String rmsSign = request.getHeader(Constant.HEADER_RMS_SIGN_CODE);
if (StringUtils.isBlank(rmsSign)) {
rmsSign = request.getParameter(Constant.HEADER_RMS_SIGN_CODE);
}
//获取认证信息(服务代码)
String rmsServiceCode = request.getHeader(Constant.HEADER_SERVICE_CODE_CODE);
if (StringUtils.isBlank(rmsServiceCode)) {
rmsServiceCode = request.getParameter(Constant.HEADER_SERVICE_CODE_CODE);
}
//获取请求地址
String url = request.getAttribute(HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE).toString();
//获取请求方法
String method = request.getMethod();

3.完善preHandle方法-校验

//判断环境(开发环境无需校验)
if (!DEV_PROFILES.equals(env.getProperty("spring.profiles.active"))) {
//判断是否缺少认证信息
if (StringUtils.isBlank(rmsApplicationName) || StringUtils.isBlank(rmsSign)
|| StringUtils.isBlank(rmsServiceCode)) {
throw new AuthException("missing required authentication parameters (rmsApplicationName , rmsSign)");
}
//判断systemTag是否有效
if (!this.rmsProperties.getApplication().containsKey(rmsApplicationName)) {
throw new AuthException("unrecognized systemTag:" + rmsApplicationName);
}
//获得应用元数据
ApplicationMeta applicationMeta = rmsProperties.getApplication().get(rmsApplicationName);
//获得secret
String secret = applicationMeta.getSecret();
//计算sign
String sign = Constant.sign(rmsApplicationName, secret);
//比较sign
if (!rmsSign.equals(sign)) {
throw new AuthException("sign Validation failed");
}
//判断是否有调用所有服务的权限
if (!applicationMeta.getAll()) {
//判断是否禁止调用所有服务权限
if (applicationMeta.getDisabled()) {
throw new PermissionException(rmsApplicationName + " is disabled");
}
//判断是否有调用该服务的权限
if (applicationMeta.getPurview().indexOf(rmsServiceCode) == -1) {
throw new PermissionException("no access to this servoceCode : " + rmsServiceCode);
}
//判断服务元数据是否存在
if (!rmsProperties.getService().containsKey(rmsServiceCode)) {
throw new PermissionException("service code not exist");
}
//获得服务元数据
ServiceMeta serviceMeta = rmsProperties.getService().get(rmsServiceCode);
//比较url和method的有效性
if (!serviceMeta.getUri().equals(url) || !serviceMeta.getMethod().equals(method)) {
throw new PermissionException("url and method verification error");
}
}
}

4.定义RmsConfig类

@Configuration
@ConfigurationProperties(prefix = "org.itkk.rms.config")
@Validated
public class RmsConfig {

//RMS扫描路径
@NotNull
private String rmsPathPatterns;

.........

}

5.定义RmsConfig类-注册bean

@Bean
@LoadBalanced
RestTemplate restTemplate(ClientHttpRequestFactory requestFactory) {
return new RestTemplate(requestFactory);
}

@Bean
public RmsAuthHandlerInterceptor rmsAuthHandlerInterceptor() {
return new RmsAuthHandlerInterceptor();
}

@Bean
public WebMvcConfigurer rmsAuthConfigurer() { //NOSONAR
return new WebMvcConfigurerAdapter() {
@Override
public void addInterceptors(InterceptorRegistry registry) {
String[] rmsPathPatternsArray = rmsPathPatterns.split(",");
registry.addInterceptor(rmsAuthHandlerInterceptor()).addPathPatterns(rmsPathPatternsArray);
super.addInterceptors(registry);
}
};
}

6.在properties文件中进行配置

#拦截路径
org.itkk.rms.config.rmsPathPatterns=/service/**

3.实现Rms类

1.定义rms类

@Component
public class Rms {
//应用名称
@Value("${spring.application.name}")
private String springApplicationName;
//restTemplate
@Autowired
private RestTemplate restTemplate;
//配置
@Autowired
private RmsProperties rmsProperties;

2.定义rms类-call方法

public <I, O> ResponseEntity<O> call(String serviceCode, I input, String uriParam,
ParameterizedTypeReference<O> responseType, Map<String, ?> uriVariables) {
//客户端权限验证
verification(serviceCode);
//构建请求路径
String path = getRmsUrl(serviceCode);
//获得请求方法
String method = getRmsMethod(serviceCode);
//拼装路径参数
if (StringUtils.isNotBlank(uriParam)) {
path += uriParam;
}
//构建请求头
HttpHeaders httpHeaders = buildSystemTagHeaders(serviceCode);
//构建请求消息体
HttpEntity<I> requestEntity = new HttpEntity<>(input, httpHeaders);
//请求并且返回
return restTemplate.exchange(path, HttpMethod.resolve(method), requestEntity, responseType,
uriVariables != null ? uriVariables : new HashMap<String, String>());
}

3.定义rms类-其他方法

//构建请求头
private HttpHeaders buildSystemTagHeaders(String serviceCode) {
String secret = rmsProperties.getApplication().get(springApplicationName).getSecret();
HttpHeaders headers = new HttpHeaders();
headers.add(Constant.HEADER_RMS_APPLICATION_NAME_CODE, springApplicationName);
headers.add(Constant.HEADER_RMS_SIGN_CODE, Constant.sign(springApplicationName, secret));
headers.add(Constant.HEADER_SERVICE_CODE_CODE, serviceCode);
return headers;
}
//客户端验证
private void verification(String serviceCode) {
ApplicationMeta applicationMeta = rmsProperties.getApplication().get(springApplicationName);
if (!applicationMeta.getAll()) {
if (applicationMeta.getDisabled()) {
throw new PermissionException(springApplicationName + " is disabled");
}
if (applicationMeta.getPurview().indexOf(serviceCode) == -1) {
throw new PermissionException("no access to this servoceCode : " + serviceCode);
}
}
}
//获得请求方法
private String getRmsMethod(String serviceCode) {
return rmsProperties.getService().get(serviceCode).getMethod();
}
//构造url
private String getRmsUrl(String serviceCode) {
//获取服务元数据
ServiceMeta serviceMeta = rmsProperties.getService().get(serviceCode);
//构建请求路径
StringBuilder url =
new StringBuilder(serviceMeta.getIsHttps() ? Constant.HTTPS : Constant.HTTP);
url.append(rmsProperties.getApplication().get(serviceMeta.getOwner()).getServiceId());
url.append(serviceMeta.getUri());
return url.toString();
}
//计算sign
public static String sign(String rmsApplicationName, String secret) {
final String split = "_";
StringBuilder sb = new StringBuilder();
sb.append(rmsApplicationName).append(split).append(secret).append(split)
.append(new SimpleDateFormat(DATA_FORMAT).format(new Date()));
return DigestUtils.md5Hex(sb.toString());
}

3.客户端调用

//获得文件信息
ResponseEntity<RestResponse<FileInfo>> fileInfo = rms.call("FILE_4", fileParam, null,
new ParameterizedTypeReference<RestResponse<FileInfo>>() {
}, null);

代码仓库 (博客配套代码)

udf-starter : 基础项目,脚手架,框架

udf-sample : 集成样例

结束

这样,规范了远程服务的调用,只关心接口编号和接口的入参和出参,能够增加沟通效率,并且也有了轻量级的服务治理机制,服务间的调用更可控,到最后,配置文件一拉出来一清二楚.

想获得最快更新,请关注公众号