1、描述
spring-authorization-server 部署统一认证中心后, 不过gateway的client,开发环境前端访问配置认证后要访问静态资源配置;
2、修改 SavedRequestAwareAuthenticationSuccessHandler.java
添加cookie
...
// 用于判断是否是登录后的请求,方便Nginx 用于指向前端
// 即 Nginx 重定向到/login/oauth2/code/* 后的请求都到 前端
// proxy_set_header Host $host:$server_port; 保证调整时能带端口
Cookie cookie = new Cookie("AfterAuth", "xxx");
cookie.setPath("/");
cookie.setHttpOnly(true);
response.addCookie(cookie);
...
3、discookie.lua
作用是 统一认证后带"AfterAuth" cookie 的请求指向 前端开发环境地址
function Split(szFullString, szSeparator)
local nFindStartIndex = 1
local nSplitIndex = 1
local nSplitArray = {}
while true do
local nFindLastIndex = string.find(szFullString, szSeparator, nFindStartIndex)
if not nFindLastIndex then
nSplitArray[nSplitIndex] = string.sub(szFullString, nFindStartIndex, string.len(szFullString))
break
end
nSplitArray[nSplitIndex] = string.sub(szFullString, nFindStartIndex, nFindLastIndex - 1)
nFindStartIndex = nFindLastIndex + string.len(szSeparator)
nSplitIndex = nSplitIndex + 1
end
return nSplitArray
end
function hasCookie(cookie, name)
local cookieValue = nil;
if (cookie ~= nil) then
local cookies = Split(cookie,';');
for k,v in pairs(cookies) do
local splits = Split(v,'=');
-- 判断这个cookie的参数名是不是我们想要的
local s1 = string.gsub(splits[1], "%s+", "")
if (s1==name) then
cookieValue = splits[2];
break;
end
end
end
-- 三目运算
local has = cookieValue ~= nil and true or false;
return has
end
function pathBeginWith(beginStr, path)
return string.sub(path, 1, string.len(beginStr))==beginStr
end
-- ngx 判断是否包含 AfterAuth 的 Cookie
-- 并且 不是以 "/login/oauth2/code/" 开头则跳转到 独立部署的前端
-- 否则跳转到后端
if (pathBeginWith("/login/oauth2/code", ngx.var.request_uri)) then
return "172.31.100.111:8989"
end
local cookie = ngx.var.http_cookie
local has = hasCookie(cookie,"AfterAuth")
if has then
--ip to hash函数
local headers=ngx.req.get_headers()
local ip=headers["X-REAL-IP"] or headers["X_FORWARDED_FOR"] or ngx.var.remote_addr or "0.0.0.0"
-- 跳转到访问者的pc 地址
return ip..":8086"
end
return "172.31.100.111:8989"
4、nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 8888;
server_name localhost;
#charset koi8-r;
# 静态资源不过网关
location ~* \.(js|css|ico|woff|woff2|png|jpg|jpeg|gif|html)$ {
expires 30d;
set_by_lua_file $ups lua/upsteam.lua;
proxy_pass http://$ups;
proxy_buffer_size 64k;
proxy_buffering on;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
# 访问后端接口或退出
location ~ /(api|logout) {
proxy_pass http://172.31.100.111:8989;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 区分是访问的前端资源
location / {
set_by_lua_file $ups lua/discookie.lua;
proxy_pass http://$ups;
proxy_buffer_size 64k;
proxy_buffering on;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_set_header Host $host:$server_port;
# proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
}
