注意,由于Ocelot.Administration扩展使用的是OcelotMiddlewareConfigurationDelegate中间件配置委托,所以我们扩展中间件AhphOcelotMiddlewareExtensions需要增加扩展代码来应用此委托。
private static async Task<IInternalConfiguration> CreateConfiguration(IApplicationBuilder builder) { //提取文件配置信息 var fileConfig = await builder.ApplicationServices.GetService<IFileConfigurationRepository>().Get(); var internalConfigCreator = builder.ApplicationServices.GetService<IInternalConfigurationCreator>(); var internalConfig = await internalConfigCreator.Create(fileConfig.Data); //如果配置文件错误直接抛出异常 if (internalConfig.IsError) { ThrowToStopOcelotStarting(internalConfig); } //配置信息缓存,这块需要注意实现方式,因为后期我们需要改造下满足分布式架构,这篇不做讲解 var internalConfigRepo = builder.ApplicationServices.GetService<IInternalConfigurationRepository>(); internalConfigRepo.AddOrReplace(internalConfig.Data); //获取中间件配置委托(2018-11-12新增) var configurations = builder.ApplicationServices.GetServices<OcelotMiddlewareConfigurationDelegate>(); foreach (var configuration in configurations) { await configuration(builder); } return GetOcelotConfigAndReturn(internalConfigRepo); }新建IdeitityServer认证服务,并配置服务端口6666,并添加二个测试客户端,一个设置访问scope为gateway_admin,另外一个设置为其他,来分别测试认证效果。
using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using IdentityServer4.Models; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; namespace Ctr.AuthPlatform.TestIds4 { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients()); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseIdentityServer(); } } public class Config { // scopes define the API resources in your system public static IEnumerable<ApiResource> GetApiResources() { return new List<ApiResource> { new ApiResource("api1", "My API"), new ApiResource("gateway_admin", "My admin API") }; } // clients want to access resources (aka scopes) public static IEnumerable<Client> GetClients() { // client credentials client return new List<Client> { new Client { ClientId = "client1", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("secret1".Sha256()) }, AllowedScopes = { "api1" } }, new Client { ClientId = "client2", AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret("secret2".Sha256()) }, AllowedScopes = { "gateway_admin" } } }; } } }配置好认证服务器后,我们使用PostMan来测试接口调用,首先使用有权限的client2客户端,获取access_token,然后使用此access_token访问网关配置接口。
访问:7777/CtrOcelot/configuration可以得到我们数据库配置的结果。
我们再使用POST的方式修改配置信息,使用PostMan测试如下,请求后返回状态200(成功),然后测试修改前和修改后路由地址,发现立即生效,可以分别访问:7777/cjy/values和:7777/cjy/values验证即可。然后使用client1获取access_token,请求配置地址,提示401未授权,为预期结果,达到我们最终目的。