微服务（入门学习五）：identityServer4+ocelot+consul实现简单客户端模式

程序员文章站 2023-10-17 09:25:48

简介主要是采用identity Server4 和ocelot 加上consul 实现简单的客户端模式开发准备环境准备下载并安装Consul具体请参考前几篇的内容项目介绍创建ocelotServerTest项目创建IdentityServer4Test项目创建consulServer ......

简介

主要是采用identity server4 和ocelot 加上consul 实现简单的客户端模式

开发准备

环境准备

下载并安装consul具体请参考前几篇的内容

项目介绍

创建ocelotservertest项目
创建identityserver4test项目
创建consulserver项目（api项目）

1.创建consulserver项目

参考该地址进行创建：

2.创建identityserver项目

参考该地址进行创建：微服务（入门四）：identityserver的简单使用（客户端授权）

3.创建ocelotservertest项目

3.1创建一个webapi项目

3.2 修改startup配置，添加authentication认证

using system;
using system.collections.generic;
using system.linq;
using system.threading.tasks;
using identityserver4.accesstokenvalidation;
using microsoft.aspnetcore.authentication.jwtbearer;
using microsoft.aspnetcore.builder;
using microsoft.aspnetcore.hosting;
using microsoft.aspnetcore.httpspolicy;
using microsoft.aspnetcore.mvc;
using microsoft.extensions.configuration;
using microsoft.extensions.dependencyinjection;
using microsoft.extensions.logging;
using microsoft.extensions.options;
using netcore;
using ocelot.dependencyinjection;
using ocelot.middleware;
using ocelot.provider.consul;
using ocelot.provider.polly;
namespace identityserver4test
{
    public class startup
    {
        public startup(iconfiguration configuration)
        {
            configuration = configuration;
        }

        public iconfiguration configuration { get; }

        // this method gets called by the runtime. use this method to add services to the container.
        public void configureservices(iservicecollection services)
        {
            services.addmvc().setcompatibilityversion(compatibilityversion.version_2_1);
            services
                .addauthentication(jwtbearerdefaults.authenticationscheme)//添加认证
                .addidentityserverauthentication("testkey", o =>
                {
                    o.authority = "http://127.0.0.1:3322";//要认证的服务器地址
                    o.requirehttpsmetadata = false;//不启用https
                    o.apiname = "api1";//要认证的服务名称
                });
            services.addocelot(configuration).addconsul().addpolly();
        }

        // this method gets called by the runtime. use this method to configure the http request pipeline.
        public void configure(iapplicationbuilder app, ihostingenvironment env)
        {
            if (env.isdevelopment())
            {
                app.usedeveloperexceptionpage();
            }
            else
            {
                app.usehsts();
            }
            app.usemvc();
     
            app.useocelot().wait();
            app.useauthentication();
        }
    }
}

3.3创建ocelot.json文件并且添加authenticationoptions

 "authenticationoptions": {
        "authenticationproviderkey": "testkey",
        "allowedscopes": []
      }

{
  "reroutes": [

    {
      //下游路由模板，真实请求的路径
      "downstreampathtemplate": "/api/{everything}",
      //请求的方式，例如：http,https
      "downstreamscheme": "http",
      //服务器名称
      "servicename": "zyz1",
      //启用consul服务
      "useservicediscovery": true,
      //服务熔断
      "qosoptions": {
        "exceptionsallowedbeforebreaking": 3, //允许多少次异常请求
        "durationofbreak": 5, //熔断时间，单位为秒
        "timeoutvalue": 5000 //如果下游请求的处理时间超过多少则自动设置超时
      },
      //"ratelimitoptions": {
      //  "clientwhitelist": [ "admin" ], // 白名单
      //  "enableratelimiting": true, // 是否启用限流
      //  "period": "1m", // 统计时间段：1s, 5m, 1h, 1d
      //  "periodtimespan": 15, // 多少秒之后客户端可以重试
      //  "limit": 5 // 在统计时间段内允许的最大请求数量
      //},//负载均衡：
      //roundrobin轮流发送;
      //leastconnection – 将请求发往最空闲的那个服务器
      //noloadbalance – 总是发往第一个请求或者是服务发现
      "loadbalanceroptions": {
        "type": "roundrobin"
      },

      //上游地址配置
      "upstreampathtemplate": "/test/{everything}",
      //上游支持的请求类型
      "upstreamhttpmethod": [ "get", "post" ],
      "authenticationoptions": {
        "authenticationproviderkey": "testkey",
        "allowedscopes": []
      }
    },
    {
      "downstreampathtemplate": "/api/token",
      "downstreamscheme": "http",
      "downstreamhostandports": [
        {
          "host": "127.0.0.1",
          "port": 3322
        }
      ],
      "upstreampathtemplate": "/gettoken",
      "upstreamhttpmethod": [ "get" ]
    }
  ],
  "globalconfiguration": {
    "baseurl": "https://localhost:8596",
    //consul服务器地址和ip
    "servicediscoveryprovider": {
      "host": "localhost",
      "port": 8500
    }

  }
}

3.4 修改program文件，添加访问地址，以及ocelot的配置文件

using system;
using system.collections.generic;
using system.io;
using system.linq;
using system.threading.tasks;
using microsoft.aspnetcore;
using microsoft.aspnetcore.hosting;
using microsoft.extensions.configuration;
using microsoft.extensions.logging;

namespace identityserver4test
{
    public class program
    {
        public static void main(string[] args)
        {
            createwebhostbuilder(args).build().run();
        }

        public static iwebhostbuilder createwebhostbuilder(string[] args) =>
            webhost.createdefaultbuilder(args)
            .useurls("http://localhost:8596")
            .configureappconfiguration(conf =>
            {
                conf.addjsonfile("ocelot.json", optional: false, reloadonchange: true);
            })
           .usestartup<startup>();
    }
}

测试

1.首先开启consul服务