背景
- 當(dāng)不想改動(dòng)服務(wù)消費(fèi)者的時(shí)候(如服務(wù)消費(fèi)者太多并炮,改動(dòng)大)鞠值,只修改服務(wù)生產(chǎn)者矿辽,如何做服務(wù)權(quán)限控制钉赁?
- Dubbo 使用注冊中心的情況下蹄殃,可通過 Dubbo Admin 中的功能配置IP白名單規(guī)則,但在 Dubbo 無使用注冊中心的情況下你踩,如何設(shè)置IP白名單诅岩?
實(shí)現(xiàn)
IP白名單配置類
@Getter
@Configuration
public class IpWhiteList {
/**
* 是否開啟白名單
*/
@Value("${dubbo.ipwhite.enabled:true}")
private boolean enabled;
/**
* IP白名單列表
*/
@Value("${dubbo.ipwhite.list}")
private List<String> allowedIps;
}
多協(xié)議請求攔截
@Activate(group = CommonConstants.PROVIDER)
public class AccessFilter implements Filter {
private IpWhiteList ipWhiteList;
public AccessFilter(IpWhiteList ipWhiteList) {
this.ipWhiteList = ipWhiteList;
}
@Override
public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {
if (ipWhiteList.isEnabled()) {
String remoteHost = RpcContext.getContext().getRemoteHost();
String localHost = RpcContext.getContext().getLocalHost();
if ((CollectionUtils.isEmpty(ipWhiteList.getAllowedIps()) && !remoteHost.equals(localHost))) {
throw new RpcException("No Access");
}
if (!ipWhiteList.getAllowedIps().contains(remoteHost)) {
throw new RpcException("No Access");
}
}
return invoker.invoke(invocation);
}
}
AccessFilter(IpWhiteList ipWhiteLis)
通過 Dubbo SPI 注入 IpWhiteList
對象。
新增配置 META-INF/dubbo/org.apache.dubbo.rpc.Filter
(若是Dubbo 2.7.0 版本以下姓蜂,修改文件名為 com.alibaba.dubbo.rpc.Filter
)內(nèi)容按厘,配置對應(yīng)的 AccessFilter
類全限定名。
accessFilter=包名.AccessFilter
Telnet 請求攔截
@Activate(group = CommonConstants.PROVIDER)
public class TelnetHandlerWrapper implements TelnetHandler {
private TelnetHandler telnetHandler;
private IpWhiteList ipWhiteList;
public TelnetHandlerWrapper(TelnetHandler telnetHandler, IpWhiteList ipWhiteList) {
this.telnetHandler = telnetHandler;
this.ipWhiteList = ipWhiteList;
}
public TelnetHandlerWrapper() {
}
@Override
public String telnet(Channel channel, String message) throws RemotingException {
if (ipWhiteList.isEnabled()) {
String remoteHost = channel.getRemoteAddress().getHostString();
String localHost = channel.getLocalAddress().getHostString();
if (CollectionUtils.isEmpty(ipWhiteList.getAllowedIps()) && !remoteHost.equals(localHost)) {
return "No Access";
}
if (!ipWhiteList.getAllowedIps().contains(remoteHost)) {
return "No Access";
}
}
return telnetHandler.telnet(channel, message);
}
}
TelnetHandlerWrapper(TelnetHandler telnetHandler, IpWhiteList ipWhiteList)
通過 Dubbo SPI 注入具體操作的 TelnetHandler
和 IpWhiteList
對象钱慢。
新增文件 META-INF/dubbo/internal/org.apache.dubbo.remoting.telnet.TelnetHandler
(若是 dubbo2.7.0 版本以下逮京,修改文件名為 com.alibaba.dubbo.remoting.telnet.TelnetHandler
)內(nèi)容,配置對應(yīng)的 TelnetHandlerWrapper
類全限定名束莫。
clear=包名.TelnetHandlerWrapper
exit=包名.TelnetHandlerWrapper
help=包名.TelnetHandlerWrapper
status=包名.TelnetHandlerWrapper
log=包名.TelnetHandlerWrapper
ls=包名.TelnetHandlerWrapper
ps=包名.TelnetHandlerWrapper
cd=包名.TelnetHandlerWrapper
pwd=包名.TelnetHandlerWrapper
invoke=包名.TelnetHandlerWrapper
trace=包名.TelnetHandlerWrapper
count=包名.TelnetHandlerWrapper
select=包名.TelnetHandlerWrapper
shutdown=包名.TelnetHandlerWrapper