增加白名单过滤

d26a400b · Nepxion · c2306205 · d26a400b · d26a400b · d26a400b
Commit d26a400b authored Jun 22, 2018 by Nepxion
6 changed files
--- a/discovery-plugin/src/main/java/com/nepxion/discovery/plugin/config/DiscoveryPluginConfigParser.java
+++ b/discovery-plugin/src/main/java/com/nepxion/discovery/plugin/config/DiscoveryPluginConfigParser.java
@@ -42,7 +42,7 @@ public class DiscoveryPluginConfigParser extends Dom4JParser {
    @SuppressWarnings("rawtypes")
    @Override
    protected void parseRoot(Element element) {
-        LOG.info("Start to parse discovery.xml...");
+        LOG.info("Start to parse xml...");

        int filterElementCount = element.elements(DiscoveryPluginConstant.FILTER_ELEMENT_NAME).size();
        if (filterElementCount > 1) {

--- a/discovery-plugin/src/main/java/com/nepxion/discovery/plugin/strategy/FilterStrategy.java
+++ b/discovery-plugin/src/main/java/com/nepxion/discovery/plugin/strategy/FilterStrategy.java
@@ -13,14 +13,19 @@ import java.util.Map;
 import java.util.concurrent.locks.ReentrantReadWriteLock;

 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

 import com.nepxion.discovery.plugin.constant.DiscoveryPluginConstant;
 import com.nepxion.discovery.plugin.entity.DiscoveryEntity;
 import com.nepxion.discovery.plugin.entity.FilterEntity;
+import com.nepxion.discovery.plugin.entity.FilterType;
 import com.nepxion.discovery.plugin.exception.DiscoveryPluginException;

 public class FilterStrategy {
+    private static final Logger LOG = LoggerFactory.getLogger(FilterStrategy.class);
+
    @Autowired
    private DiscoveryEntity discoveryEntity;

@@ -32,27 +37,61 @@ public class FilterStrategy {
            reentrantReadWriteLock.readLock().lock();

            FilterEntity filterEntity = discoveryEntity.getFilterEntity();
+            FilterType filterType = filterEntity.getFilterType();
+
            String globalFilterValue = filterEntity.getFilterValue();
-            validate(globalFilterValue, ipAddress);

            Map<String, String> filterMap = filterEntity.getFilterMap();
            String filterValue = filterMap.get(serviceId);
-            validate(filterValue, ipAddress);
+
+            String allFilter = "";
+            if (StringUtils.isNotEmpty(globalFilterValue)) {
+                allFilter += globalFilterValue;
+            }
+
+            if (StringUtils.isNotEmpty(filterValue)) {
+                allFilter += StringUtils.isEmpty(allFilter) ? filterValue : DiscoveryPluginConstant.SEPARATE + filterValue;
+            }
+
+            switch (filterType) {
+                case BLACKLIST:
+                    validateBlacklist(allFilter, ipAddress);
+                    break;
+                case WHITELIST:
+                    validateWhitelist(allFilter, ipAddress);
+                    break;
+            }
+
        } finally {
            reentrantReadWriteLock.readLock().unlock();
        }
    }

-    private void validate(String filterValue, String ipAddress) {
-        if (StringUtils.isEmpty(filterValue)) {
-            return;
+    private void validateBlacklist(String filterValue, String ipAddress) {
+        LOG.info("********** IP address blacklist={}, current ip address={} **********", filterValue, ipAddress);
+
+        String[] filterArray = StringUtils.split(filterValue, DiscoveryPluginConstant.SEPARATE);
+        for (String filter : filterArray) {
+            if (ipAddress.startsWith(filter)) {
+                throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server, because it is in blacklist");
+            }
        }
+    }
+
+    private void validateWhitelist(String filterValue, String ipAddress) {
+        LOG.info("********** IP address whitelist={}, current ip address={} **********", filterValue, ipAddress);

+        boolean valid = false;
        String[] filterArray = StringUtils.split(filterValue, DiscoveryPluginConstant.SEPARATE);
        for (String filter : filterArray) {
            if (ipAddress.startsWith(filter)) {
-                throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server");
+                valid = true;
+                break;
            }
        }
+
+        if (!valid) {
+            throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server, because it isn't in whitelist");
+        }
    }
 }
\ No newline at end of file
--- a/discovery-springcloud-example-a/src/main/resources/discovery1.xml
+++ b/discovery-springcloud-example-a/src/main/resources/discovery1.xml
@@ -7,7 +7,7 @@
    <!-- 表示下面所有服务，不允许10.10和11.11为前缀的IP地址注册（全局过滤） -->
    <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
        <!-- 表示下面服务，不允许172.16和10.10和11.11为前缀的IP地址注册 -->
-        <service service-name="discovery-springcloud-example" filter-value="172.16"/>
+        <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
    </filter>

    <!-- 服务注册下，服务多版本调用的控制 -->

--- a/discovery-springcloud-example-a/src/main/resources/discovery2.xml
+++ b/discovery-springcloud-example-a/src/main/resources/discovery2.xml
@@ -7,7 +7,7 @@
    <!-- 表示下面所有服务，不允许10.10和11.11为前缀的IP地址注册（全局过滤） -->
    <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
        <!-- 表示下面服务，不允许172.16和10.10和11.11为前缀的IP地址注册 -->
-        <service service-name="discovery-springcloud-example" filter-value="172.16"/>
+        <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
    </filter>

    <!-- 服务注册下，服务多版本调用的控制 -->

--- a/discovery-springcloud-example-a/src/main/resources/discovery3.xml
+++ b/discovery-springcloud-example-a/src/main/resources/discovery3.xml
@@ -7,7 +7,7 @@
    <!-- 表示下面所有服务，不允许10.10和11.11为前缀的IP地址注册（全局过滤） -->
    <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
        <!-- 表示下面服务，不允许172.16和10.10和11.11为前缀的IP地址注册 -->
-        <service service-name="discovery-springcloud-example" filter-value="172.16"/>
+        <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
    </filter>

    <!-- 服务注册下，服务多版本调用的控制 -->

--- a/discovery-springcloud-example-a/src/main/resources/discovery4.xml
+++ b/discovery-springcloud-example-a/src/main/resources/discovery4.xml
@@ -7,7 +7,7 @@
    <!-- 表示下面所有服务，不允许10.10和11.11为前缀的IP地址注册（全局过滤） -->
    <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
        <!-- 表示下面服务，不允许172.16和10.10和11.11为前缀的IP地址注册 -->
-        <service service-name="discovery-springcloud-example" filter-value="172.16"/>
+        <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
    </filter>

    <!-- 服务注册下，服务多版本调用的控制 -->