Skip to content

D
discovery
Commit d26a400b by Nepxion
Options

增加白名单过滤

parent c2306205
Showing with 51 additions and 11 deletions
discovery-plugin/src/main/java/com/nepxion/discovery/plugin/config/DiscoveryPluginConfigParser.java
...@@ -42,7 +42,7 @@ public class DiscoveryPluginConfigParser extends Dom4JParser { ...@@ -42,7 +42,7 @@ public class DiscoveryPluginConfigParser extends Dom4JParser {
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
@Override @Override
protected void parseRoot(Element element) { protected void parseRoot(Element element) {
LOG.info("Start to parse discovery.xml..."); LOG.info("Start to parse xml...");
int filterElementCount = element.elements(DiscoveryPluginConstant.FILTER_ELEMENT_NAME).size(); int filterElementCount = element.elements(DiscoveryPluginConstant.FILTER_ELEMENT_NAME).size();
if (filterElementCount > 1) { if (filterElementCount > 1) {
......
discovery-plugin/src/main/java/com/nepxion/discovery/plugin/strategy/FilterStrategy.java
...@@ -13,14 +13,19 @@ import java.util.Map; ...@@ -13,14 +13,19 @@ import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import com.nepxion.discovery.plugin.constant.DiscoveryPluginConstant; import com.nepxion.discovery.plugin.constant.DiscoveryPluginConstant;
import com.nepxion.discovery.plugin.entity.DiscoveryEntity; import com.nepxion.discovery.plugin.entity.DiscoveryEntity;
import com.nepxion.discovery.plugin.entity.FilterEntity; import com.nepxion.discovery.plugin.entity.FilterEntity;
import com.nepxion.discovery.plugin.entity.FilterType;
import com.nepxion.discovery.plugin.exception.DiscoveryPluginException; import com.nepxion.discovery.plugin.exception.DiscoveryPluginException;
public class FilterStrategy { public class FilterStrategy {
private static final Logger LOG = LoggerFactory.getLogger(FilterStrategy.class);
@Autowired @Autowired
private DiscoveryEntity discoveryEntity; private DiscoveryEntity discoveryEntity;
...@@ -32,27 +37,61 @@ public class FilterStrategy { ...@@ -32,27 +37,61 @@ public class FilterStrategy {
reentrantReadWriteLock.readLock().lock(); reentrantReadWriteLock.readLock().lock();
FilterEntity filterEntity = discoveryEntity.getFilterEntity(); FilterEntity filterEntity = discoveryEntity.getFilterEntity();
FilterType filterType = filterEntity.getFilterType();
String globalFilterValue = filterEntity.getFilterValue(); String globalFilterValue = filterEntity.getFilterValue();
validate(globalFilterValue, ipAddress);
Map<String, String> filterMap = filterEntity.getFilterMap(); Map<String, String> filterMap = filterEntity.getFilterMap();
String filterValue = filterMap.get(serviceId); String filterValue = filterMap.get(serviceId);
validate(filterValue, ipAddress);
String allFilter = "";
if (StringUtils.isNotEmpty(globalFilterValue)) {
allFilter += globalFilterValue;
}
if (StringUtils.isNotEmpty(filterValue)) {
allFilter += StringUtils.isEmpty(allFilter) ? filterValue : DiscoveryPluginConstant.SEPARATE + filterValue;
}
switch (filterType) {
case BLACKLIST:
validateBlacklist(allFilter, ipAddress);
break;
case WHITELIST:
validateWhitelist(allFilter, ipAddress);
break;
}
} finally { } finally {
reentrantReadWriteLock.readLock().unlock(); reentrantReadWriteLock.readLock().unlock();
} }
} }
private void validate(String filterValue, String ipAddress) { private void validateBlacklist(String filterValue, String ipAddress) {
if (StringUtils.isEmpty(filterValue)) { LOG.info("********** IP address blacklist={}, current ip address={} **********", filterValue, ipAddress);
return;
String[] filterArray = StringUtils.split(filterValue, DiscoveryPluginConstant.SEPARATE);
for (String filter : filterArray) {
if (ipAddress.startsWith(filter)) {
throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server, because it is in blacklist");
}
} }
}
private void validateWhitelist(String filterValue, String ipAddress) {
LOG.info("********** IP address whitelist={}, current ip address={} **********", filterValue, ipAddress);
boolean valid = false;
String[] filterArray = StringUtils.split(filterValue, DiscoveryPluginConstant.SEPARATE); String[] filterArray = StringUtils.split(filterValue, DiscoveryPluginConstant.SEPARATE);
for (String filter : filterArray) { for (String filter : filterArray) {
if (ipAddress.startsWith(filter)) { if (ipAddress.startsWith(filter)) {
throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server"); valid = true;
break;
} }
} }
if (!valid) {
throw new DiscoveryPluginException(ipAddress + " isn't allowed to register to Eureka server, because it isn't in whitelist");
}
} }
} }
\ No newline at end of file
discovery-springcloud-example-a/src/main/resources/discovery1.xml
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) --> <!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) -->
<filter filter-type="BLACKLIST" filter-value="10.10;11.11"> <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
<!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 --> <!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 -->
<service service-name="discovery-springcloud-example" filter-value="172.16"/> <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
</filter> </filter>
<!-- 服务注册下,服务多版本调用的控制 --> <!-- 服务注册下,服务多版本调用的控制 -->
......
discovery-springcloud-example-a/src/main/resources/discovery2.xml
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) --> <!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) -->
<filter filter-type="BLACKLIST" filter-value="10.10;11.11"> <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
<!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 --> <!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 -->
<service service-name="discovery-springcloud-example" filter-value="172.16"/> <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
</filter> </filter>
<!-- 服务注册下,服务多版本调用的控制 --> <!-- 服务注册下,服务多版本调用的控制 -->
......
discovery-springcloud-example-a/src/main/resources/discovery3.xml
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) --> <!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) -->
<filter filter-type="BLACKLIST" filter-value="10.10;11.11"> <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
<!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 --> <!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 -->
<service service-name="discovery-springcloud-example" filter-value="172.16"/> <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
</filter> </filter>
<!-- 服务注册下,服务多版本调用的控制 --> <!-- 服务注册下,服务多版本调用的控制 -->
......
discovery-springcloud-example-a/src/main/resources/discovery4.xml
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) --> <!-- 表示下面所有服务,不允许10.10和11.11为前缀的IP地址注册(全局过滤) -->
<filter filter-type="BLACKLIST" filter-value="10.10;11.11"> <filter filter-type="BLACKLIST" filter-value="10.10;11.11">
<!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 --> <!-- 表示下面服务,不允许172.16和10.10和11.11为前缀的IP地址注册 -->
<service service-name="discovery-springcloud-example" filter-value="172.16"/> <service service-name="discovery-springcloud-example-a" filter-value="172.16"/>
</filter> </filter>
<!-- 服务注册下,服务多版本调用的控制 --> <!-- 服务注册下,服务多版本调用的控制 -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment