欢迎关注公众号与我交流
 博主目前就职于一家工业互联网公司担任架构师,曾供职于阿里、康佳、电商与移动社交等公司,技术能力、架构能力过硬

SpringCloudGateway使用SecurityBasicAuth验证响应慢的问题

本文阅读量:   

问题描述

SpringCloudGateway中使用Spring Cloud Security的basic auth验证,会导致请求响应增加100毫秒左右的耗时。发布该博文时,SpringCloudGateway已经升级到了2.2.2,但是问题依旧,也许在后续的版本会解决。

使用SpringCloudSecurity的配置如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * WebFluxSecurityConfig
 *
 * @author mafgwo
 * @since 2019/10/23
 */
@Configuration
@EnableWebFluxSecurity
public class WebFluxSecurityConfig {

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange()
            // 无需进行权限过滤的请求路径
            .pathMatchers("/smartcall/**").permitAll()
            .pathMatchers("/health").permitAll()
            .pathMatchers(HttpMethod.OPTIONS).permitAll()
            .anyExchange().authenticated()
            .and()
            .httpBasic().and()
            .csrf().disable();
        return http.build();
    }
}

application.yaml配置

1
2
3
4
5
6
7
spring:
  security:
    user:
      password: app_password
      name: mall_app
    basic:
      enabled: true

spring cloud gateway 是2.1.2版本
spring-boot-starter-security 是2.1.5
通过以上方式请求,响应时间会莫名其妙多100毫秒左右,简直无法接受。

跟踪日志如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
2019-10-23 18:54:57.640 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations     : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Increasing pending responses, now 1
2019-10-23 18:54:57.640 DEBUG 19404 --- [ctor-http-nio-3]


----------


 reactor.netty.http.server.HttpServer     : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@35254444
2019-10-23 18:54:57.641 TRACE 19404 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter    : [138ab754] HTTP GET "/order/orders?ordersCode=9519102311031016000", headers={masked}
2019-10-23 18:54:57.743 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'server.port' in PropertySource 'server.ports'
2019-10-23 18:54:57.743 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'server.port' in PropertySource 'configurationProperties'
2019-10-23 18:54:57.744 DEBUG 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'server.port' in PropertySource 'configurationProperties' with value of type Integer
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'server.ports'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'configurationProperties'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'gateway-properties'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'systemProperties'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'systemEnvironment'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'random'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'applicationConfig: [classpath:/application.yml] (document #1)'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'applicationConfig: [classpath:/application.yml] (document #0)'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'springCloudClientHostInfo'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'applicationConfig: [classpath:/bootstrap.yaml] (document #0)'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'defaultProperties'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Searching for key 'management.server.port' in PropertySource 'Management Server'
2019-10-23 18:54:57.744 TRACE 19404 --- [     parallel-3] o.s.c.e.PropertySourcesPropertyResolver  : Could not find key 'management.server.port' in any property source
2019-10-23 18:54:57.748 TRACE 19404 --- [     parallel-3] o.s.c.g.f.WeightCalculatorWebFilter      : Weights attr: {}
2019-10-23 18:54:57.749 TRACE 19404 --- [     parallel-3] o.s.c.g.h.p.RoutePredicateFactory        : Pattern "[/v1/open-channel/**]" does not match against value "/order/orders"
2019-10-23 18:54:57.749 TRACE 19404 --- [     parallel-3] o.s.c.g.h.p.RoutePredicateFactory        : Pattern "/order/**" matches against value "/order/orders"
2019-10-23 18:54:57.750 DEBUG 19404 --- [     parallel-3] o.s.c.g.h.RoutePredicateHandlerMapping   : Route matched: order-api-v2
2019-10-23 18:54:57.750 DEBUG 19404 --- [     parallel-3] o.s.c.g.h.RoutePredicateHandlerMapping   : Mapping [Exchange: GET http://localhost:8110/order/orders?ordersCode=9519102311031016000] to Route{id='order-api-v2', uri=http://orders-service-v2.tst.xx.com:80/, order=0, predicate=Paths: [/order/**], match trailing slash: true, gatewayFilters=[[[RewritePath /order(?<segment>.*) = '/svc${segment}'], order = 1]]}
2019-10-23 18:54:57.750 DEBUG 19404 --- [     parallel-3] o.s.c.g.h.RoutePredicateHandlerMapping   : [138ab754] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler@697a92af
2019-10-23 18:54:57.750 DEBUG 19404 --- [     parallel-3] o.s.c.g.handler.FilteringWebHandler      : Sorted gatewayFilterFactories: [[GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RemoveCachedBodyFilter@1412682c}, order = -2147483648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.AdaptCachedBodyGlobalFilter@7fc7152e}, order = -2147482648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter@3dea226b}, order = -1], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardPathFilter@15994b0b}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.GatewayMetricsFilter@376b5cb2}, order = 0], [[RewritePath /order(?<segment>.*) = '/svc${segment}'], order = 1], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter@53bb71e5}, order = 10000], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.config.GatewayNoLoadBalancerClientAutoConfiguration$NoLoadBalancerClientFilter@7608a838}, order = 10100], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter@70f4f89e}, order = 2147483646], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter@615e83ac}, order = 2147483647], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter@54a056e4}, order = 2147483647]]
2019-10-23 18:54:57.751 TRACE 19404 --- [     parallel-3] o.s.c.g.filter.RouteToRequestUrlFilter   : RouteToRequestUrlFilter start
2019-10-23 18:54:57.752 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Channel acquired, now 1 active connections and 0 inactive connections
2019-10-23 18:54:57.752 DEBUG 19404 --- [ctor-http-nio-3] r.netty.http.client.HttpClientConnect    : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Handler is being applied: {uri=http://orders-service-v2.tst.xx.com/svc/orders?ordersCode=9519102311031016000, method=GET}
2019-10-23 18:54:57.753 TRACE 19404 --- [ctor-http-nio-3] o.s.c.gateway.filter.NettyRoutingFilter  : outbound route: b4d320c1, inbound: [138ab754] 
2019-10-23 18:54:57.753 DEBUG 19404 --- [ctor-http-nio-3] reactor.netty.channel.FluxReceive        : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: true]
2019-10-23 18:54:57.754 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] onStateChange(GET{uri=/svc/orders?ordersCode=9519102311031016000, connection=PooledConnection{channel=[id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80]}}, [request_sent])
2019-10-23 18:54:57.797 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.client.HttpClientOperations     : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Received response (auto-read:false) : [Server=nginx/1.16.1, Date=Wed, 23 Oct 2019 10:55:05 GMT, Content-Type=application/json;charset=UTF-8, Transfer-Encoding=chunked, Connection=keep-alive, Vary=Accept-Encoding, X-Content-Type-Options=nosniff, X-XSS-Protection=1; mode=block, Cache-Control=no-cache, no-store, max-age=0, must-revalidate, Pragma=no-cache, Expires=0, X-Frame-Options=DENY, X-Application-Context=legacy-orders-service-v2:default:8080]
2019-10-23 18:54:57.797 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] onStateChange(GET{uri=/svc/orders?ordersCode=9519102311031016000, connection=PooledConnection{channel=[id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80]}}, [response_received])
2019-10-23 18:54:57.797 TRACE 19404 --- [ctor-http-nio-3] o.s.c.g.filter.NettyWriteResponseFilter  : NettyWriteResponseFilter start inbound: b4d320c1, outbound: [138ab754] 
2019-10-23 18:54:57.797 DEBUG 19404 --- [ctor-http-nio-3] reactor.netty.channel.FluxReceive        : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
2019-10-23 18:54:57.798 TRACE 19404 --- [ctor-http-nio-3] o.s.c.g.filter.GatewayMetricsFilter      : gateway.requests tags: [tag(httpMethod=GET),tag(httpStatusCode=200),tag(outcome=SUCCESSFUL),tag(routeId=order-api-v2),tag(routeUri=http://orders-service-v2.tst.xx.com:80/),tag(status=OK)]
2019-10-23 18:54:57.799 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.client.HttpClientOperations     : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Received last HTTP packet
2019-10-23 18:54:57.799 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] onStateChange(GET{uri=/svc/orders?ordersCode=9519102311031016000, connection=PooledConnection{channel=[id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80]}}, [disconnecting])
2019-10-23 18:54:57.799 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Releasing channel
2019-10-23 18:54:57.799 DEBUG 19404 --- [ctor-http-nio-3] r.n.resources.PooledConnectionProvider   : [id: 0xb4d320c1, L:/172.17.30.53:62021 - R:orders-service-v2.tst.xx.com/172.24.30.6:80] Channel cleaned, now 0 active connections and 1 inactive connections
2019-10-23 18:54:57.800 TRACE 19404 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter    : [138ab754] Completed 200 OK, headers={masked}
2019-10-23 18:54:57.800 TRACE 19404 --- [ctor-http-nio-3] o.s.h.s.r.ReactorHttpHandlerAdapter      : [138ab754] Handling completed
2019-10-23 18:54:57.800 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations     : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Last HTTP response frame
2019-10-23 18:54:57.802 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations     : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Decreasing pending responses, now 0
2019-10-23 18:54:57.802 DEBUG 19404 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations     : [id: 0x138ab754, L:/0:0:0:0:0:0:0:1:8110 - R:/0:0:0:0:0:0:0:1:62011] Last HTTP packet was sent, terminating the channel

仔细看以上的时间变化会发现有一个地方突然增加了100毫秒,通过研读源代码,依然没能解决,估计是框架的bug,故曲线救国,即要能实现basic验证,又要确保不会莫名延迟100毫秒,故通过全局过滤器解决。

详细解决方式如下:

1 去掉spring-boot-starter-security的maven依赖
2 增加以下全局过滤器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

import java.util.Base64;
import java.util.List;

/**
 * basic验证过滤器
 *
 * @author mafgwo
 * @since 2019/10/23
 */
@Component
public class BasicAuthFilter implements GlobalFilter, Ordered {

    private static final String BASIC = "basic";

    private static final String[] EXCLUDE_URI_PREFIXS = {"/health", "/smartcall/"};

    @Value("${spring.security.user.name}")
    private String username;
    @Value("${spring.security.user.password}")
    private String password;

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        String path = request.getURI().getPath();
        // 直接跳过
        for (int i = 0; i < EXCLUDE_URI_PREFIXS.length; i++) {
            if (request.getURI().getPath().startsWith(EXCLUDE_URI_PREFIXS[i])) {
                return chain.filter(exchange);
            }
        }

        ServerHttpResponse response = exchange.getResponse();
        // 获取header 无请求头则直接返回失败
        List<String> authList = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
        if (CollectionUtils.isEmpty(authList)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return Mono.empty();
        }
        // 取出第一个值
        String basicToken = authList.get(0);
        String[] tokenArr = basicToken.split(" ");
        if (tokenArr.length != 2 || !BASIC.equalsIgnoreCase(tokenArr[0].trim())) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return Mono.empty();
        }
        String token = tokenArr[1].trim();
        // 取出
        String userMsg = username + ":" + password;
        String authorization = Base64.getEncoder().encodeToString(userMsg.getBytes());
        if (!token.equalsIgnoreCase(authorization)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return Mono.empty();
        }
        return chain.filter(exchange);
    }

    @Override
    public int getOrder() {
        return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER - 1;
    }
}

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

曾供职于<br>大厂(阿里)、<br>国企(康佳)、<br>电商与移动社交<br>等互联网公司,<br>技术能力、架构能力过硬。<br><br>我的个人微信:qicoding,<br>请注明来自码蜂窝技术博客,<br>非常欢迎加微信沟通交流<br>(包含但不限于源码、技术点、设<br>计与生产实践中遇到的问题等)