【sentinel】深入浅出之原理篇AuthoritySlot

作者: 一滴水的坚持 | 来源:发表于2019-03-19 17:34 被阅读0次

【sentinel】深入浅出之原理篇AuthoritySlot
【sentinel】深入浅出之原理篇SlotChain
【sentinel】深入浅出之原理篇DegradeSlot
【sentinel】深入浅出之原理篇NodeSelectorSl
【sentinel】深入浅出之原理篇SystemSlot
【sentinel】深入浅出之原理篇ClusterBuilder
【sentinel】深入浅出之原理篇FlowSlot
【sentinel】深入浅出之原理篇实体模型
【sentinel】深入浅出之原理篇StatisticSlot&
深入浅出Redis-redis哨兵集群

AuthorizationSlot则根据黑白名单，来做黑白名单控制；
如果该resource配置了AuthorityRule,则根据策略判断该资源请求的请求来源(origin)是否在配置规则LimitApp中((,)隔开)和策略判断，是否检查通过。

如果是白名单
- 判断origin是否在limitApp中，如果在，则返回true，否则返回false
如果为黑名单
- 判断origin是否在limitApp中，如果在，则返回false，否则返回true

public class AuthoritySlot extends AbstractLinkedProcessorSlot<DefaultNode> {
    @Override
    public void entry(Context context, ResourceWrapper resourceWrapper, DefaultNode node, int count, boolean prioritized, Object... args)
        throws Throwable {
        //检查黑白名单
        checkBlackWhiteAuthority(resourceWrapper, context);
        fireEntry(context, resourceWrapper, node, count, prioritized, args);
    }

    @Override
    public void exit(Context context, ResourceWrapper resourceWrapper, int count, Object... args) {
        fireExit(context, resourceWrapper, count, args);
    }

    void checkBlackWhiteAuthority(ResourceWrapper resource, Context context) throws AuthorityException {
        //获取认证的规则
        Map<String, List<AuthorityRule>> authorityRules = AuthorityRuleManager.getAuthorityRules();
        if (authorityRules == null) {
            return;
        }
        //根据resourceName获取该资源下对应的规则
        List<AuthorityRule> rules = authorityRules.get(resource.getName());
        if (rules == null) {
            return;
        }
        for (AuthorityRule rule : rules) {
            //认证检查
            if (!AuthorityRuleChecker.passCheck(rule, context)) {
                throw new AuthorityException(context.getOrigin(), rule);
            }
        }
    }
}

检查逻辑在AuthorityRuleChecker:

final class AuthorityRuleChecker {

    static boolean passCheck(AuthorityRule rule, Context context) {

        String requester = context.getOrigin();
        // 获取orgin请求来源，如果为请求来源为null或者limitApp为null则直接返回通过
        if (StringUtil.isEmpty(requester) || StringUtil.isEmpty(rule.getLimitApp())) {
            return true;
        }

        //判断limitApp是否含有origin
        int pos = rule.getLimitApp().indexOf(requester);
        boolean contain = pos > -1;
        if (contain) {
            boolean exactlyMatch = false;
            String[] appArray = rule.getLimitApp().split(",");
            for (String app : appArray) {
                if (requester.equals(app)) {
                    exactlyMatch = true;
                    break;
                }
            }

            contain = exactlyMatch;
        }
        //根据策略处理是否包含，判断是否通过
        int strategy = rule.getStrategy();
        if (strategy == RuleConstant.AUTHORITY_BLACK && contain) {
            return false;
        }

        if (strategy == RuleConstant.AUTHORITY_WHITE && !contain) {
            return false;
        }
        return true;
    }

    private AuthorityRuleChecker() {}
}

AuthorityRule的配置更新和SystemSlot一样，更新依赖于AuthorityRuleManager的loadRules方法。