spring gateway

分布式开发时，微服务会有很多，但是网关是请求的第一入口，所以一般会把客户端请求的权限验证统一放在网关进行认证与鉴权。SpringCloud Gateway 作为 Spring Cloud 生态系统中的网关，目标是替代 Zuul，为了提升网关的性能，SpringCloud Gateway是基于WebFlux框架实现的，而WebFlux框架底层则使用了高性能的Reactor模式通信框架Netty。

由于web容器不同，在gateway项目中使用的webflux，是不能和spring-web混合使用的。

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
配置spring security
spring security设置要采用响应式配置，基于WebFlux中WebFilter实现，与Spring MVC的Security是通过Servlet的Filter实现类似，也是一系列filter组成的过滤链。
部分概念是对应的：
ReactiveWeb
@EnableWebFluxSecurity
@EnableWebSecurity
ReactiveSecurityContextHolder
SecurityContextHolder
AuthenticationWebFilter
FilterSecurityInterceptor
ReactiveAuthenticationManager
AuthenticationManager
ReactiveUserDetailsService
UserDetailsService
ReactiveAuthorizationManager
AccessDecisionManager
import java.util.LinkedList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.DelegatingReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
* @Author: pilsy
* @Date: 2020/6/29 0029 16:54
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
   @Autowired
   private AuthenticationConverter authenticationConverter;
   @Autowired
   private AuthorizeConfigManager authorizeConfigManager;
   @Autowired
   private AuthEntryPointException serverAuthenticationEntryPoint;
   @Autowired
   private JsonServerAuthenticationSuccessHandler jsonServerAuthenticationSuccessHandler;
   @Autowired
   private JsonServerAuthenticationFailureHandler jsonServerAuthenticationFailureHandler;
   @Autowired
   private JsonServerLogoutSuccessHandler jsonServerLogoutSuccessHandler;
   @Autowired
   private AuthenticationManager authenticationManager;
   private static final String[] AUTH_WHITELIST = new String[]{"/login", "/logout"};
   @Bean
   public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
       SecurityWebFilterChain chain = http.formLogin()
               .loginPage("/login")
               // 登录成功handler
               .authenticationSuccessHandler(jsonServerAuthenticationSuccessHandler)
               // 登陆失败handler
               .authenticationFailureHandler(jsonServerAuthenticationFailureHandler)
               // 无访问权限handler
               .authenticationEntryPoint(serverAuthenticationEntryPoint)
               .and()
               .logout()
               // 登出成功handler
               .logoutSuccessHandler(jsonServerLogoutSuccessHandler)
               .and()
               .csrf().