如何在网关转发请求之前完成登录校检?NettyRoutingFilter负责转发
GlobalFilter 网关模块中实现
自定义基础模板
@Component
public class MyGlobalFilter implements GlobalFilter , Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
System.out.println("This is MyGlobalFilter");
exchange.getRequest().getHeaders().forEach((k,v)->{
System.out.println(k+":"+v);
});
return chain.filter(exchange);
}
//顺序 越小越先执行
@Override
public int getOrder() {
return 0;
}
}通过前端发送到后端的校检
JWT 校检模板
@Component
public class MyGlobalFilter implements GlobalFilter , Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
System.out.println("This is MyGlobalFilter");
// 1.获取请求头中的tokens或者request
List<String> tokenHeaders = exchange.getRequest().getHeaders().get("token");
String realtoken = null;
// 2.判断是否需要做登录拦截
RequestPath path = exchange.getRequest().getPath();
String realpath = path.value();
System.out.println("realpath"+realpath);
if(realpath.contains("login")||realpath.contains("register")){
return chain.filter(exchange);
}
//3.判断是否携带token
if(tokenHeaders!=null){
realtoken = tokenHeaders.get(0);
}else {
//没有token
//返回错误信息 111 没有token
exchange.getResponse().setRawStatusCode(777);
//结束传递
return exchange.getResponse().setComplete();
}
// 4.判断token是否有效
Claims claims = null;
try{
claims = JwtUtil.parseJWT("123456",realtoken);
}catch (Exception e){
// 002 token无效
exchange.getResponse().setRawStatusCode(222);
return exchange.getResponse().setComplete();
}
//5.将用户信息传递
System.out.println("用户信息id"+claims.get("userid"));
//6 放行
return chain.filter(exchange);
}
//顺序 越小越先执行
@Override
public int getOrder() {
return 0;
}
}JWT校检模板2
@Component
@RequiredArgsConstructor
@EnableConfigurationProperties(AuthProperties.class)
public class AuthGlobalFilter implements GlobalFilter, Ordered {
private final JwtTool jwtTool;
private final AuthProperties authProperties;
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
// 1.获取Request
ServerHttpRequest request = exchange.getRequest();
// 2.判断是否不需要拦截
if(isExclude(request.getPath().toString())){
// 无需拦截,直接放行
return chain.filter(exchange);
}
// 3.获取请求头中的token
String token = null;
List<String> headers = request.getHeaders().get("authorization");
if (!CollUtils.isEmpty(headers)) {
token = headers.get(0);
}
// 4.校验并解析token
Long userId = null;
try {
userId = jwtTool.parseToken(token);
} catch (UnauthorizedException e) {
// 如果无效,拦截
ServerHttpResponse response = exchange.getResponse();
response.setRawStatusCode(401);
return response.setComplete();
}
// TODO 5.如果有效,传递用户信息
System.out.println("userId = " + userId);
// 6.放行
return chain.filter(exchange);
}
private boolean isExclude(String antPath) {
for (String pathPattern : authProperties.getExcludePaths()) {
if(antPathMatcher.match(pathPattern, antPath)){
return true;
}
}
return false;
}
@Override
public int getOrder() {
return 0;
}
}