赞
踩
-
- @Component
- public class AccountAuthFilter implements GlobalFilter, Ordered {
-
- private final AuthUtil authUtil;
- private final AuthProperties authProperties;
- private final AntPathMatcher antPathMatcher = new AntPathMatcher();
-
- public AccountAuthFilter(AuthUtil authUtil, AuthProperties authProperties) {
- this.authUtil = authUtil;
- this.authProperties = authProperties;
- }
-
- @Override
- public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
- // 1.获取请求request信息
- ServerHttpRequest request = exchange.getRequest();
- String method = request.getMethodValue();
- String path = request.getPath().toString();
- String antPath = method + ":" + path;
-
- // 2.判断是否是无需登录的路径
- if(isExcludePath(antPath)){
- // 直接放行
- return chain.filter(exchange);
- }
-
- // 3.尝试获取用户信息
- List<String> authHeaders = exchange.getRequest().getHeaders().get(AUTHORIZATION_HEADER);
- String token = authHeaders == null ? "" : authHeaders.get(0);
- R<LoginUserDTO> r = authUtil.parseToken(token);
-
- // 4.如果用户是登录状态,尝试更新请求头,传递用户信息
- if(r.success()){
- exchange.mutate()
- .request(builder -> builder.header(自定义请求头名称, r.getData().getUserId().toString()))
- .build();
- }
-
-
- // 6.放行
- return chain.filter(exchange);
- }
-
- private boolean isExcludePath(String antPath) {
- for (String pathPattern : authProperties.getExcludePath()) {
- if(antPathMatcher.match(pathPattern, antPath)){
- return true;
- }
- }
- return false;
- }
-
- @Override
- public int getOrder() {
- return 1000;
- }
- }
每个微服务都定义一个Filter,获取用户信息。并使用ThreadLocal 将用户信息放入ThreadLocal中,每个微服务都定义很麻烦,所以我们将Filter抽取出来。
-
-
- @Slf4j
- public class UserInfoInterceptor implements HandlerInterceptor {
-
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- // 1.尝试获取头信息中的用户信息
- String authorization = request.getHeader(请求头名称);
- // 2.判断是否为空 因为很多微服务不需要获取用户信息我们不需要拦截
- if (authorization == null) {
- return true;
- }
- // 3.转为用户id并保存
- try {
- Long userId = Long.valueOf(authorization);
- UserContext.setUser(userId);
- return true;
- } catch (NumberFormatException e) {
- log.error("用户身份信息格式不正确,{}, 原因:{}", authorization, e.getMessage());
- return true;
- }
- }
-
- @Override
- public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
- // 清理用户信息
- UserContext.removeUser();
- }
- }
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。