资讯专栏INFORMATION COLUMN

Spring Cloud Gateway自定义Token校验过滤器

2450184176 / 1647人阅读

摘要:自定义校验全局过滤器如何应用呢只需要添加注解,不需要进行任何额外的配置,实现接口,自动会对所有的路由起作用总结由于刚接触,有些地方也不是特别熟悉,上面的示例代码仅仅作为参考,如果有错误的地方,还望指正。

一切的业务开发都是基于需求的,首先看看需求:

对访问网关的请求进行token校验,只有当token校验通过时,才转发到后端服务,否则直接返回401

本文给出的示例代码适用场景:

token存放在redis中, key为用户的uid

依赖的pom.xml



    4.0.0

    com.winture
    api-gateway
    0.0.1-SNAPSHOT
    jar

    api-gateway
    Demo project for Spring Boot

    
        org.springframework.boot
        spring-boot-starter-parent
        2.0.4.RELEASE
         
    

    
        UTF-8
        UTF-8
        1.8
        Finchley.SR1
    

    
        
            org.springframework.cloud
            spring-cloud-starter-gateway
        

        
            org.springframework.boot
            spring-boot-starter-data-redis
        

        
            org.springframework.boot
            spring-boot-starter-test
            test
        
    

    
        
            
                org.springframework.cloud
                spring-cloud-dependencies
                ${spring-cloud.version}
                pom
                import
            
        
    

    
        
            
                org.springframework.boot
                spring-boot-maven-plugin
            
        
    

在Spring Cloud Gateway中,主要有两种类型的过滤器:GlobalFilterGatewayFilter

GlobalFilter : 全局过滤器,对所有的路由均起作用

GatewayFilter : 只对指定的路由起作用

1、自定义GatewayFilter

自定义GatewayFilter又有两种实现方式,一种是直接 实现GatewayFilter接口,另一种是 继承AbstractGatewayFilterFactory类 ,任意选一种即可

1.1 实现GatewayFilter接口
package com.winture.gateway.filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.core.Ordered;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/**
 * token校验过滤器
 * @Version V1.0
 */
public class AuthorizeGatewayFilter implements GatewayFilter, Ordered {

    private static final String AUTHORIZE_TOKEN = "token";
    private static final String AUTHORIZE_UID = "uid";

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        HttpHeaders headers = request.getHeaders();
        String token = headers.getFirst(AUTHORIZE_TOKEN);
        String uid = headers.getFirst(AUTHORIZE_UID);
        if (token == null) {
            token = request.getQueryParams().getFirst(AUTHORIZE_TOKEN);
        }
        if (uid == null) {
            uid = request.getQueryParams().getFirst(AUTHORIZE_UID);
        }

        ServerHttpResponse response = exchange.getResponse();
        if (StringUtils.isEmpty(token) || StringUtils.isEmpty(uid)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        }
        String authToken = stringRedisTemplate.opsForValue().get(uid);
        if (authToken == null || !authToken.equals(token)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        }

        return chain.filter(exchange);
    }

    @Override
    public int getOrder() {
        return 0;
    }

}

首先从header头信息中获取uid和token信息,如果token或者uid为null,则从请求参数中尝试再次获取,如果依然不存在token或者uid,则直接返回401状态吗,同时结束请求;如果两者都存在,则根据uid从redis中读取保存的authToken,并和请求中传输的token进行比对,比对一样则继续通过过滤器链,否则直接结束请求,返回401.

如何应用 AuthorizeGatewayFilter 呢?

package com.winture.gateway;

import com.winture.gateway.filter.AuthorizeGatewayFilter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.context.annotation.Bean;

@SpringBootApplication
public class GatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(GatewayApplication.class, args);
    }

    @Bean
    public RouteLocator routeLocator(RouteLocatorBuilder builder) {
        return builder.routes().route(r ->
                r.path("/user/list")
                .uri("http://localhost:8077/api/user/list")
                .filters(new AuthorizeGatewayFilter())
                .id("user-service"))
            .build();
    }
}
1.2 继承AbstractGatewayFilterFactory类
package com.winture.gateway.filter.factory;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;

import java.util.Arrays;
import java.util.List;

@Component
public class AuthorizeGatewayFilterFactory extends AbstractGatewayFilterFactory {

    private static final Log logger = LogFactory.getLog(AuthorizeGatewayFilterFactory.class);

    private static final String AUTHORIZE_TOKEN = "token";
    private static final String AUTHORIZE_UID = "uid";

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    public AuthorizeGatewayFilterFactory() {
        super(Config.class);
        logger.info("Loaded GatewayFilterFactory [Authorize]");
    }

    @Override
    public List shortcutFieldOrder() {
        return Arrays.asList("enabled");
    }

    @Override
    public GatewayFilter apply(AuthorizeGatewayFilterFactory.Config config) {
        return (exchange, chain) -> {
            if (!config.isEnabled()) {
                return chain.filter(exchange);
            }

            ServerHttpRequest request = exchange.getRequest();
            HttpHeaders headers = request.getHeaders();
            String token = headers.getFirst(AUTHORIZE_TOKEN);
            String uid = headers.getFirst(AUTHORIZE_UID);
            if (token == null) {
                token = request.getQueryParams().getFirst(AUTHORIZE_TOKEN);
            }
            if (uid == null) {
                uid = request.getQueryParams().getFirst(AUTHORIZE_UID);
            }

            ServerHttpResponse response = exchange.getResponse();
            if (StringUtils.isEmpty(token) || StringUtils.isEmpty(uid)) {
                response.setStatusCode(HttpStatus.UNAUTHORIZED);
                return response.setComplete();
            }
            String authToken = stringRedisTemplate.opsForValue().get(uid);
            if (authToken == null || !authToken.equals(token)) {
                response.setStatusCode(HttpStatus.UNAUTHORIZED);
                return response.setComplete();
            }
            return chain.filter(exchange);
        };
    }

    public static class Config {
        // 控制是否开启认证
        private boolean enabled;

        public Config() {}

        public boolean isEnabled() {
            return enabled;
        }

        public void setEnabled(boolean enabled) {
            this.enabled = enabled;
        }
    }
}

如何应用 AuthorizeGatewayFilterFactory 呢?

# 网关路由配置
spring:
  cloud:
    gateway:
      routes:
      - id: user-service
        uri: http://localhost:8077/api/user/list
        predicates:
        - Path=/user/list
        filters:
        # 关键在下面一句,值为true则开启认证,false则不开启
        # 这种配置方式和spring cloud gateway内置的GatewayFilterFactory一致
        - Authorize=true

上面的两种方式都可以实现对访问网关的 特定请求 进行token校验,如果想对 所有的请求 都进行token校验,那么可以采用实现 GlobalFilter 方式。

2、自定义GlobalFilter
package com.winture.gateway.filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/**
 * token校验全局过滤器
 * @Version V1.0
 */
@Component
public class AuthorizeFilter implements GlobalFilter, Ordered {
    private static final String AUTHORIZE_TOKEN = "token";
    private static final String AUTHORIZE_UID = "uid";

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        HttpHeaders headers = request.getHeaders();
        String token = headers.getFirst(AUTHORIZE_TOKEN);
        String uid = headers.getFirst(AUTHORIZE_UID);
        if (token == null) {
            token = request.getQueryParams().getFirst(AUTHORIZE_TOKEN);
        }
        if (uid == null) {
            uid = request.getQueryParams().getFirst(AUTHORIZE_UID);
        }

        ServerHttpResponse response = exchange.getResponse();
        if (StringUtils.isEmpty(token) || StringUtils.isEmpty(uid)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        }
        String authToken = stringRedisTemplate.opsForValue().get(uid);
        if (authToken == null || !authToken.equals(token)) {
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        }

        return chain.filter(exchange);
    }

    @Override
    public int getOrder() {
        return 0;
    }
}

如何应用 AuthorizeFilter 呢?

只需要添加 @Component 注解,不需要进行任何额外的配置,实现GlobalFilter接口,自动会对所有的路由起作用
3、总结

由于刚接触Spring Cloud Gateway,有些地方也不是特别熟悉,上面的示例代码仅仅作为参考,如果有错误的地方,还望指正。

备注

运行上面的代码,需要先启动redis服务,由于没有配置redis的地址和端口,默认采用localhost和6379端口,如果不一致,请自行在application.yml文件中配置即可;

网关的端口采用默认的8080;

当通过网关访问/user/list时,如果token验证通过,会转发到 http://localhost:8077/api/user/list 上,这是另外的一个接口服务,自行根据实际情况修改;

参考学习:

Spring Cloud Gateway官方文档

Spring Cloud Gateway源代码

文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。

转载请注明本文地址:https://www.ucloud.cn/yun/76929.html

相关文章

  • Spring Cloud Gateway 使用 Token 验证

    摘要:引入依赖自定义过滤器可以继承或实现实现过滤请求功能只能指定路径上应用去掉路径的个前缀输入过滤器类的名称前缀可以在全局应用 引入依赖 org.springframework.cloud spring-cloud-dependencies ${spring-cloud.version} ...

    Pikachu 评论0 收藏0
  • 服务网关 Zuul 与 Redis 结合实现 Token 权限校验

    摘要:项目地址本文将分四部分介绍登录逻辑前置过滤器校验逻辑工具类演示验证一登录逻辑登录成功后,将生成的存储在中。键是用户值是二前置过滤器继承自,必须实现的四个方法。 这两天在写项目的全局权限校验,用 Zuul 作为服务网关,在 Zuul 的前置过滤器里做的校验。 权限校验或者身份验证就不得不提 Token,目前 Token 的验证方式有很多种,有生成 Token 后将 Token 存储在 R...

    flyer_dev 评论0 收藏0
  • [Spring cloud 一步步实现广告系统] 6. Service实现&Zuul配置&a

    摘要:所以,没必要过分纠结这种信息,咬文嚼字有时候反而会适得其反。若初通用错误信息异常类请求参数异常用户已存在用户不存在在下面创建一个工具类用来对用户进行加密来获取信息。工具类若初加密参考创建用户的实现,依次实现其他表操作。 DAO层设计实现 这里我们使用Spring DATA JPA来实现数据库操作,当然大家也可以使用Mybatis,都是一样的,我们依然以用户表操作为例: /** * A...

    孙淑建 评论0 收藏0

发表评论

0条评论

最新活动
阅读需要支付1元查看
<