话不多说,直接上代码
过滤器的基本逻辑:
- 获取cookie中的token
- 通过JWT对token进行校验
- 通过:则放行;不通过:则响应认证未通过
过滤器AuthGatewayFilter
import com.atguigu.core.utils.JwtUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.http.HttpCookie;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@Component
@EnableConfigurationProperties(JwtProperties.class)
public class AuthGatewayFilter implements GatewayFilter {
@Autowired
private JwtProperties jwtProperties;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
// 获取request和response,注意:不是HttpServletRequest及HttpServletResponse
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
// 获取所有cookie
MultiValueMap<String, HttpCookie> cookies = request.getCookies();
// 如果cookies为空或者不包含指定的token,则相应认证未通过
if (CollectionUtils.isEmpty(cookies) || !cookies.containsKey(this.jwtProperties.getCookieName())) {
// 响应未认证!
response.setStatusCode(HttpStatus.UNAUTHORIZED);
// 结束请求
return response.setComplete();
}
// 获取cookie
HttpCookie cookie = cookies.getFirst(this.jwtProperties.getCookieName());
// 判断jwt类型的token是否为诶null
if (cookie == null) {
// 拦截
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
try {
// 校验cookie
JwtUtils.getInfoFromToken(cookie.getValue(), this.jwtProperties.getPublicKey());
} catch (Exception e) {
e.printStackTrace();
// 校验失败,响应未认证
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
// 认证通过放行
return chain.filter(exchange);
}
}
过滤器工厂AuthGatewayFilterFactory
@Component
public class AuthGatewayFilterFactory extends AbstractGatewayFilterFactory<Object> {
@Autowired
private AuthGatewayFilter authGatewayFilter;
@Override
public GatewayFilter apply(Object config) {
return authGatewayFilter;
}
}
在配置文件中使用
异常解决
如果网关报如下错误:
原因:springCloud-gateway内部集成的是webflux而不是servlet,所以需要排除servlet相关的依赖。
tomcat是servlet容器