使得原来的过滤器失效
方法1:
注释@Component
方法2:shouldFilter改为return false;
5 身份校验
5.1 需求分析
本小节实现网关连接Redis校验令牌:
1、从cookie查询用户身份令牌是否存在,不存在则拒绝访问
2、从http header查询jwt令牌是否存在,不存在则拒绝访问
3、从Redis查询user_token令牌是否过期,过期则拒绝访问
5.2 编码代码
1、配置application.yml
配置 redis链接参数:
2、使用StringRedisTemplate查询key的有效期
在service包下定义AuthService类:
@Service
public class AuthService {
@Autowired
StringRedisTemplate stringRedisTemplate;
//从头取出jwt令牌
public String getJwtFromHeader(HttpServletRequest request){
//取出头信息
String authorization = request.getHeader("Authorization");
if(StringUtils.isEmpty(authorization)){
return null;
}
if(!authorization.startsWith("Bearer ")){
return null;
}
//取到jwt令牌
String jwt = authorization.substring(7);
return jwt;
}
//从cookie取出token
//查询身份令牌
public String getTokenFromCookie(HttpServletRequest request){
Map<String, String> cookieMap = CookieUtil.readCookie(request, "uid");
String access_token = cookieMap.get("uid");
if(StringUtils.isEmpty(access_token)){
return null;
}
return access_token;
}
//查询令牌的有效期
public long getExpire(String access_token){
//key
String key = "user_token:"+access_token;
Long expire = stringRedisTemplate.getExpire(key, TimeUnit.SECONDS);
return expire;
}
}
说明:由于令牌存储时采用String序列化策略,所以这里用 StringRedisTemplate来查询,使用RedisTemplate无
法完成查询。
3、定义LoginFilter
@Component
public class LoginFilter extends ZuulFilter {
@Autowired
AuthService authService;
//过虑器的类型
@Override
public String filterType() {
/**
pre:请求在被路由之前执行
routing:在路由请求时调用
post:在routing和errror过滤器之后调用
error:处理请求时发生错误调用
*/
return "pre";
}
//过虑器序号,越小越被优先执行
@Override
public int filterOrder() {
return 0;
}
@Override
public boolean shouldFilter() {
//返回true表示要执行此过虑器
return true;
}
//过虑器的内容
//测试的需求:过虑所有请求,判断头部信息是否有Authorization,如果没有则拒绝访问,否则转发到微服务。
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
//得到request
HttpServletRequest request = requestContext.getRequest();
//得到response
HttpServletResponse response = requestContext.getResponse();
//取cookie中的身份令牌
String tokenFromCookie = authService.getTokenFromCookie(request);
if(StringUtils.isEmpty(tokenFromCookie)){
//拒绝访问
access_denied();
return null;
}
//从header中取jwt
String jwtFromHeader = authService.getJwtFromHeader(request);
if(StringUtils.isEmpty(jwtFromHeader)){
//拒绝访问
access_denied();
return null;
}
//从redis取出jwt的过期时间
long expire = authService.getExpire(tokenFromCookie);
if(expire<0){
//拒绝访问
access_denied();
return null;
}
return null;
}
//拒绝访问
private void access_denied(){
RequestContext requestContext = RequestContext.getCurrentContext();
//得到response
HttpServletResponse response = requestContext.getResponse();
//拒绝访问
requestContext.setSendZuulResponse(false);
//设置响应代码
requestContext.setResponseStatusCode(200);
//构建响应的信息
ResponseResult responseResult = new ResponseResult(CommonCode.UNAUTHENTICATED);
//转成json
String jsonString = JSON.toJSONString(responseResult);
requestContext.setResponseBody(jsonString);
//转成json,设置contentType
response.setContentType("application/json;charset=utf-8");
}
}