去年写了一个基于前端vue的token认证。现在把后端的也补上。以前在网上看到过一篇,基于此篇改造了一下。(我的存储库选用的是redis。此认证适用于HTTP及WebSocket)
只需要6步即可。直接复制粘贴即可直接使用!
需引入如下包:
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
1.过滤器。实现url拦截,并判断是否需要权限认证。
JwtTokenFilter.java
package com.gateway.config;
import com.gateway.service.AuthService;
import com.gateway.service.IPService;
import com.gateway.tool.ResultData;
import com.google.gson.Gson;
import io.jsonwebtoken.ExpiredJwtException;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import javax.annotation.Resource;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Objects;
/**
* 描述: JwtToken 过滤器
*
* @Auther: qiemengyan
*/
@Component
//读取 yml 文件下的 org.my.jwt
@ConfigurationProperties("org.my.jwt")
@Data
@Slf4j
public class JwtTokenFilter implements GlobalFilter, Ordered {
private String[] skipAuthUrls;
@Resource
private AuthService authService;
@Override
public int getOrder() {
return -100;
}
/**
* 过滤器
*
* @param exchange 链路处理
* @param chain 拦截或放行
* @return 鉴权结果
*/
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
String url = exchange.getRequest().getURI().getPath();
String token;
ServerHttpResponse resp = exchange.getResponse();
//跳过不需要验证的路径,该路径写在了配置文件中
if (null != skipAuthUrls && Arrays.asList(skip