【Feign扩展】Feign支持BasicAuth验证

最新推荐文章于 2025-03-05 12:47:01 发布

秋装什么

最新推荐文章于 2025-03-05 12:47:01 发布

阅读量1.5k

点赞数 1

文章标签： java jvm spring

本文链接：https://blog.csdn.net/qq_42985872/article/details/130363643

版权

文章介绍了如何在微服务接口中增强安全性，特别是对重要接口使用BasicAuth鉴权。通过在FeignClient中添加自定义配置，创建BasicAuthRequestInterceptor，将账号密码配置在application.yaml中，并在请求头中添加Authorization。这样，每次请求都会自动附带鉴权信息。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、背景

一些比较重要的微服务，我们暴露的接口可能会希望安全性更高一些，此时，我们会给这些接口增加一些鉴权，如比较简单且方便的鉴权方式Basic Auth鉴权，此时，针对这些有Basic Auth鉴权的接口，我们该如何写Feign，其实是通过覆盖Feign的默认配置来支持鉴权。

二、步骤

FeignClient的属性configuration增加自定义配置Configuration.class

@FeignClient(name = "mytest-server", configuration = Configuration.class)
public interface Client {
    //..
}

Configuration如下(特别注意，别加@Configuration注解，避免扫包扫到导致给全局的Feign都增加了BasicAuthRequestInterceptor拦截器)：

/**
 * basic验证配置
 */
@EnableConfigurationProperties({Properties.class})
public class Configuration {
    @Autowired
    private Properties properties;
    public Configuration() {
    }
    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
        return new BasicAuthRequestInterceptor(properties.getUsername(), properties.getPassword());
    }
}

其中Properties.java为

/**
 * basic验证配置
 */
@ConfigurationProperties(prefix = "mytest")
@Data
public class Properties {
    private String username;
    private String password;
}

application.yaml增加basic auth账号密码配置如下：

mytest:
    username: test
    password: 123456

三、源码解析

核心就是请求头上添加Authorization=Basic xxx

public class BasicAuthRequestInterceptor implements RequestInterceptor {

  private final String headerValue;

  /**
   * Creates an interceptor that authenticates all requests with the specified username and password
   * encoded using ISO-8859-1.
   *
   * @param username the username to use for authentication
   * @param password the password to use for authentication
   */
  public BasicAuthRequestInterceptor(String username, String password) {
    this(username, password, ISO_8859_1);
  }

  /**
   * Creates an interceptor that authenticates all requests with the specified username and password
   * encoded using the specified charset.
   *
   * @param username the username to use for authentication
   * @param password the password to use for authentication
   * @param charset the charset to use when encoding the credentials
   */
  public BasicAuthRequestInterceptor(String username, String password, Charset charset) {
    checkNotNull(username, "username");
    checkNotNull(password, "password");
    this.headerValue = "Basic " + base64Encode((username + ":" + password).getBytes(charset));
  }

  /*
   * This uses a Sun internal method; if we ever encounter a case where this method is not
   * available, the appropriate response would be to pull the necessary portions of Guava's
   * BaseEncoding class into Util.
   */
  private static String base64Encode(byte[] bytes) {
    return Base64.encode(bytes);
  }

  @Override
  public void apply(RequestTemplate template) {
    template.header("Authorization", headerValue);
  }
}