1、使用nginx作反向代理
server {
listen 8080;
location /zhxy/ {
proxy_pass http://10.189.0.121:32444/zhxy/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 提取 GET 参数中的 authorization
set $auth_token $arg_authorization;
proxy_set_header Authorization $auth_token;
# JWT 鉴权
auth_request /auth;
}
location = /auth {
internal;
proxy_pass http://localhost:2300/xxx/auth;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Authorization $auth_token;
}
}
2、在请求的参数中加入身份标志,可以使用header,我目前使用get参数authorization带JWT的身份信息
例如:http://10.189.0.191:32444/zhxy/xxx.jpg?authorization=jwt
3、在后端服务中增加auth接口
@GetMapping(value = "/auth", name = "鉴权")
public ResponseEntity<Void> auth(HttpServletRequest request) {
String authorization = request.getHeader("Authorization");
String token = JwtUtils.getToken(authorization);
log.info("token:{}", token);
if (StrUtil.isBlank(token)) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
return ResponseEntity.ok().build();
}
nginx会根据auth接口返回的状态执行下一步操作