With Zuul I can easily define custom filters that are activated before or after the request is forwarded to the specific service.
Is there a way to block requests from being forwarded at a "pre" filter level, and send immediately the response to the client?
I know something similar is doable with "static" filters, but I need to decide per request (based on the presence of certain parameters/headers in the request itself).
解决方案
Here is an example of how I use zuul-filter to check for an API-key being authorized. If not, I send a 401 response to the client.
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
String apiKey = request.getHeader("X-API-KEY");
if (!isAuthorized(apiKey)){
// blocks the request
ctx.setSendZuulResponse(false);
// response to client
ctx.setResponseBody("API key not authorized");
ctx.getResponse().setHeader("Content-Type", "text/plain;charset=UTF-8");
ctx.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value());
}
return null;
}
Note that if the client's API key is not authorized, all other filters will still be run, but the request will still fail due to ctx.setSendZuulResponse(false).
When failing a response, it will by default be empty - that is, there is no headers such as Content-Type etc. It is a good idea to set them yourself so a client's browser etc. knows how to parse the response body.
1048
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
