@Component @Log4j2 public class AuthorizeFilter implements GlobalFilter, Ordered{ @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { //1.获取请求对象和响应对象 ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); //2.判断当前的请求是否为登录,如果是,直接放行 if(request.getURI().getPath().contains("/login/in")){ //放行 return chain.filter(exchange); } //3.获取当前用户的请求头jwt HttpHeaders headers = request.getHeaders(); String jwtToken = headers.getFirst("token"); //4.判断当前令牌是否存在 if(StringUtils.isEmpty(jwtToken)){ response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } try { //5.如果令牌存在,解析jwt令牌,判断该令牌是否合法,如果不合法则向客户端返回错误信息 Claims claims=AppJwtUtil.getClaimsBody(jwtToken); int result = AppJwtUtil.verifyToken(claims); if (result==0 ||result==-1){ //5.1合法,则向header中重新设置userId Integer id= (Integer) claims.get("id"); log.info("find userid:{} from uri:{}",id,request.getURI()); //重新设置token到header中 ServerHttpRequest serverHttpRequest =request.mutate().headers(httpHeaders->{ httpHeaders.add("userId", id + ""); }).build(); exchange.mutate().request(serverHttpRequest).build(); } //解析失败就抛异常 } catch (Exception e) { e.printStackTrace(); //向客户端返回错误提示信息 response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } //6.放行 return chain.filter(exchange); } /** * 优先级设置 * 值越小,优先级越高 * @return */ @Override public int getOrder() { return 0; } }
使用JWT实现用户单点登录的过滤器
最新推荐文章于 2023-09-14 15:35:31 发布