話不多說,直接上代碼
過濾器的基本邏輯:
- 獲取cookie中的token
- 通過JWT對token進行校驗
- 通過:則放行;不通過:則響應認證未通過
過濾器AuthGatewayFilter
import com.atguigu.core.utils.JwtUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.http.HttpCookie;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@Component
@EnableConfigurationProperties(JwtProperties.class)
public class AuthGatewayFilter implements GatewayFilter {
@Autowired
private JwtProperties jwtProperties;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
// 獲取request和response,注意:不是HttpServletRequest及HttpServletResponse
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
// 獲取所有cookie
MultiValueMap<String, HttpCookie> cookies = request.getCookies();
// 如果cookies爲空或者不包含指定的token,則相應認證未通過
if (CollectionUtils.isEmpty(cookies) || !cookies.containsKey(this.jwtProperties.getCookieName())) {
// 響應未認證!
response.setStatusCode(HttpStatus.UNAUTHORIZED);
// 結束請求
return response.setComplete();
}
// 獲取cookie
HttpCookie cookie = cookies.getFirst(this.jwtProperties.getCookieName());
// 判斷jwt類型的token是否爲誒null
if (cookie == null) {
// 攔截
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
try {
// 校驗cookie
JwtUtils.getInfoFromToken(cookie.getValue(), this.jwtProperties.getPublicKey());
} catch (Exception e) {
e.printStackTrace();
// 校驗失敗,響應未認證
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
// 認證通過放行
return chain.filter(exchange);
}
}
過濾器工廠AuthGatewayFilterFactory
@Component
public class AuthGatewayFilterFactory extends AbstractGatewayFilterFactory<Object> {
@Autowired
private AuthGatewayFilter authGatewayFilter;
@Override
public GatewayFilter apply(Object config) {
return authGatewayFilter;
}
}
在配置文件中使用
異常解決
如果網關報如下錯誤:
原因:springCloud-gateway內部集成的是webflux而不是servlet,所以需要排除servlet相關的依賴。
tomcat是servlet容器