思路:在gateway 的GlobalFilter全局过滤器中,创建一个高优先级的过滤器,使用openfeign调用oauth2-service中的/oauth/check_token,用于token验证。
filter如下
@Component
public class Oauth2Filter implements GlobalFilter, Ordered {
@Autowired
@Lazy
private Oauth2FeignClient oauth2FeignClient;
@SneakyThrows
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
String requestUrl = request.getURI().getPath();
//排除不需要验证的path
if (requestUrl.contains("/user/register")) {
chain.filter(exchange);
}
//验证token
String token = request.getHeaders().getFirst("Authorization");
ExecutorService executorService = Executors.newSingleThreadExecutor();
// Map<String, Object> tokenRes = oauth2FeignClient.check(token);
CompletableFuture<Map<String, Object>> future = CompletableFuture.supplyAsync(() -> oauth2FeignClient.check(token));
Map<String, Object> map = future.get();
if (!Boolean.valueOf(String.valueOf(map.get("active")))) {
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
//添加tracingId以便后续log追踪
String tracingId = UUID.randomUUID().toString().replaceAll("-", "");
ServerHttpRequest serverHttpRequest = request.mutate().headers(header -> {
header.set("tracingId", tracingId);
}).build();
exchange.mutate().request(serverHttpRequest);
return chain.filter(exchange);
}
@Override
public int getOrder() {
return 0;
}
}
使用openfeign调用oauth2的token验证
@FeignClient("oauth2-service")
public interface Oauth2FeignClient {
@RequestMapping(value = "/oauth/check_token")
Map<String,Object> check(@RequestParam String token);
}
测试
访问gateway的9999端口,凭有效token,转发到了user-service服务
