目录
一、gateway的全局过滤器
二、web的OncePerRequestFilter以及常见过滤器Filter
三、过滤器排序
一、gateway的全局过滤器
@Component
@Slf4j
public class GatewayAuthFilter implements GlobalFilter, Ordered {@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {Map<String, Object> jsonToken = new HashMap<>();jsonToken.put("principal", "lanjie");ArrayList<String> permissions = new ArrayList<>(Arrays.asList("getUser", "getUser1"));jsonToken.put("authorities", permissions);String token = EncryptUtil.encodeUTF8StringBase64(JSON.toJSONString(jsonToken));HttpHeaders headers = exchange.getRequest().getHeaders();
// List<String> authorization = exchange.getRequest().getQueryParams().get("Authorization");List<String> authorization = null;try {authorization =headers.get("Authorization") ;} catch (Exception e) {e.printStackTrace();}ServerHttpRequest request=null;if(authorization==null){request = exchange.getRequest().mutate().header("json-token", token).build();}else{request= exchange.getRequest().mutate().header("json-token", token).header("jwt", authorization.get(0)).build();}//将现在的request 变成 change对象ServerWebExchange build = exchange.mutate().request(request).build();return chain.filter(build);}private List<String> getStrings(HttpHeaders headers) {List<String> authorization = headers.get("Authorization");return authorization;}@Overridepublic int getOrder() {return 0;}
}核心部分:
request= exchange.getRequest().mutate().header("json-token", token).header("jwt", authorization.get(0)).build();二、web的OncePerRequestFilter以及常见过滤器Filter
基于HttpServletRequest
@Component
@Slf4j
@Order(Ordered.HIGHEST_PRECEDENCE)
public class TokenAuthenticationFilter extends OncePerRequestFilter{@Overrideprotected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponsehttpServletResponse, FilterChain filterChain) throws ServletException, IOException {Enumeration<String> headerNames = httpServletRequest.getHeaderNames();String token=null;while (headerNames.hasMoreElements()) {String headerName = headerNames.nextElement();String headerValue = httpServletRequest.getHeader(headerName);if(headerName.equals("json-token")){token=headerValue;}// 处理请求头信息log.info("{}:{}",headerName,headerValue);}String jwt=httpServletRequest.getHeader("jwt");
//原有的请求头依然存在HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(httpServletRequest);requestWrapper.addHeader("Authorization",jwt);
// String token = httpServletRequest.getHeader("json‐token");if (token != null){//1.解析tokenString json = EncryptUtil.decodeUTF8StringBase64(token);JSONObject userJson = JSON.parseObject(json);UserDTO user = new UserDTO();user.setUsername(userJson.getString("principal"));JSONArray authoritiesArray = userJson.getJSONArray("authorities");String [] authorities = authoritiesArray.toArray( newString[authoritiesArray.size()]);
// 2.新建并填充authenticationUsernamePasswordAuthenticationToken authentication = newUsernamePasswordAuthenticationToken(user, null, AuthorityUtils.createAuthorityList(authorities));authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));//3.将authentication保存进安全上下文SecurityContextHolder.getContext().setAuthentication(authentication);}filterChain.doFilter(requestWrapper, httpServletResponse);}
}核心代码:
//新建类并添加请求头参数
HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(httpServletRequest);requestWrapper.addHeader("Authorization",jwt);//返回
filterChain.doFilter(requestWrapper, httpServletResponse);封装类
package cn.itcast.order.utils;import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;/*** @Auther: lan* @Date: 2024/5/23 12:00* @Description:*/
public class HeaderMapRequestWrapper extends HttpServletRequestWrapper{public HeaderMapRequestWrapper(HttpServletRequest request) {super(request);}private Map<String, String> headerMap = new HashMap<String, String>();/*** add a header with given name and value** @param name* @param value*/public void addHeader(String name, String value) {headerMap.put(name, value);}@Overridepublic String getHeader(String name) {String headerValue = super.getHeader(name);if (headerMap.containsKey(name)) {headerValue = headerMap.get(name);}return headerValue;}/*** get the Header names*/@Overridepublic Enumeration<String> getHeaderNames() {List<String> names = Collections.list(super.getHeaderNames());for (String name : headerMap.keySet()) {names.add(name);}return Collections.enumeration(names);}@Overridepublic Enumeration<String> getHeaders(String name) {List<String> values = Collections.list(super.getHeaders(name));if (headerMap.containsKey(name)) {values.add(headerMap.get(name));}return Collections.enumeration(values);}
}三、过滤器排序
有时候存在使用@Order(1) 不生效
如oauth2的过滤器即使order值比较大 仍会先执行
使用:表示最优先
@Order(Ordered.HIGHEST_PRECEDENCE)第二优先:
@Order(Ordered.HIGHEST_PRECEDENCE+1)以此类推
)
)
