参考:https://blog.csdn.net/weixin_43296313/article/details/121126811
基于从前的项目:https://www.cnblogs.com/xsj1989/p/18350213
在网关项目下创建全局过滤器
package com.xcg.filters; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import com.xcg.common.JwtUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.core.Ordered; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.stereotype.Component; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; import java.util.Map; @Component public class AuthorizeFilter implements GlobalFilter, Ordered { //自定密钥,最好搞长一点 public static final String TokenKey = "8FA593CF2445AB0A0AF1F173641583AB"; @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { //1. 获取请求 ServerHttpRequest request = exchange.getRequest(); //2. 则获取响应 ServerHttpResponse response = exchange.getResponse(); //3. 如果是登录请求则放行 if (request.getURI().getPath().contains("/UserLogin")) { return chain.filter(exchange); } //4. 获取请求头 HttpHeaders headers = request.getHeaders(); //5. 请求头中获取令牌 String token = headers.getFirst("Authorization"); //6. 判断请求头中是否有令牌 if (StringUtils.isEmpty(token)) { //7. 响应中放入返回的状态吗, 没有权限访问 response.setStatusCode(HttpStatus.UNAUTHORIZED); //8. 返回 return response.setComplete(); } token = token.toString().replace("Bearer ",""); //9. 如果请求头中有令牌则解析令牌 try { //校验token,不正确会报异常。 DecodedJWT verify = JwtUtil.verify(token); Map<String, Claim> claims = verify.getClaims(); var sysUserId = Integer.parseInt(claims.get("SysUserId").asString()); if (sysUserId > 0){ //其他判断,例如权限。 } } catch (Exception e) { e.printStackTrace(); //10. 解析jwt令牌出错, 说明令牌过期或者伪造等不合法情况出现 response.setStatusCode(HttpStatus.UNAUTHORIZED); //11. 返回 return response.setComplete(); } //12. 放行 return chain.filter(exchange); } @Override public int getOrder() { return 0; } }
第三步排除掉免登录的请求,其他请求都会校验登录票证。不通过就返回401状态码。
标签:令牌,return,SpringCloud,springframework,鉴权,token,org,import,Gateway From: https://www.cnblogs.com/xsj1989/p/18392891