博客介绍了在Zuul的前置过滤器中添加权限控制的方法,包括添加redis操作工具依赖以过滤特定url的权限,还需修改配置文件,添加zuul.sensitive-headers可忽略请求头数据,最后给出一个cookie工具类。
可以在Zuul的前置过滤器中添加权限控制。
添加 redis 操作工具依赖
<!--redis 操作队列-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
package com.hx.apigeteway.filter;
import com.hx.apigeteway.utils.CookieUtil;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
/**
* 权限校验
*/
@Component
public class AuthFilter extends ZuulFilter {
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Override
public String filterType() { //过滤器类型 属于前缀
return PRE_TYPE;
}
@Override
public int filterOrder() { //过滤器顺序 数字越小越靠前
return PRE_DECORATION_FILTER_ORDER - 1;
}
@Override
public boolean shouldFilter() { // 设置为true 代表这个过滤器是否生效
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext=RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
/**
* /order/create 只能买家访问(cookie里有openid)
* /order/finish 只能买家访问(cookie里面有token,redis里面有值)
* /product/list 都可访问
*/
if("/order/order/create".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "openid");
if(null==cookie||StringUtils.isEmpty(cookie.getValue())){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
if("/order/order/finish".equals(request.getRequestURI())){
Cookie cookie = CookieUtil.get(request, "token");
if(null==cookie
||StringUtils.isEmpty(cookie.getValue())
||StringUtils.isEmpty(stringRedisTemplate.opsForValue().get(String.format("token_%s",cookie.getValue())))){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.SC_UNAUTHORIZED);
}
}
return null;
}
}
这样就能过滤这2个特别要求的url的权限控制。
不过还需要修改配置文件。
server:
port: 8096
zuul:
# 全部服务都忽略敏感头(全部服务都可以使用cookie)
sensitive-headers:
routes:
aaa:
path: /myPruduct/**
serviceId: product
# 不拦截请求头
sensitiveHeaders:
# 简单配置
# product: /myPruduct/**
# 排除某些路由,让外面访问不到这些。此处是正则表达
ignored-patterns:
- /**/product/listForOrder
management:
endpoints:
web:
exposure:
exclude: env,beans
jmx:
exposure:
include: health,info
spring:
redis:
host: localhost
port: 6379
添加 zuul.sensitive-headers: 可以忽略请求头的数据。
下面的是一个cookie的工具类
package com.hx.apigeteway.utils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CookieUtil {
/**
* 设置cookie
*
* @param response 请求响应
* @param name cookie 名
* @param value cookie 值
* @param maxAge 有效时间、毫秒
*/
public static void set(HttpServletResponse response, String name, String value, int maxAge) {
Cookie cookie = new Cookie(name, value);
cookie.setPath("/");
cookie.setMaxAge(maxAge);
response.addCookie(cookie);
}
/**
* 获取cookie
*
* @param request
* @param token
* @return
*/
public static Cookie get(HttpServletRequest request, String token) {
if (null != token) {
Cookie[] cookies = request.getCookies();
if (cookies.length > 0) {
for (Cookie cookie : cookies) {
if (token.equals(cookie.getName())) {
return cookie;
}
}
}
}
return null;
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
