1、若依后端gateway模块配置白名单

顾名思义,就是允许访问的地址。且无需登录就能访问。在ignore中设置whites,表示允许匿名访问。

1.1、在nacos中gateway配置文件中配置

1.2、代码

package com.ruoyi.gateway.filter;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.cloud.gateway.filter.GatewayFilterChain;

import org.springframework.cloud.gateway.filter.GlobalFilter;

import org.springframework.core.Ordered;

import org.springframework.http.server.reactive.ServerHttpRequest;

import org.springframework.stereotype.Component;

import org.springframework.web.server.ServerWebExchange;

import com.ruoyi.common.core.constant.CacheConstants;

import com.ruoyi.common.core.constant.HttpStatus;

import com.ruoyi.common.core.constant.SecurityConstants;

import com.ruoyi.common.core.constant.TokenConstants;

import com.ruoyi.common.core.utils.JwtUtils;

import com.ruoyi.common.core.utils.ServletUtils;

import com.ruoyi.common.core.utils.StringUtils;

import com.ruoyi.common.redis.service.RedisService;

import com.ruoyi.gateway.config.properties.IgnoreWhiteProperties;

import io.jsonwebtoken.Claims;

import reactor.core.publisher.Mono;

/**

* 网关鉴权

*

* @author ruoyi

*/

@Component

public class AuthFilter implements GlobalFilter, Ordered

{

private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);

// 排除过滤的 uri 地址,nacos自行添加

@Autowired

private IgnoreWhiteProperties ignoreWhite;

@Autowired

private RedisService redisService;

@Override

public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain)

{

ServerHttpRequest request = exchange.getRequest();

ServerHttpRequest.Builder mutate = request.mutate();

String url = request.getURI().getPath();

// 跳过不需要验证的路径

if (StringUtils.matches(url, ignoreWhite.getWhites()))

{

return chain.filter(exchange);

}

String token = getToken(request);

if (StringUtils.isEmpty(token))

{

return unauthorizedResponse(exchange, "令牌不能为空");

}

Claims claims = JwtUtils.parseToken(token);

if (claims == null)

{

return unauthorizedResponse(exchange, "令牌已过期或验证不正确!");

}

String userkey = JwtUtils.getUserKey(claims);

boolean islogin = redisService.hasKey(getTokenKey(userkey));

if (!islogin)

{

return unauthorizedResponse(exchange, "登录状态已过期");

}

String userid = JwtUtils.getUserId(claims);

String username = JwtUtils.getUserName(claims);

if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))

{

return unauthorizedResponse(exchange, "令牌验证失败");

}

// 设置用户信息到请求

addHeader(mutate, SecurityConstants.USER_KEY, userkey);

addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);

addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);

// 内部请求来源参数清除

removeHeader(mutate, SecurityConstants.FROM_SOURCE);

return chain.filter(exchange.mutate().request(mutate.build()).build());

}

private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)

{

if (value == null)

{

return;

}

String valueStr = value.toString();

String valueEncode = ServletUtils.urlEncode(valueStr);

mutate.header(name, valueEncode);

}

private void removeHeader(ServerHttpRequest.Builder mutate, String name)

{

mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();

}

private Mono unauthorizedResponse(ServerWebExchange exchange, String msg)

{

log.error("[鉴权异常处理]请求路径:{}", exchange.getRequest().getPath());

return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);

}

/**

* 获取缓存key

*/

private String getTokenKey(String token)

{

return CacheConstants.LOGIN_TOKEN_KEY + token;

}

/**

* 获取请求token

*/

private String getToken(ServerHttpRequest request)

{

String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION);

// 如果前端设置了令牌前缀,则裁剪掉前缀

if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))

{

token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);

}

return token;

}

@Override

public int getOrder()

{

return -200;

}

}

package com.ruoyi.gateway.config.properties;

import java.util.ArrayList;

import java.util.List;

import org.springframework.boot.context.properties.ConfigurationProperties;

import org.springframework.cloud.context.config.annotation.RefreshScope;

import org.springframework.context.annotation.Configuration;

/**

* 放行白名单配置

*

* @author ruoyi

*/

@Configuration

@RefreshScope

@ConfigurationProperties(prefix = "security.ignore")

public class IgnoreWhiteProperties

{

/**

* 放行白名单配置,网关不校验此处的白名单

*/

private List whites = new ArrayList<>();

public List getWhites()

{

return whites;

}

public void setWhites(List whites)

{

this.whites = whites;

}

}

启动代码并测试 已经走到了sytem模块中,并且没有进行登录;说明我们的配置已经生效

推荐链接

评论可见,请评论后查看内容,谢谢!!!
 您阅读本篇文章共花了: