Commit 137699f2 by chamberone

feat: 测试网关block问题

1 parent e9cd3989
......@@ -9,6 +9,9 @@ import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
......@@ -44,14 +47,14 @@ public class AuthFilter implements GlobalFilter, Ordered {
// 下面的代码从Http Header的Authorization中获取token,也可以从其他header,cookie等中获取,看客户端怎么传递token
HttpHeaders headers = exchange.getRequest().getHeaders();
String requestHeader = headers.getFirst("Authorization");
String authHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
// W3C的HTTP1.0规范: Authorization : <type> <authorization-parameters>
// Basic用于http-basic 认证;
// Bearer 常见于OAuth和JWT授权;
// AwS4-HMAC - SHA256 AwS授权
String authToken = null;
if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
authToken = requestHeader.substring(7);
if (authHeader != null && authHeader.startsWith("Bearer ")) {
authToken = authHeader.substring(7);
}
if (StringUtils.isEmpty(authToken)) {
authToken = exchange.getRequest().getQueryParams().getFirst("token");
......@@ -78,6 +81,8 @@ public class AuthFilter implements GlobalFilter, Ordered {
// builder.header("userId", userDTO.getId());
// // 向下游传递
// return chain.filter(exchange.mutate().request(builder.build()).build());
Authentication authentication = new UsernamePasswordAuthenticationToken(userDTO.getAccount(), null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
return chain.filter(exchange);
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!