feat: 测试网关block问题

chamberone
Commit 65963a94 authored Jul 12, 2023 by chamberone
Showing with 12 additions and 7 deletions
project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
--- a/project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
+++ b/project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
@@ -9,6 +9,9 @@ import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;

@@ -44,14 +47,14 @@ public class AuthFilter implements GlobalFilter, Ordered {

 		// 下面的代码从Http Header的Authorization中获取token，也可以从其他header,cookie等中获取，看客户端怎么传递token
 		HttpHeaders headers = exchange.getRequest().getHeaders();
-		String requestHeader = headers.getFirst("Authorization");
+		String authHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
 		// W3C的HTTP1.0规范: Authorization : <type> <authorization-parameters>
 		// Basic用于http-basic 认证;
 		// Bearer 常见于OAuth和JWT授权;
 		// AwS4-HMAC - SHA256 AwS授权
 		String authToken = null;
-		if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
-			authToken = requestHeader.substring(7);
+		if (authHeader != null && authHeader.startsWith("Bearer ")) {
+			authToken = authHeader.substring(7);
 		}
 		if (StringUtils.isEmpty(authToken)) {
 			authToken = exchange.getRequest().getQueryParams().getFirst("token");
@@ -62,10 +65,10 @@ public class AuthFilter implements GlobalFilter, Ordered {
 		UserLoginDTO userDTO = null;
 		if (StringUtils.isNotEmpty(authToken)) {
 			// 查询token对应的用户
-			Result<?> userResult = userService.getUserInfo(authToken);
-			if (ResultEnum.SUCCESS.getCode().equals(userResult.getCode())) {
-				userDTO = (UserLoginDTO) userResult.getResult();
-			}
+//			Result<?> userResult = userService.getUserInfo(authToken);
+//			if (ResultEnum.SUCCESS.getCode().equals(userResult.getCode())) {
+//				userDTO = (UserLoginDTO) userResult.getResult();
+//			}
 		}
 		if (userDTO == null) {
 			log.info("未授权访问{} ip:{}", url, getRemoteIP(exchange));
@@ -78,6 +81,8 @@ public class AuthFilter implements GlobalFilter, Ordered {
 //			builder.header("userId", userDTO.getId());
 //			// 向下游传递
 //			return chain.filter(exchange.mutate().request(builder.build()).build());
+			Authentication authentication = new UsernamePasswordAuthenticationToken(userDTO.getAccount(), null, null);
+			SecurityContextHolder.getContext().setAuthentication(authentication);
 		}

 		return chain.filter(exchange);