防止微服務跳過網關直接訪問服務
原理:網關生成隨機的字符串 token 並保存在 redis 中,每次請求服務時,服務端都驗證請求頭上的 token,若請求頭上的 token 與 redis 中保存的字符串一致則放行,否則攔截!
- 網關生成 token(生成後保存在 redis,10 分鐘有效期)
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
@Configuration
public class TokenFilter implements GlobalFilter {
@Autowired
RedisTemplate<String, String> redisTemplate;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
String gatewayToken = redisTemplate.opsForValue().get("gatewayToken");
// 將gatewayToken保存至redis
if (gatewayToken == null) {
// 生成gatewayToken
gatewayToken = UUID.randomUUID().toString();
redisTemplate.opsForValue().set("gatewayToken", gatewayToken);
// 十分鐘有效期
redisTemplate.expire("gatewayToken", 10, TimeUnit.MINUTES);
}
// 寫入請求頭
ServerHttpRequest req = exchange.getRequest().mutate()
.header("from", gatewayToken).build();
return chain.filter(exchange.mutate().request(req.mutate().build()).build());
}
}- 服務端攔截器(用於驗證 token)
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
@Configuration
public class AdminGlobalInterceptor implements HandlerInterceptor {
@Autowired
RedisTemplate<String, String> redisTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
// 獲取當前請求頭from信息
String secretKey = request.getHeader("from");
// 獲取gatewayToken
String gatewayToken = redisTemplate.opsForValue().get("gatewayToken");
if(secretKey == null || !secretKey.equals(gatewayToken)) {
response.setContentType("application/json;charset=utf-8");
PrintWriter writer = response.getWriter();
writer.write("非法訪問!");
return false;
}
return true;
}
}本文由 Readfog 進行 AMP 轉碼,版權歸原作者所有。
來源:https://mp.weixin.qq.com/s/0p-lbDZeMjPA-wkmtd0T0w