当前位置:网站首页>RestTemplate、Feign实现Token传递
RestTemplate、Feign实现Token传递
2022-07-06 06:08:00 【雪峰.贵】
文章目录
Fegin 方式
客户端与服务端
一、加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
二、定义注解
public @interface CheckLogin {
}
三、定义切面
import com.itmuch.contentcenter.util.JwtOperator;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Aspect //切面注解
@Component
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class CheckLoginAspect {
private final JwtOperator jwtOperator;
//AOP的Advice(before,after returning,after throwing,around)的其中一个
@Around("@annotation(com.itmuch.contentcenter.auth.CheckLogin)")//加了@CheckLogin的方法都会走到这里
public Object checkLogin(ProceedingJoinPoint point) throws Throwable {
checkToken();
return point.proceed();
}
private void checkToken() {
try {
// 1. 从header里面获取token
HttpServletRequest request = getHttpServletRequest();
String token = request.getHeader("X-Token");
// 2. 校验token是否合法&是否过期;如果不合法或已过期直接抛异常;如果合法放行
Boolean isValid = jwtOperator.validateToken(token);
if (!isValid) {
throw new SecurityException("Token不合法!");
}
// 3. 如果校验成功,那么就将用户的信息设置到request的attribute里面
Claims claims = jwtOperator.getClaimsFromToken(token);
request.setAttribute("id", claims.get("id"));
request.setAttribute("wxNickname", claims.get("wxNickname"));
request.setAttribute("role", claims.get("role"));
} catch (Throwable throwable) {
throw new SecurityException("Token不合法");
}
}
private HttpServletRequest getHttpServletRequest() {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
return attributes.getRequest();
}
}
四、客户端创建Fegin的拦截器
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
public class TokenRelayRequestIntecepor implements RequestInterceptor {
@Override
public void apply(RequestTemplate requestTemplate) {
// 1. 从header里面获取token
HttpServletRequest request = getHttpServletRequest();
String token = request.getHeader("X-Token");
if(!StringUtils.isEmpty(token)){
requestTemplate.header("X-Token",token);
}
}
private HttpServletRequest getHttpServletRequest() {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
return attributes.getRequest();
}
}
四、客户端加配置
feign:
client:
config:
default: #全局
loggerLevel: full
requestInterceptors:
- com.itmuch.contentcenter.feignclient.interceptor.TokenRelayRequestIntecepor
五、测试
传入客户端token,token会通过Fegin的拦截器把token加上。
所有Fegin的接口都会带上token
RestTemplate方式
1.创建RestTemplate的拦截器
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
public class RestTemplateRequestInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] body, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest request = attributes.getRequest();
String token = request.getHeader("X-Token");
HttpHeaders headers = httpRequest.getHeaders();
headers.add("X-Token", token);
// 保证请求继续执行
return clientHttpRequestExecution.execute(httpRequest, body);
}
}
2.RestTemplate实例
@Bean
@LoadBalanced
@SentinelRestTemplate(
blockHandler = "handleBlock",
fallback = "handleFallback",
fallbackClass = SentinelBlockHandler.class,
blockHandlerClass = SentinelBlockHandler.class)
public RestTemplate restTemplate(){
//把配置的拦截器加到实例里
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(
Collections.singletonList(new RestTemplateRequestInterceptor())
);
return restTemplate;
}
边栏推荐
猜你喜欢
ICLR 2022 spotlight | analog transformer: time series anomaly detection method based on correlation difference
【微信小程序】搭建开发工具环境
全链路压测:构建三大模型
[postman] the monitors monitoring API can run periodically
技术分享 | 常见接口协议解析
Buuctf-[gxyctf2019] no dolls (xiaoyute detailed explanation)
IDEA 新UI使用
[course notes] Compilation Principle
【Postman】Collections配置运行过程
请求转发与重定向
随机推荐
黑猫带你学eMMC协议第10篇:eMMC读写操作详解(read & write)
【Postman】动态变量(也称Mock函数)
[web security] nodejs prototype chain pollution analysis
【微信小程序】搭建开发工具环境
Coordinatorlayout+nestedscrollview+recyclerview pull up the bottom display is incomplete
MySQL之基础知识
Usage of test macro of GTEST
HCIA复习
Expose the serial fraudster Liu Qing in the currency circle, and default hundreds of millions of Cheng Laolai
Idea new UI usage
[postman] collections configuration running process
Nodejs realizes the third-party login of Weibo
GTSAM中李群的運用
(中)苹果有开源,但又怎样呢?
Cannot create PoolableConnectionFactory (Could not create connection to database server. 错误
【C语言】qsort函数
[postman] dynamic variable (also known as mock function)
Baidu online AI competition - image processing challenge: the 8th program of handwriting erasure
Title 1093: character reverse order
Web界面元素的测试