当前位置:网站首页>RestTemplate、Feign实现Token传递
RestTemplate、Feign实现Token传递
2022-07-06 06:08:00 【雪峰.贵】
文章目录
Fegin 方式
客户端与服务端
一、加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
二、定义注解
public @interface CheckLogin {
}
三、定义切面
import com.itmuch.contentcenter.util.JwtOperator;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Aspect //切面注解
@Component
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class CheckLoginAspect {
private final JwtOperator jwtOperator;
//AOP的Advice(before,after returning,after throwing,around)的其中一个
@Around("@annotation(com.itmuch.contentcenter.auth.CheckLogin)")//加了@CheckLogin的方法都会走到这里
public Object checkLogin(ProceedingJoinPoint point) throws Throwable {
checkToken();
return point.proceed();
}
private void checkToken() {
try {
// 1. 从header里面获取token
HttpServletRequest request = getHttpServletRequest();
String token = request.getHeader("X-Token");
// 2. 校验token是否合法&是否过期;如果不合法或已过期直接抛异常;如果合法放行
Boolean isValid = jwtOperator.validateToken(token);
if (!isValid) {
throw new SecurityException("Token不合法!");
}
// 3. 如果校验成功,那么就将用户的信息设置到request的attribute里面
Claims claims = jwtOperator.getClaimsFromToken(token);
request.setAttribute("id", claims.get("id"));
request.setAttribute("wxNickname", claims.get("wxNickname"));
request.setAttribute("role", claims.get("role"));
} catch (Throwable throwable) {
throw new SecurityException("Token不合法");
}
}
private HttpServletRequest getHttpServletRequest() {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
return attributes.getRequest();
}
}
四、客户端创建Fegin的拦截器
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
public class TokenRelayRequestIntecepor implements RequestInterceptor {
@Override
public void apply(RequestTemplate requestTemplate) {
// 1. 从header里面获取token
HttpServletRequest request = getHttpServletRequest();
String token = request.getHeader("X-Token");
if(!StringUtils.isEmpty(token)){
requestTemplate.header("X-Token",token);
}
}
private HttpServletRequest getHttpServletRequest() {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
return attributes.getRequest();
}
}
四、客户端加配置
feign:
client:
config:
default: #全局
loggerLevel: full
requestInterceptors:
- com.itmuch.contentcenter.feignclient.interceptor.TokenRelayRequestIntecepor
五、测试
传入客户端token,token会通过Fegin的拦截器把token加上。
所有Fegin的接口都会带上token
RestTemplate方式
1.创建RestTemplate的拦截器
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
public class RestTemplateRequestInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] body, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes attributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest request = attributes.getRequest();
String token = request.getHeader("X-Token");
HttpHeaders headers = httpRequest.getHeaders();
headers.add("X-Token", token);
// 保证请求继续执行
return clientHttpRequestExecution.execute(httpRequest, body);
}
}
2.RestTemplate实例
@Bean
@LoadBalanced
@SentinelRestTemplate(
blockHandler = "handleBlock",
fallback = "handleFallback",
fallbackClass = SentinelBlockHandler.class,
blockHandlerClass = SentinelBlockHandler.class)
public RestTemplate restTemplate(){
//把配置的拦截器加到实例里
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(
Collections.singletonList(new RestTemplateRequestInterceptor())
);
return restTemplate;
}
边栏推荐
- [Thesis code] SML part code reading
- properties文件
- 假设检验学习笔记
- 公司视频加速播放
- Software test interview questions - Test Type
- 曼哈顿距离和-打印菱形
- The latest 2022 review of "graph classification research"
- Redis6 cluster setup
- [C language syntax] the difference between typedef struct and struct
- [wechat applet] build a development tool environment
猜你喜欢
Configuring OSPF GR features for Huawei devices
Fault, error, failure of functional safety
Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)
LAN communication process in the same network segment
(中)苹果有开源,但又怎样呢?
Gtest之TEST宏的用法
CoordinatorLayout+NestedScrollView+RecyclerView 上拉底部显示不全
Expose the serial fraudster Liu Qing in the currency circle, and default hundreds of millions of Cheng Laolai
Usage of test macro of GTEST
Analysis report on development trends and investment planning of China's methanol industry from 2022 to 2028
随机推荐
进程和线程的理解
Coordinatorlayout+nestedscrollview+recyclerview pull up the bottom display is incomplete
[postman] collections configuration running process
黑猫带你学eMMC协议第10篇:eMMC读写操作详解(read & write)
Novice entry SCM must understand those things
[postman] dynamic variable (also known as mock function)
【eolink】PC客户端安装
异常检测方法总结
養了只小猫咪
通过修改style设置打印页样式
Dynamic programming -- knapsack problem
功能安全之故障(fault),错误(error),失效(failure)
Network protocol model
HCIA复习
GTSAM中李群的运用
黑猫带你学UFS协议第8篇:UFS初始化详解(Boot Operation)
2022 software testing workflow to know
对数据安全的思考(转载)
在线问题与离线问题
Hongliao Technology: Liu qiangdong's "heavy hand"