1、引入jwt依赖
<dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.1</version></dependency>
2、Jwt工具类,生成token以及解析token
package com.niuniu.gateway.util;import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;import java.util.Date;
import java.util.HashMap;
import java.util.Map;public class JWTUtil {/*** 密钥*/private static final String jwtToken = "niuniu";public static String createToken(Long userId) {Map<String, Object> claims = new HashMap<>();claims.put("userId", userId);JwtBuilder jwtBuilder = Jwts.builder().signWith(SignatureAlgorithm.HS256, jwtToken) // 签发算法,密钥为jwtToken.setClaims(claims) // body数据,要唯一,自行设置.setIssuedAt(new Date()) // 设置签发时间.setExpiration(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 60 * 1000)); // 一天的有效时间String token = jwtBuilder.compact();return token;}public static Map<String, Object> checkToken(String token) {try {Jwt parse = Jwts.parser().setSigningKey(jwtToken).parse(token);return (Map<String, Object>) parse.getBody();} catch (Exception e) {e.printStackTrace();}return null;}public static Long parseToken(String token) {Map<String, Object> map = JWTUtil.checkToken(token);if (map != null && map.containsKey("userId")) {return Long.parseLong(String.valueOf(map.get("userId")));}return null;}/*** main方法验证一下工具类* @param args*/public static void main(String[] args) {String token = JWTUtil.createToken(1000L);System.out.println("生成的token" + token);System.out.println("解析token" + JWTUtil.checkToken(token));}}
3、网关微服务的依赖
<!-- 负载均衡 --><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-loadbalancer</artifactId></dependency><!--用于被nacos发现该服务 被gateway发现--><dependency><groupId>com.alibaba.cloud</groupId><artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId></dependency><!-- 网关 --><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-gateway</artifactId></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.1</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId></dependency>
4、网关微服务的application.yaml
spring:application:name: gateway-servicecloud:nacos:discovery:server-addr: localhost:8848gateway:routes:- id: order-serviceuri: lb://order-servicepredicates:- Path=/order-service/**- id: product-serviceuri: lb://product-servicepredicates:- Path=/product-service/**- id: user-serviceuri: lb://user-servicepredicates:- Path=/user-service/**
server:port: 8080servlet:context-path: /gateway-service
hm:auth:excludePaths: #不需要登录就能访问的路径- /user-service/user/login- /user-service/user/hello
所有的请求都请求到网关微服务,由网关微服务再映射到对应的微服务。
例如:http://localhost:8080/user-service/user/hello 不需要登录就能访问
登录代码,登录成功给前端返回token
/*** 登录成功给前端返回token* @param name* @param password* @return*/@GetMapping("/login")public Response login(@RequestParam(name = "name") String name, @RequestParam(name = "password") String password){// 1、参数是否合法if (StringUtil.isEmpty(name) || StringUtil.isEmpty(password)) {return Response.fail("用户名或密码不能为空");}// 2、用户是否存在User user = userMapper.login(name, password);// 3、用户不存在,登录失败if (user == null) {return Response.fail("用户不存在");}// 4、用户存在,使用jwt生成token返给前端String token = JWTUtil.createToken(user.getId());// 5、将token放入redis,设置有效期限为1分钟。String key = "token_" + token;redisTemplate.opsForValue().set(key, JSONObject.toJSONString(user),System.currentTimeMillis() + 5 * 60 * 1000L, TimeUnit.MILLISECONDS);return Response.ok(token);}
5、过滤器将token解析为userId,放到请求头里
package com.niuniu.gateway.filter;import com.niuniu.common.CommonConstant;
import com.niuniu.gateway.config.AuthProperties;
import com.niuniu.gateway.util.JWTUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;import javax.annotation.Resource;
import java.util.List;@Component
@RequiredArgsConstructor
public class AuthGlobalFilter implements GlobalFilter, Ordered {private final AuthProperties authProperties;private final AntPathMatcher antPathMatcher = new AntPathMatcher();private final RedisTemplate<String, String> redisTemplate;@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {// 1、获取requestServerHttpRequest request = exchange.getRequest();// 2、判断是否需要做登录拦截if (isExclude(request.getPath().toString())) {// 放行return chain.filter(exchange);}// 3、从请求中获取tokenString token = null;List<String> heads = request.getHeaders().get("token");if (heads != null && !heads.isEmpty()) {token = heads.get(0);}// 4、校验并解析tokenLong userId = JWTUtil.parseToken(token);if (userId == null) { // 解析失败ServerHttpResponse response = exchange.getResponse();response.setStatusCode(HttpStatus.UNAUTHORIZED);return response.setComplete();}// 如果登录超时,需要重新登录String key = CommonConstant.TOKEN_ + token;String value = redisTemplate.opsForValue().get(key);if (value == null) { // 登录超时ServerHttpResponse response = exchange.getResponse();response.setStatusCode(HttpStatus.UNAUTHORIZED);return response.setComplete();}// 5、传递用户信息ServerWebExchange swe = exchange.mutate().request(builder -> builder.header(CommonConstant.userInfo, userId.toString())).build();System.out.println("userId = " + userId);// 6、放行return chain.filter(swe);}@Overridepublic int getOrder() {return 0;}private Boolean isExclude(String path) {for (String excluedePath : authProperties.getExcludePaths()) {if ( antPathMatcher.match(excluedePath, path)) {return true;}}return false;}
}
6、拦截器将用户信息从请求头中取出来并解析,存放到ThreadLocal里
package com.niuniu.common.interceptors;import com.niuniu.common.CommonConstant;
import com.niuniu.common.utils.UserContext;
import jodd.util.StringUtil;
import org.springframework.lang.Nullable;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/*** 前端请求到网关微服务,网关微服务再映射到具体的微服务* 如果是微服务之间的调用,此种方式则不能传递用户信息*/
public class UserInfoInterceptor implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {String userInfo = request.getHeader(CommonConstant.userInfo);if (StringUtil.isNotEmpty(userInfo)) {UserContext.setUser(Long.parseLong(userInfo));}return true;}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {UserContext.removeUser();}
}
package com.niuniu.common.utils;public class UserContext {public static final ThreadLocal<Long> threadLocal = new ThreadLocal<>();public static void setUser(Long userId){threadLocal.set(userId);}public static Long getUser(){return threadLocal.get();}public static void removeUser(){threadLocal.remove();}
}
7、微服务间通过feign调用,传递用户信息。
package com.niuniu.common.config;import com.niuniu.common.CommonConstant;
import com.niuniu.common.utils.UserContext;
import feign.Logger;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.springframework.context.annotation.Bean;public class DefaultFeignConfig {@Beanpublic Logger.Level feignLogLevel(){return Logger.Level.FULL;}@Beanpublic RequestInterceptor userInfoRequestInterceptor(){return new RequestInterceptor() {@Overridepublic void apply(RequestTemplate requestTemplate) {Long userId = UserContext.getUser();if (userId != null) {requestTemplate.header(CommonConstant.userInfo, String.valueOf(userId));}}};}
}
package com.niuniu.user.feignclient;import com.niuniu.common.config.DefaultFeignConfig;
import com.niuniu.user.model.Order;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;import java.util.List;@Component
@FeignClient(value = "order-service", configuration = DefaultFeignConfig.class)
public interface OrderClient {@GetMapping(value = "/order-service/order/getOrdersByUserId")List<Order> getOrdersByUserId(@RequestParam("userId") Long userId);
}