@Component
public class AuthFilter implements GlobalFilter, Ordered {
//配置不需校验的链接
//在yml中配置
//#自定义配置,定义不需要校验token的连接
//gateway:
// excludedUrls: /user/login,/user/loginVerification,/system/users/verification,/system/users/login
@Value("${gateway.excludeUrls}")
private List excludeUrls;
//过滤器核心业务代码
@Override
public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) {
for (String excludeUrl : excludeUrls) {
System.out.println(excludeUrl);
}
//1.排除不需校验的链接
String path = exchange.getRequest().getURI().getPath();//当前请求链接
System.out.println("url:"+path);
if(excludeUrls.contains(path)){
return chain.filter(exchange); //放行
}
//2.获取token并校验
String token = exchange.getRequest().getHeaders().getFirst("Authorization");
//token中可能还含有 "Bearer ",要去除
if(!StringUtils.isEmpty(token)){
token = token.replaceAll("Bearer ","");
}
boolean verifyToken = JwtUtils.verifyToken(token);
//3.校验失败,响应错误状态码:401
if(!verifyToken){
Map responseData = new HashMap<>();
responseData.put("errCode", 401);
responseData.put("errMessage", "用户未登录");
return responseError(exchange.getResponse(),responseData);//responseError对应下面的responseError方法
}
return chain.filter(exchange);
}
//响应错误数据
private Mono responseError(ServerHttpResponse response, Map responseData){
// 将信息转换为 JSON
ObjectMapper objectMapper = new ObjectMapper();
byte[] data = new byte[0];
try {
data = objectMapper.writevalueAsBytes(responseData);
} catch (JsonProcessingException e) {
e.printStackTrace();
}
// 输出错误信息到页面
DataBuffer buffer = response.bufferFactory().wrap(data);
response.setStatusCode(HttpStatus.UNAUTHORIZED);
response.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
return response.writeWith(Mono.just(buffer));
}
//配置执行顺寻
@Override
public int getOrder() {
return 0;
}
}
