增加token注入白名单功能
This commit is contained in:
ajaxfan
@ -5,26 +5,34 @@ import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.CURRENT_ROLE_CODE;
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_PREFIX;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import org.apache.commons.lang3.RegExUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import feign.RequestInterceptor;
|
||||
import feign.RequestTemplate;
|
||||
import lombok.Setter;
|
||||
|
||||
/**
|
||||
* 通过拦截器来为header注入token
|
||||
*/
|
||||
@Configuration
|
||||
@ConfigurationProperties(prefix = "ebtp.cloud")
|
||||
@ConditionalOnProperty(name = "ebtp.universal.feign.token.interceptor", havingValue = "true", matchIfMissing = true)
|
||||
public class FeignConfig implements RequestInterceptor {
|
||||
|
||||
/* 白名单(名单内请求不注入token) */
|
||||
private @Setter List<String> tokenWhiteList;
|
||||
|
||||
/**
|
||||
* @param template
|
||||
*/
|
||||
@ -33,6 +41,39 @@ public class FeignConfig implements RequestInterceptor {
|
||||
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
|
||||
|
||||
if (null != attributes) {
|
||||
if (isNonExistsWhiteList(template.url())) {
|
||||
injectToken(template, attributes);
|
||||
}
|
||||
|
||||
final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
|
||||
|
||||
// 检查请求头是否包含 currentRoleCode
|
||||
if (StringUtils.isNotEmpty(currentRoleCode)) {
|
||||
template.header(CURRENT_ROLE_CODE, currentRoleCode);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 非白名单内的请求都需要注入token
|
||||
*
|
||||
* @param url
|
||||
* @return
|
||||
*/
|
||||
private boolean isNonExistsWhiteList(String url) {
|
||||
if (Objects.nonNull(tokenWhiteList)) {
|
||||
return tokenWhiteList.stream().filter(rule -> StringUtils.contains(url, rule)).count() == 0;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* 请求中注入token
|
||||
*
|
||||
* @param template
|
||||
* @param attributes
|
||||
*/
|
||||
private void injectToken(RequestTemplate template, ServletRequestAttributes attributes) {
|
||||
final String header = attributes.getRequest().getHeader(AUTHORIZATION_HEADER);// 提取request头信息
|
||||
|
||||
// 检查请求头是否包含 Bearer 前缀
|
||||
@ -49,13 +90,6 @@ public class FeignConfig implements RequestInterceptor {
|
||||
});
|
||||
});
|
||||
}
|
||||
final String currentRoleCode = attributes.getRequest().getHeader(CURRENT_ROLE_CODE);// 提取request头信息
|
||||
|
||||
// 检查请求头是否包含 currentRoleCode
|
||||
if (StringUtils.isNotEmpty(currentRoleCode)) {
|
||||
template.header(CURRENT_ROLE_CODE, currentRoleCode);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user