- 本文springboot版本:
2.0.2.RELEASE,springcloud版本:Finchley.RC1
项目使用zuul做api网关,需要在zuul中拦截请求,做统一的权限验证。
用户传来token,zuul拦截下来解析出用户信息,添加到本次请求中,后续服务可以直接使用用户信息。
之前试过重写request不行,后来发现可以用context.setRequestQueryParams()实现。
代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| @Component
public class PreRequestAuthFilter extends ZuulFilter {
private static final Logger logger = LoggerFactory.getLogger(PreRequestAuthFilter.class);
@Autowired
MemCachedClient memCachedClient;
@Override
public String filterType() {
return FilterConstants.PRE_TYPE;
}
@Override
public int filterOrder() {
return 1;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext context = RequestContext.getCurrentContext();
HttpServletRequest request = context.getRequest();
Map<String, List<String>> queryParams = new HashMap<>();
Object obj = memCachedClient.get(request.getParameter("token"));
if (null != obj) {
JSONObject userJson = JSONObject.parseObject((String) obj);
String userId = userJson.getString("userId");
String roleId = userJson.getString("roleId");
List<String> userIdList = new ArrayList<>();
userIdList.add(userId);
queryParams.put("userId", userIdList);
List<String> roleIdList = new ArrayList<>();
roleIdList.add(roleId);
queryParams.put("roleId", roleIdList);
}
context.setRequestQueryParams(queryParams);
return null;
}
}
|