背景

将zuul网关作为认证入口,但是下游服务需要用户id,此时有两种解决方案。
1:将token 放入header中,在每次需要的时候去解析。(同时也是缺点,浪费资源)
2:在网关认证完成后,会获取到用户信息,将用户id放入参数中,若是本身也有userid,可以修改掉userid,同时也防止了登录用户获取到或修改其他用户的系统信息。(优点多,缺点有可能需要修改认证逻辑)

所以我们采用第二种(我设计的项目就是用的这种方案)

代码

注意,Get请求和post请求,分别修改的是url参数和body参数,所以两种处理方案是不一样的。以下分别为处理url参数和body参数的方案。

  1. import com.alibaba.fastjson.JSON;
  2. import com.boya.common.util.RequestUtils;
  3. import com.netflix.zuul.ZuulFilter;
  4. import com.netflix.zuul.context.RequestContext;
  5. import lombok.extern.slf4j.Slf4j;
  6. import org.apache.commons.lang3.StringUtils;
  7. import org.springframework.security.core.Authentication;
  8. import org.springframework.security.core.context.SecurityContext;
  9. import org.springframework.security.core.context.SecurityContextHolder;
  10. import org.springframework.stereotype.Component;
  12. import javax.servlet.http.HttpServletRequest;
  13. import java.util.ArrayList;
  14. import java.util.HashMap;
  15. import java.util.List;
  16. import java.util.Map;
  18. import static com.netflix.zuul.context.RequestContext.getCurrentContext;
  20. @Component
  21. @Slf4j
  22. public class GetRequestFilter extends ZuulFilter {
  24.     //定义filter的类型,有pre、route、post、error四种
  25.     @Override
  26.     public String filterType() {
  27.         return "route";
  28.     }
  30.     //定义filter的顺序,数字越小表示顺序越高,越先执行
  31.     @Override
  32.     public int filterOrder() {
  33.         return 6;
  34.     }
  36.     //表示是否需要执行该filter,true表示执行,false表示不执行
  37.     @Override
  38.     public boolean shouldFilter() {
  39.         HttpServletRequest req = RequestContext.getCurrentContext().getRequest();
  40.         if (StringUtils.equalsIgnoreCase(req.getMethod(), "get")) {
  41.             log.info("Get 请求的url : " + req.getRequestURI().toString());
  42.             return true;
  43.         }
  44.         return false;
  46.     }
  48.     public Object run() {
  49.         SecurityContext context = SecurityContextHolder.getContext();
  50.         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
  51.         String currentPrincipalName = authentication.getName();
  53.         RequestContext ctx = getCurrentContext();
  54.         HttpServletRequest request = ctx.getRequest();
  55.         if (log.isDebugEnabled()) {
  56.             log.debug(String.format("当前用户: %s", currentPrincipalName));
  57.             log.debug(String.format("%s >>> %s", request.getMethod(), request.getRequestURL().toString()));
  58.         }
  60.         Map<String, String[]> requestParameterMap = request.getParameterMap();
  61.         if (log.isDebugEnabled()) {
  62.             log.debug(String.format("header  参数   >>> %s", JSON.toJSONString(RequestUtils.getHeaders(request))));
  63.             log.debug(String.format("request 参数 >>> %s", JSON.toJSONString(requestParameterMap)));
  64.         }
  67.         Map<String, List<String>> requestQueryParams = ctx.getRequestQueryParams();
  68.         if (requestQueryParams == null) {
  69.             requestQueryParams = new HashMap<>();
  70.         }
  71.         //将要新增的参数添加进去,被调用的微服务可以直接 去取,就想普通的一样,框架会直接注入进去
  72.         ArrayList<String> arrayList = new ArrayList<>();
  73.         arrayList.add(currentPrincipalName);
  74.         requestQueryParams.put("userId", arrayList);
  76.         ctx.setRequestQueryParams(requestQueryParams);
  77.         return null;
  78.     }
  79. }
  1. import com.alibaba.fastjson.JSON;
  2. import com.alibaba.fastjson.JSONObject;
  3. import com.netflix.zuul.ZuulFilter;
  4. import com.netflix.zuul.context.RequestContext;
  5. import com.netflix.zuul.http.ServletInputStreamWrapper;
  6. import lombok.extern.slf4j.Slf4j;
  7. import org.apache.commons.lang3.StringUtils;
  8. import org.springframework.security.core.Authentication;
  9. import org.springframework.security.core.context.SecurityContext;
  10. import org.springframework.security.core.context.SecurityContextHolder;
  11. import org.springframework.stereotype.Component;
  12. import org.springframework.util.StreamUtils;
  14. import javax.servlet.ServletInputStream;
  15. import javax.servlet.http.HttpServletRequest;
  16. import javax.servlet.http.HttpServletRequestWrapper;
  17. import java.io.IOException;
  18. import java.io.InputStream;
  19. import java.nio.charset.Charset;
  20. import java.util.*;
  21. import java.util.stream.Collectors;
  23. import static com.netflix.zuul.context.RequestContext.getCurrentContext;
  25. @Component
  26. @Slf4j
  27. public class BodyParamerFilter extends ZuulFilter {
  29.     static String principalParamName = "userId";
  31.     //定义filter的类型,有pre、route、post、error四种
  32.     @Override
  33.     public String filterType() {
  34.         return "route";
  35.     }
  37.     //定义filter的顺序,数字越小表示顺序越高,越先执行
  38.     @Override
  39.     public int filterOrder() {
  40.         return 7;
  41.     }
  43.     //表示是否需要执行该filter,true表示执行,false表示不执行
  44.     @Override
  45.     public boolean shouldFilter() {
  46.         HttpServletRequest req = RequestContext.getCurrentContext().getRequest();
  47.         if (StringUtils.equalsIgnoreCase(req.getMethod(), "post") || StringUtils.equalsIgnoreCase(req.getMethod(), "post")) {
  48.             log.info("非Get请求的url = " + req.getRequestURI().toString());
  49.             return true;
  50.         }
  52.         return false;
  53.     }
  55.     public Object run() {
  56.         SecurityContext securityContext = SecurityContextHolder.getContext();
  57.         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
  58.         String currentPrincipalName = authentication.getName();
  60.         RequestContext context = getCurrentContext();
  61.         HttpServletRequest request = context.getRequest();
  62.         if (log.isDebugEnabled()) {
  63.             log.debug(String.format("当前用户: %s", currentPrincipalName));
  64.             log.debug(String.format("%s >>> %s", request.getMethod(), request.getRequestURL().toString()));
  65.         }
  67.         InputStream in = (InputStream) context.get("requestEntity");
  68.         if (in == null) {
  69.             try {
  70.                 in = context.getRequest().getInputStream();
  71.             } catch (IOException e) {
  72.                 e.printStackTrace();
  73.             }
  74.         }
  76.         log.info("accessToken:" + currentPrincipalName);
  77.         log.info("params:" + context.getRequestQueryParams());
  78.         log.info("contentLength:" + context.getRequest().getContentLength());
  79.         log.info("contentType:" + context.getRequest().getContentType());
  80.         Map<String, List<String>> requestQueryParams = context.getRequestQueryParams();
  81.         if (requestQueryParams == null) {
  82.             requestQueryParams = new HashMap<>();
  83.         } else {
  84.             requestQueryParams.remove(principalParamName);
  85.         }
  86.         if (!"anonymousUser".equalsIgnoreCase(currentPrincipalName)) {
  87.             //将要新增的参数添加进去,被调用的微服务可以直接 去取,就想普通的一样,框架会直接注入进去
  88.             ArrayList<String> arrayList = new ArrayList<>();
  89.             arrayList.add(currentPrincipalName);
  90.             requestQueryParams.put(principalParamName, arrayList);
  92.             context.setRequestQueryParams(requestQueryParams);
  93.         }
  95.         String contentType = request.getContentType();
  97.         String body = null;
  98.         try {
  99.             body = StreamUtils.copyToString(in, Charset.forName("UTF-8"));
  100.         } catch (IOException e) {
  101.             e.printStackTrace();
  102.         }
  103.         body = bodyParamModify(body, currentPrincipalName, contentType);
  104.         // context.set("requestEntity", new
  105.         // ByteArrayInputStream(body.getBytes("UTF-8")));
  106.         final byte[] reqBodyBytes = body.getBytes();
  107.         context.setRequest(new HttpServletRequestWrapper(getCurrentContext().getRequest()) {
  108.             @Override
  109.             public ServletInputStream getInputStream() throws IOException {
  110.                 return new ServletInputStreamWrapper(reqBodyBytes);
  111.             }
  113.             @Override
  114.             public int getContentLength() {
  115.                 return reqBodyBytes.length;
  116.             }
  118.             @Override
  119.             public long getContentLengthLong() {
  120.                 return reqBodyBytes.length;
  121.             }
  122.         });
  125.         return null;
  127.     }
  129.     private String bodyParamModify(String body, String principalName, String contentType) {
  130.         log.info("原始 body : " + body);
  131.         if (body == null) {
  132.             return principalParamName + "=" + principalName;
  133.         }
  134.         if (contentType.contains("application/json")) {
  135.             JSONObject json = JSON.parseObject(body);
  136.             json.remove(principalParamName);
  137.             json.put(principalParamName, principalName);
  138.             body = json.toJSONString();
  139.         } else if (contentType.contains("x-www-form-urlencoded")) {
  140.             body = Arrays.stream(body.split("&")).filter(s -> !s.startsWith(principalParamName)).collect(Collectors.joining("&"));
  141.             if (!StringUtils.equals(principalName, "anonymousUser")) {
  142.                 body += "&" + principalParamName + "=" + principalName;
  143.             }
  144.         }
  146.         log.info("转换后的body : " + body);
  147.         return body;
  148.     }
  150. }