概述

有的时候业务场景是不走正常路线的,业务场景千奇百怪的需求都有, 有的时候权限校验需要在网关那里统一鉴权,有的时候就需要下放到某个微服务去处理(不在网关那里统一鉴权)

通常我们调用的接口都是有权限控制的，很多时候可能认证的值是通过参数去传递的，还有就是通过请求头去传递认证信息，比如 Basic 认证方式。 接口鉴权

Feign 中我们可以直接配置 Basic 认证

@Configuration  // 全局配置
public class FeignConfig {
    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
        return new BasicAuthRequestInterceptor("fox", "123456");
    }
}

扩展点： feign.RequestInterceptor
每次 feign 发起http调用之前，会去执行拦截器中的逻辑。

public interface RequestInterceptor {
  /**
   * Called for every request. Add data using methods on the supplied {@link RequestTemplate}.
   */
  void apply(RequestTemplate template);
}

使用场景

1. 统一添加 header 信息；
2. 对 body 中的信息做修改或替换；

自定义拦截器实现认证逻辑

FeignConfig

package feigndemo.config;
import feigndemo.interceptor.FeignAuthRequestInterceptor;
import feign.Logger;
import feign.Request;
import feign.codec.Decoder;
import feign.codec.Encoder;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
 @Configuration  // 全局配置
public class FeignConfig {
     /**
      * 日志级别
      * 通过源码可以看到日志等级有 4 种，分别是：
      * NONE：不输出日志。
      * BASIC：只输出请求方法的 URL 和响应的状态码以及接口执行的时间。
      * HEADERS：将 BASIC 信息和请求头信息输出。
      * FULL：输出完整的请求信息。
      */
     @Bean
     public Logger.Level feignLoggerLevel() {
         return Logger.Level.FULL;
     }
    /**
     * 自定义拦截器
     * @return
     */
    @Bean
    public FeignAuthRequestInterceptor feignAuthRequestInterceptor(){
        return new FeignAuthRequestInterceptor();
    }
    @Bean
    public Request.Options options() {
        return new Request.Options(5000, 5000);
    }
    @Bean
    public Decoder decoder() {
        return new JacksonDecoder();
    }
    @Bean
    public Encoder encoder() {
        return new JacksonEncoder();
    }
}

FeignAuthRequestInterceptor

package feigndemo.interceptor;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import java.util.UUID;
public class FeignAuthRequestInterceptor implements RequestInterceptor {
    @Override
    public void apply(RequestTemplate template) {
        // 业务逻辑  模拟认证逻辑
        // 请求头携带token
        String access_token = "IAmToken"+UUID.randomUUID().toString();
        template.header("Authorization",access_token);
    }
}

这样在feign远程调用的时候自动将Authorization携带到header里面了,然后服务的被调用方就可以从header里面获取这个信息了

feign输出:

2022-01-13 12:18:04.322 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] ---> GET http://mall-order/order/findOrderByUserId/1 HTTP/1.1
2022-01-13 12:18:04.323 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] Authorization: IAmToken53ce45ea-dc4f-4908-9492-e4f6ac43c1c2
2022-01-13 12:18:04.323 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] ---> END HTTP (0-byte body)
2022-01-13 12:18:04.640 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] <--- HTTP/1.1 200 (314ms)
2022-01-13 12:18:04.640 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] connection: keep-alive
2022-01-13 12:18:04.640 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] content-type: application/json
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] date: Thu, 13 Jan 2022 04:18:04 GMT
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] keep-alive: timeout=60
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] transfer-encoding: chunked
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] 
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] {"msg":"success","code":0,"orders":[{"id":1,"userId":"1","commodityCode":"1","count":1,"amount":1}]}
2022-01-13 12:18:04.641 DEBUG 79432 --- [nio-8055-exec-1] feigndemo.feign.OrderFeignService        : [OrderFeignService#findOrderByUserId] <--- END HTTP (100-byte body)

服务提供者拦截器

当消费者调用这个服务提供者的时候,拦截器就可以在这里获取到header的token信息了.

@Slf4j
public class AuthInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        boolean flag = true;
        // 简单的认证逻辑  从请求头中获取Authorization
        String authorization = request.getHeader("Authorization");
        log.info("=========Authorization:"+authorization);
        if (StringUtils.isEmpty(authorization)){
            // 从请求参数中获取access_token
            String access_token = request.getParameter("access_token");
            if(StringUtils.isEmpty(access_token)){
                flag = false;
            }
        }
        return flag;
    }
}

代码地址

代码出自图灵学院, 我自己学完了做完作业又改造了一下.

https://gitee.com/zjj19941/ZJJ_Neaten5.10/tree/master/ZJJ_Feign/feign-interceptor

先执行sql脚本,自己准备一个nacos服务,然后修改配置文件配置,
最后,启动 com.order.MallOrderApplication 和 feigndemo.MallUserFeignDemoApplication
然后postman发起get请求: localhost:8055/user/findOrderByUserId/1
就能看到效果了

补充：可以在yml中配置

feign:
  client:
    config:
      mall-order:  #对应微服务
        requestInterceptors[0]:  #配置拦截器
          feigndemo.interceptor.FeignAuthRequestInterceptor