gateway 完成使用 TokenAuthenticationFilter 实现身份验证的功能

2022-06-04 19:14:35 +08:00
parent e5fed46ae1
commit bfb15aea09
8 changed files with 146 additions and 80 deletions
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java
@@ -1,8 +1,14 @@
 package cn.iocoder.yudao.gateway.util;

+import cn.hutool.core.map.MapUtil;
+import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;

+import java.util.Map;
+
 /**
 * 安全服务工具类
 *
@@ -12,9 +18,11 @@ import org.springframework.web.server.ServerWebExchange;
 */
 public class SecurityFrameworkUtils {

-    public static final String AUTHORIZATION_HEADER = "Authorization";
+    private static final String AUTHORIZATION_HEADER = "Authorization";

-    public static final String AUTHORIZATION_BEARER = "Bearer";
+    private static final String AUTHORIZATION_BEARER = "Bearer";
+
+    private static final String LOGIN_USER_HEADER = "login-user";

    private SecurityFrameworkUtils() {}

@@ -36,4 +44,21 @@ public class SecurityFrameworkUtils {
        return authorization.substring(index + 7).trim();
    }

+    /**
+     * 将访问令牌封装成 LoginUser，并设置到 login-user 的请求头，使用 json 存储值
+     *
+     * @param builder 请求
+     * @param token 访问令牌
+     */
+    public static void setLoginUserHeader(ServerHttpRequest.Builder builder, OAuth2AccessTokenCheckRespDTO token) {
+        // 构建 LoginUser 对象。由于 Gateway 没有 loginUser 类，所以使用 Map
+        Map<String, Object> loginUser = MapUtil.newHashMap(4);
+        loginUser.put("id", token.getUserId());
+        loginUser.put("userType", token.getUserType());
+        loginUser.put("tenantId", token.getTenantId());
+        loginUser.put("scopes", token.getScopes());
+        // 设置到 Header 中
+        builder.header(LOGIN_USER_HEADER, JsonUtils.toJsonString(loginUser));
+    }
+
 }
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/WebFrameworkUtils.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/WebFrameworkUtils.java
@@ -0,0 +1,41 @@
+package cn.iocoder.yudao.gateway.util;
+
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.web.server.ServerWebExchange;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Web 工具类
+ *
+ * copy from yudao-spring-boot-starter-web 的 WebFrameworkUtils 类
+ *
+ * @author 芋道源码
+ */
+public class WebFrameworkUtils {
+
+    @SuppressWarnings("UastIncorrectHttpHeaderInspection")
+    private static final String HEADER_TENANT_ID = "tenant-id";
+
+    private WebFrameworkUtils() {}
+
+    /**
+     * 将 Gateway 请求中的 header，设置到 HttpHeaders 中
+     *
+     * @param exchange Gateway 请求
+     * @param httpHeaders WebClient 的请求
+     */
+    public static void setTenantIdHeader(ServerWebExchange exchange, HttpHeaders httpHeaders) {
+        String tenantId = exchange.getRequest().getHeaders().getFirst(HEADER_TENANT_ID);
+        if (StrUtil.isNotEmpty(tenantId)) {
+            return;
+        }
+        httpHeaders.set(HEADER_TENANT_ID, tenantId);
+    }
+
+}