java source code of AccessGatewayFilter

SpringCloud-master
- .github
  - ISSUE_TEMPLATE
    - feature_request.md
    - bug_report.md
  - workflows
    - maven.yml
- gateway
  - pom.xml
  - gateway-web
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        gateway
        config
        RequestRateLimiterConfig.java
        SwaggerProvider.java
        BusConfig.java
        DefaultRedisRateLimiter.java
        SwaggerHandler.java
        service
        impl
        RouteService.java
        PermissionService.java
        IRouteService.java
        IPermissionService.java
        exception
        CustomErrorWebExceptionHandler.java
        ExceptionAutoConfiguration.java
        GateWayExceptionHandlerAdvice.java
        GatewayApplication.java
        filter
        AccessGatewayFilter.java
        SwaggerHeaderFilter.java
        routes
        RedisRouteDefinitionRepository.java
        events
        BusReceiver.java
      - test
        resources
        application.yml
        java
        com
        springboot
        cloud
        gateway
        GatewayApplicationTests.java
    - pom.xml
    - readme.md
    - .gitignore
  - readme.md
  - gateway-admin
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        db
        db.sql
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        gateway
        admin
        dao
        GatewayRouteMapper.java
        entity
        po
        PredicateDefinition.java
        GatewayRoute.java
        FilterDefinition.java
        ov
        GatewayRouteVo.java
        form
        GatewayRouteQueryForm.java
        GatewayRouteForm.java
        param
        GatewayRouteQueryParam.java
        config
        MyMetaObjectHandler.java
        MybatisConfig.java
        SwaggerConfig.java
        MyRedisConfig.java
        BusConfig.java
        WebServerMvcConfigurerAdapter.java
        service
        impl
        GatewayRouteService.java
        IGatewayRouteService.java
        exception
        GlobalExceptionHandlerAdvice.java
        GatewayAdminApplication.java
        rest
        GatewayRouteController.java
        events
        EventSender.java
      - test
        resources
        application.yml
        java
        com
        springboot
        cloud
        gateway
        admin
        GatewayAdminApplicationTests.java
    - pom.xml
    - readme.md
    - .gitignore
- sysadmin
  - organization
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        sysadmin
        organization
        dao
        RoleMapper.java
        ResourceMapper.java
        MenuMapper.java
        GroupMapper.java
        UserMapper.java
        RoleResourceMapper.java
        UserRoleMapper.java
        PositionMapper.java
        entity
        po
        Resource.java
        UserRole.java
        Menu.java
        Role.java
        Position.java
        User.java
        RoleResource.java
        Group.java
        vo
        UserVo.java
        form
        RoleUpdateForm.java
        PositionQueryForm.java
        ResourceQueryForm.java
        UserQueryForm.java
        UserUpdateForm.java
        RoleForm.java
        PositionForm.java
        UserForm.java
        ResourceForm.java
        GroupForm.java
        MenuForm.java
        GroupQueryForm.java
        MenuQueryForm.java
        RoleQueryForm.java
        param
        PositionQueryParam.java
        GroupQueryParam.java
        RoleQueryParam.java
        MenuQueryParam.java
        ResourceQueryParam.java
        UserQueryParam.java
        config
        MyMetaObjectHandler.java
        MybatisConfig.java
        SwaggerConfig.java
        MyRedisConfig.java
        BusConfig.java
        WebServerMvcConfigurerAdapter.java
        service
        impl
        UserService.java
        UserRoleService.java
        ResourceService.java
        RoleResourceService.java
        PositionService.java
        RoleService.java
        MenuService.java
        GroupService.java
        IPositionService.java
        IMenuService.java
        IGroupService.java
        IRoleResourceService.java
        IResourceService.java
        IRoleService.java
        IUserRoleService.java
        IUserService.java
        exception
        OrganizationErrorType.java
        RoleNotFoundException.java
        GlobalExceptionHandlerAdvice.java
        UserNotFoundException.java
        OrganizationApplication.java
        rest
        UserController.java
        GroupController.java
        PositionController.java
        ResourceController.java
        MenuController.java
        RoleController.java
        events
        EventSender.java
    - pom.xml
  - db
    - db.sql
  - pom.xml
- pom.xml
- LICENSE
- common
  - web
    - src
      - main
        java
        com
        springboot
        cloud
        common
        web
        redis
        RedisConfig.java
        entity
        po
        BasePo.java
        vo
        BaseVo.java
        form
        BaseQueryForm.java
        BaseForm.java
        param
        BaseParam.java
        exception
        DefaultGlobalExceptionHandlerAdvice.java
        interceptor
        UserInterceptor.java
        handler
        PoMetaObjectHandler.java
      - test
        java
        com
        springboot
        cloud
        common
        web
        exception
        DefaultGlobalExceptionHandlerAdviceTest.java
        interceptor
        UserInterceptorTest.java
    - pom.xml
    - readme.md
  - pom.xml
  - test
    - src
      - main
        java
        com
        springboot
        cloud
        common
        test
        PrivateHelper.java
      - test
        java
        com
        springboot
        cloud
        common
        test
        PrivateObject.java
        PrivateHelperTest.java
    - pom.xml
    - readme.md
  - core
    - src
      - main
        java
        com
        springboot
        cloud
        common
        core
        entity
        vo
        Result.java
        util
        UserContextHolder.java
        exception
        SystemErrorType.java
        ServiceException.java
        ErrorType.java
        BaseException.java
    - pom.xml
    - readme.md
    - .gitignore
- webapps
  - pom.xml
  - webapp-parent
    - pom.xml
- .gitattributes
- data
  - redis
    - .gitkeep
  - rabbitmq
    - .gitkeep
  - mysql
    - .gitkeep
  - kong
    - .gitkeep
- monitor
  - pom.xml
  - admin
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        admin
        AdminApplication.java
        SecurityConfig.java
      - test
        java
        com
        springboot
        admin
        ConsumerApplicationTests.java
    - pom.xml
    - .gitignore
  - readme.md
- docker-compose
  - .env
  - docker-compose.gateway.yml
  - docker-compose.nacos.yml
  - nacos
    - prometheus.yaml
  - docker-compose.auth.yml
  - devops
    - skywalking
      - config
        application.yml
        alarm-settings.yml
        log4j2.xml
        component-libraries.yml
    - kibana.yml
    - elasticsearch.yml
  - docker-compose.monitor.yml
  - moss
    - mysql
      - moss-init.sql
  - docker-compose.moss.yml
  - docker-compose.center.yml
  - readme.md
  - docker-compose.spring-gateway.yml
  - docker-compose.devops.yml
  - docker-compose.yml
  - init-db.sh
- demos
  - pom.xml
  - consumer-ribbon
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        java
        com
        springboot
        cloud
        demos
        ribbon
        RibbonConsumerApplication.java
        service
        ClassService.java
        rest
        ClassController.java
      - test
        java
        com
        springboot
        cloud
        demos
        ribbon
        RibbonConsumerApplicationTests.java
    - pom.xml
    - .gitignore
  - producer
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        db
        db.sql
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        demos
        producer
        dao
        ProductMapper.java
        entity
        po
        Product.java
        form
        ProductForm.java
        ProductQueryForm.java
        param
        ProductQueryParam.java
        task
        ScheduledTasks.java
        config
        MybatisConfig.java
        SwaggerConfig.java
        MyRedisConfig.java
        BusConfig.java
        WebServerMvcConfigurerAdapter.java
        service
        IProductService.java
        ProductService.java
        exception
        GlobalExceptionHandlerAdvice.java
        interceptor
        MyMetaObjectHandler.java
        ProducerApplication.java
        rest
        HelloController.java
        FooController.java
        ProductController.java
        events
        RabbitReceiver.java
        BusSender.java
        RedisSender.java
        RedisReceiver.java
        BusReceiver.java
        docs
        asciidoc
        html
        paths.html
        security.html
        definitions.html
        overview.html
        generated
        security.adoc
        overview.adoc
        paths.adoc
        definitions.adoc
      - test
        resources
        application.yml
        contracts
        HelloController.groovy
        java
        com
        springboot
        cloud
        demos
        producer
        service
        ProductServiceTests.java
        rest
        HelloControllerTests.java
        ProductControllerTests.java
        MvcMockTest.java
    - pom.xml
    - .gitignore
  - consumer-feign
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        java
        com
        springboot
        cloud
        demos
        feign
        service
        ClassService.java
        ClassServiceFallback.java
        FeignConsumerApplication.java
        rest
        ClassController.java
      - test
        resources
        application.yml
        java
        com
        springboot
        cloud
        demos
        feign
        ApplicationTests.java
        rest
        ClassControllerTest.java
    - pom.xml
    - .gitignore
  - producer-jpa
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        db
        db.sql
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        demos
        producer
        jpa
        dao
        ProductMapper.java
        entity
        po
        Product.java
        JpaBasePo.java
        exception
        GlobalExceptionHandlerAdvice.java
        ProducerApplication.java
      - test
        resources
        application.yml
        java
        com
        springboot
        cloud
        demos
        producer
        jpa
        rest
        ProductControllerTests.java
    - pom.xml
    - .gitignore
- install.sh
- .travis.yml
- readme.md
- auth
  - db
    - db.sql
  - pom.xml
  - authentication-client
    - src
      - main
        resources
        application.yml
        java
        com
        springboot
        cloud
        auth
        client
        provider
        AuthProvider.java
        config
        FeignOkHttpConfig.java
        service
        impl
        AuthService.java
        IAuthService.java
      - test
        java
        com
        springboot
        cloud
        auth
        client
        service
        impl
        AuthServiceTest.java
    - pom.xml
    - .gitignore
  - authorization-server
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        auth
        authorization
        provider
        OrganizationProvider.java
        OrganizationProviderFallback.java
        SmsCodeProviderFallback.java
        SmsCodeProvider.java
        entity
        Role.java
        User.java
        Oauth2AuthorizationApplication.java
        config
        WebServerSecurityConfig.java
        AuthorizationServerConfig.java
        oauth2
        CustomUserDetailsService.java
        MobileUserDetailsService.java
        enhancer
        CustomTokenEnhancer.java
        granter
        MobileTokenGranter.java
        MobileAuthenticationToken.java
        MobileAuthenticationProvider.java
        service
        impl
        UserService.java
        RoleService.java
        IRoleService.java
        IUserService.java
        exception
        CustomOauthException.java
        AuthErrorType.java
        CustomWebResponseExceptionTranslator.java
        CustomOauthExceptionSerializer.java
        GlobalExceptionHandlerAdvice.java
      - test
        resources
        application.yml
        java
        com
        springboot
        auth
        authorization
        ApplicationTests.java
    - pom.xml
    - readme.md
    - .gitignore
  - authentication-server
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        sysadmin
        organization
        entity
        po
        Resource.java
        auth
        authentication
        provider
        ResourceProviderFallback.java
        ResourceProvider.java
        Oauth2AuthenticationApplication.java
        config
        ResourceServerConfig.java
        BusConfig.java
        LoadResourceDefine.java
        service
        impl
        ResourceService.java
        AuthenticationService.java
        IAuthenticationService.java
        IResourceService.java
        NewMvcRequestMatcher.java
        rest
        HttpServletRequestAuthWrapper.java
        AuthenticationController.java
        events
        BusReceiver.java
      - test
        resources
        application.yml
        java
        com
        springboot
        cloud
        auth
        authentication
        service
        impl
        ResourceServiceTest.java
        AuthenticationServiceTest.java
        ApplicationTests.java
    - pom.xml
    - readme.md
    - .gitignore
  - readme.md
- .rancher-pipeline.yml
- .gitignore
- docs
  - register.md
  - development.md
  - pattern.md
  - auth
- center
  - pom.xml
  - bus
    - src
      - main
        resources
        application.yml
        bootstrap.yml
        docker
        Dockerfile
        java
        com
        springboot
        cloud
        center
        bus
        BusApplication.java
      - test
        java
        com
        springboot
        cloud
        center
        bus
        BusApplicationTests.java
    - pom.xml
    - readme.md
    - .gitignore

package com.springboot.cloud.gateway.filter;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.springboot.cloud.auth.client.service.IAuthService;
import com.springboot.cloud.gateway.service.IPermissionService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/**
 * 请求url权限校验
 */
@Configuration
@ComponentScan(basePackages = "com.springboot.cloud.auth.client")
@Slf4j
public class AccessGatewayFilter implements GlobalFilter {

    private static final String X_CLIENT_TOKEN_USER = "x-client-token-user";
    private static final String X_CLIENT_TOKEN = "x-client-token";

    /**
     * 由authentication-client模块提供签权的feign客户端
     */
    @Autowired
    private IAuthService authService;

    @Autowired
    private IPermissionService permissionService;

    /**
     * 1.首先网关检查token是否有效，无效直接返回401，不调用签权服务
     * 2.调用签权服务器看是否对该请求有权限，有权限进入下一个filter，没有权限返回401
     *
     * @param exchange
     * @param chain
     * @return
     */
    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        String authentication = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
        String method = request.getMethodValue();
        String url = request.getPath().value();
        log.debug("url:{},method:{},headers:{}", url, method, request.getHeaders());
        //不需要网关签权的url
        if (authService.ignoreAuthentication(url)) {
            return chain.filter(exchange);
        }

        //调用签权服务看用户是否有权限，若有权限进入下一个filter
        if (permissionService.permission(authentication, url, method)) {
            ServerHttpRequest.Builder builder = request.mutate();
            //TODO 转发的请求都加上服务间认证token
            builder.header(X_CLIENT_TOKEN, "TODO zhoutaoo添加服务间简单认证");
            //将jwt token中的用户信息传给服务
            builder.header(X_CLIENT_TOKEN_USER, getUserToken(authentication));
            return chain.filter(exchange.mutate().request(builder.build()).build());
        }
        return unauthorized(exchange);
    }

    /**
     * 提取jwt token中的数据，转为json
     *
     * @param authentication
     * @return
     */
    private String getUserToken(String authentication) {
        String token = "{}";
        try {
            token = new ObjectMapper().writeValueAsString(authService.getJwt(authentication).getBody());
            return token;
        } catch (JsonProcessingException e) {
            log.error("token json error:{}", e.getMessage());
        }
        return token;
    }

    /**
     * 网关拒绝，返回401
     *
     * @param
     */
    private Mono<Void> unauthorized(ServerWebExchange serverWebExchange) {
        serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
        DataBuffer buffer = serverWebExchange.getResponse()
                .bufferFactory().wrap(HttpStatus.UNAUTHORIZED.getReasonPhrase().getBytes());
        return serverWebExchange.getResponse().writeWith(Flux.just(buffer));
    }
}