萱草|记一次token安全认证的实践( 四 )
}
}
//不合法(响应未登录的异常)
ServerHttpResponseresponse=exchange.getResponse();
//设置headers
HttpHeadershttpHeaders=response.getHeaders();
httpHeaders.add("Content-Type","application/json;charset=UTF-8");
httpHeaders.add("Cache-Control","no-store,no-cache,must-revalidate,max-age=0");
//设置body
StringwarningStr="未授权的请求 , 请登录";
DataBufferbodyDataBuffer=response.bufferFactory().wrap(warningStr.getBytes());
returnresponse.writeWith(Mono.just(bodyDataBuffer));
};
}
publicstaticclassConfig{
//Puttheconfigurationpropertiesforyourfilterhere
}
}
编写config文件将JWT认证过滤器添加到Springbean中 。
@Configuration
publicclassAppConfig{
@Bean
publicJwtCheckGatewayFilterFactoryjwtCheckGatewayFilterFactory(){
returnnewJwtCheckGatewayFilterFactory();
}
}
此时我们就完成了整个token认证过程 , 其实简单的来说就是:
第一步:Auth工程配合用户登录生成token , 并将token和用户信息存储在redis中 。 第二步:在gayeway中编写JWT认证过滤器 , 用以校验用户请求中携带的token 。有图有真相
携带的其他过期的token是:
eyJhbGciOiJIUzI1NiJ9.eyJ1aWQiOjEsInN0YSI6MTU1NjQ1NjUwNzIwMiwiY29tcGFueUlkIjowLCJkZXB0SWQiOjEwMCwidXNlclR5cGUiOm51bGwsImV4cCI6MTU1Nzc1MjUwNzIwMn0._yF2TeaR4MTmF-Re9QciMZOeRKBOQmfvi3o4hWeGSMU
再携带错误的token试试看:
携带错误的token是:
eyJhbGciOiJIUzI1NiJ9.eyJ1aWQiOjEsInN0YSI6MTU1NjcxODU2Nzc3NCwiY29tcGFueUlkIjowLCJkZXB0SWQiOjEwMCwidXNlclR5cGUiOm51bGwsImV4cCI6MTU1ODAxNDU2Nzc3NH0.6oXx4Wk-eWHSWTHyJHmoiGowKnAmBdCHIRCzsMq5XlD
携带正确的token: