SpringCloud gateway request的body驗證或修改方式
SpringCloud gateway request的body驗證或修改
後續版本新增瞭以下過濾器
org.springframework.cloud.gateway.filter.headers.RemoveHopByHopHeadersFilter
默認會把以下頭部移除(暫不瞭解這做法的目的)
– connection
– keep-alive
– te
– transfer-encoding
– trailer
– proxy-authorization
– proxy-authenticate
– x-application-context
– upgrade
從而導致下面我們重寫getHeaders方法時添加的transfer-encoding頭部移除,導致無法解析body。
解決辦法:
在yml文件中配置自定義的頭部移除列表
spring:
cloud:
filter:
remove-hop-by-hop:
headers:
- connection
- keep-alive
- te
- trailer
- proxy-authorization
- proxy-authenticate
- x-application-context
- upgrade
源碼可見鏈接,且可實現動態路由配置:https://github.com/SingleTigger/SpringCloudGateway-Nacos-Demo
————原文————
往往業務中我們需要在網關對請求參數作修改操作(註意以下隻針對帶有body的請求),springcloud gateway中有提供一個
ModifyRequestBodyGatewayFilterFactory的filter,看瞭一下它的實現,需要指定輸入類型和輸出類型,比較局限。
我就參考它自己實現瞭一個攔截器
註意:上傳文件也帶有請求body,需特殊處理。
以下是主要代碼
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.cloud.gateway.support.BodyInserterContext;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.codec.HttpMessageReader;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.BodyInserter;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.server.HandlerStrategies;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BiFunction;
/**
* @author chenws
* @date 2019/12/12 09:33:53
*/
@Component
public class CModifyRequestBodyGatewayFilterFactory extends AbstractGatewayFilterFactory {
private final List<HttpMessageReader<?>> messageReaders;
public CModifyRequestBodyGatewayFilterFactory() {
this.messageReaders = HandlerStrategies.withDefaults().messageReaders();
}
@Override
@SuppressWarnings("unchecked")
public GatewayFilter apply(Object config) {
return (exchange, chain) -> {
ServerRequest serverRequest = ServerRequest.create(exchange,
this.messageReaders);
Mono<String> modifiedBody = serverRequest.bodyToMono(String.class)
.flatMap(originalBody -> modifyBody()
.apply(exchange,Mono.just(originalBody)));
BodyInserter bodyInserter = BodyInserters.fromPublisher(modifiedBody,
String.class);
HttpHeaders headers = new HttpHeaders();
headers.putAll(exchange.getRequest().getHeaders());
headers.remove(HttpHeaders.CONTENT_LENGTH);
CachedBodyOutputMessage outputMessage = new CachedBodyOutputMessage(exchange,
headers);
return bodyInserter.insert(outputMessage, new BodyInserterContext())
.then(Mono.defer(() -> {
ServerHttpRequest decorator = decorate(exchange, headers,
outputMessage);
return chain.filter(exchange.mutate().request(decorator).build());
}));
};
}
/**
* 修改body
* @return apply 返回Mono<String>,數據是修改後的body
*/
private BiFunction<ServerWebExchange,Mono<String>,Mono<String>> modifyBody(){
return (exchange,json)-> {
AtomicReference<String> result = new AtomicReference<>();
json.subscribe(
value -> {
//value 即為請求body,在此處修改
result.set(value);
System.out.println(result.get());
},
Throwable::printStackTrace
);
return Mono.just(result.get());
};
}
private ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers,
CachedBodyOutputMessage outputMessage) {
return new ServerHttpRequestDecorator(exchange.getRequest()) {
@Override
public HttpHeaders getHeaders() {
long contentLength = headers.getContentLength();
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.putAll(super.getHeaders());
if (contentLength > 0) {
httpHeaders.setContentLength(contentLength);
}
else {
httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
}
return httpHeaders;
}
@Override
public Flux<DataBuffer> getBody() {
return outputMessage.getBody();
}
};
}
}
SpringCloud Gateway獲取post請求體(request body)不完整解決方案
Spring Cloud Gateway做為網關服務,通過gateway進行請求轉發,在請求到達後端服務前我們可以通過filter進行一些預處理如:請求的合法性,商戶驗證等。
如我們在請求體中添加商戶ID(merId)和商戶KEY(merkey),通過此來驗證請求的合法性。但是如果我們請求內容太長如轉為base64的文件存儲請求。此時我們在filter獲取body內容就會被截取(太長的 Body 會被截斷)。目前網上也沒有好的解決方式。
springboot及Cloud版本如下;
| 版本 | |
|---|---|
| springboot | 2.0.8.RELEASE |
| springcloud | Finchley.SR2 |
這裡提供一種解決方式,相關代碼如下:
1.Requestfilter
我們采用Gateway網關的Gobalfilter,建立我們的第一個過濾器過濾所有請求。
1).通過Spring 5 的 WebFlux我們使用bodyToMono方法把響應內容轉換成類 String的對象,最終得到的結果是 Mono對象
2).bodyToMono方法我們可以拿到完整的body內容,並返回String。
3).我們生成唯一的token(通過UUID),並將token放入請求的header中。
4).將獲取到的完整body內容,存放到redis中。
@Component
public class RequestFilter implements GlobalFilter, Ordered {
@Autowired
private RedisClientTemplate redisClientTemplate;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
DefaultServerRequest req = new DefaultServerRequest( exchange );
String token = UUID.randomUUID().toString();
//向headers中放入token信息
ServerHttpRequest serverHttpRequest =exchange.getRequest().mutate().header("token", token)
.build();
//將現在的request變成change對象
ServerWebExchange build = exchange.mutate().request( serverHttpRequest ).build();
return req.bodyToMono( String.class ).map( str -> {
redisClientTemplate.setObjex( "microservice:gateway:".concat( token ), 180, str );
MySlf4j.textInfo( "請求參數:{0}", str );
return str;
} ).then( chain.filter( build ) );
}
@Override
public int getOrder() {
return 0;
}
}
2.MerchantAuthFilter
建立商戶認證過濾器,相關代碼如下:
1).獲取存儲在headers中的token。
2).通過token獲取我們存儲在redis中的body內容(WebFlux 中不能使用阻塞的操作,目前想到的是通過這種方式實現)。
3).獲取到完整的body內容後我們就可以進行相應的商戶認證操作。
4).認證通過,將信息重新寫入,不通過則返回異常信息。
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
/** 驗證商戶是否有權限訪問 */
ServerHttpRequest serverHttpRequest = exchange.getRequest();
String token = serverHttpRequest.getHeaders().get( "token" ).get( 0 );
String bodyStr = (String) redisClientTemplate.getObj("microservice:gateway:".concat(token));
BaseReqVo baseReqVo = JsonUtil.fromJson( bodyStr, BaseReqVo.class );
try {
// 商戶認證
BaseRespVo<?> baseRespVo = merchantAuthService.checkMerchantAuth( baseReqVo );
if (MicroserviceConstantParamUtils.RESULT_CODE_SUCC.equals( baseRespVo.getCode() )) {
// 若驗證成功,將信息重新寫入避免request信息消費後後續無法從request獲取信息的問題
URI uri = serverHttpRequest.getURI();
ServerHttpRequest request = serverHttpRequest.mutate().uri(uri).build();
DataBuffer bodyDataBuffer = stringBuffer(bodyStr);
Flux<DataBuffer> bodyFlux = Flux.just(bodyDataBuffer);
request = new ServerHttpRequestDecorator(request) {
@Override
public Flux<DataBuffer> getBody() {
return bodyFlux;
}
};
// 封裝request,傳給下一級
return chain.filter(exchange.mutate().request(request).build());
} else {
// 若驗證不成功,返回提示信息
return gatewayResponse( baseRespVo.getCode(), baseRespVo.getMessage(), exchange );
}
} catch (MicroserviceServiceException ex) {
// 若驗證不成功,返回提示信息
MySlf4j.textError( "商戶訪問權限驗證異常,異常代碼:{0},異常信息:{1}, 異常{2}", ex.getCode(), ex.getMessage(), ex );
return gatewayResponse( ex.getCode(), ex.getMessage(), exchange );
} catch (Exception ex) {
MySlf4j.textError( "商戶訪問權限驗證服務異常:{0}", LogUtil.ExceptionToString( ex ) );
return gatewayResponse( MicroserviceException.ERR_100000, "系統異常", exchange );
} finally {
redisClientTemplate.del( "microservice:gateway:".concat( token ) );
}
}
/**數據流處理方法*/
private DataBuffer stringBuffer(String value) {
byte[] bytes = value.getBytes( StandardCharsets.UTF_8 );
NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory( ByteBufAllocator.DEFAULT );
DataBuffer buffer = nettyDataBufferFactory.allocateBuffer( bytes.length );
buffer.write( bytes );
return buffer;
}
/**網關請求響應*/
private Mono<Void> gatewayResponse(String code, String message, ServerWebExchange exchange) {
// 若驗證不成功,返回提示信息
ServerHttpResponse response = exchange.getResponse();
BaseRespVo<T> baseRespVo = ResponseUtils.responseMsg( code, message, null );
byte[] bits = JsonUtil.toJson( baseRespVo ).getBytes( StandardCharsets.UTF_8 );
DataBuffer buffer = response.bufferFactory().wrap( bits );
response.setStatusCode( HttpStatus.UNAUTHORIZED );
// 指定編碼,否則在瀏覽器中會中文亂碼
response.getHeaders().add( "Content-Type", "text/plain;charset=UTF-8" );
return response.writeWith( Mono.just( buffer ) );
}
@Override
public int getOrder() {
return 1;
}
另外我們還可以通過GlobalFilter實現請求過濾,OAUTH授權,相關代碼如下:
請求方式驗證過濾器(RequestAuthFilter):
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest serverHttpRequest = exchange.getRequest();
String method = serverHttpRequest.getMethodValue();
if (!"POST".equals(method)) {
ServerHttpResponse response = exchange.getResponse();
BaseRespVo<T> baseRespVo = ResponseUtils.responseMsg(MicroserviceException.ERR_100008, "非法請求", null);
byte[] bits = JsonUtil.toJson(baseRespVo).getBytes(StandardCharsets.UTF_8);
DataBuffer buffer = response.bufferFactory().wrap(bits);
response.setStatusCode(HttpStatus.UNAUTHORIZED);
//指定編碼,否則在瀏覽器中會中文亂碼
response.getHeaders().add("Content-Type", "text/plain;charset=UTF-8");
return response.writeWith(Mono.just(buffer));
}
return chain.filter(exchange);
}
OAUTH授權過濾器(OAuthSignatureFilter):
/**授權訪問用戶名*/
@Value("${spring.security.user.name}")
private String securityUserName;
/**授權訪問密碼*/
@Value("${spring.security.user.password}")
private String securityUserPassword;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
/**oauth授權*/
String auth = securityUserName.concat(":").concat(securityUserPassword);
String encodedAuth = new sun.misc.BASE64Encoder().encode(auth.getBytes(Charset.forName("US-ASCII")));
String authHeader = "Basic " + encodedAuth;
//向headers中放授權信息
ServerHttpRequest serverHttpRequest = exchange.getRequest().mutate().header("Authorization", authHeader)
.build();
//將現在的request變成change對象
ServerWebExchange build = exchange.mutate().request(serverHttpRequest).build();
return chain.filter(build);
}
以上為個人經驗,希望能給大傢一個參考,也希望大傢多多支持WalkonNet。
推薦閱讀:
- springcloud gateway設置context-path的操作
- spring cloud gateway中如何讀取請求參數
- 網關Gateway過濾器的使用詳解
- Spring Cloud Gateway 獲取請求體(Request Body)的多種方法
- Java 如何解決跨域問題