1. 首頁
  2. 問答
  3. 使用spring rest模板傳播HTTP頭(JWT令牌)服務使用彈簧休息模板

使用spring rest模板傳播HTTP頭(JWT令牌)服務使用彈簧休息模板

2017-10-13 52 views

回答

0

我已經完成了任務,創建自定義過濾器

public class RequestFilter implements Filter{ 



    @Override 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 

     HttpServletRequest httpServletRequest = (HttpServletRequest) request; 
     String token = httpServletRequest.getHeader(RequestContext.REQUEST_HEADER_NAME); 

     if (token == null || "".equals(token)) { 
      throw new IllegalArgumentException("Can't retrieve JWT Token"); 
     } 

     RequestContext.getContext().setToken(token); 
     chain.doFilter(request, response); 

    } 

    @Override 
    public void destroy() { } 

    @Override 
    public void init(FilterConfig arg0) throws ServletException {} 


}

然後,在我的配置

@Bean 
public FilterRegistrationBean getPeticionFilter() { 

    FilterRegistrationBean registration = new FilterRegistrationBean(); 
    registration.setFilter(new RequestFilter()); 
    registration.addUrlPatterns("/*"); 
    registration.setName("requestFilter"); 

    return registration; 
}

考慮到這一點,我已經創建另一個類有一個ThreadLocal變量傳遞JWT設置從控制器到休息Templace攔截

public class RequestContext { 

public static final String REQUEST_HEADER_NAME = "Authorization"; 

private static final ThreadLocal<RequestContext> CONTEXT = new ThreadLocal<>(); 

private String token; 

public static RequestContext getContext() { 
    RequestContext result = CONTEXT.get(); 

    if (result == null) { 
     result = new RequestContext(); 
     CONTEXT.set(result); 
    } 

    return result; 
} 

public String getToken() { 
    return token; 
} 

public void setToken(String token) { 
    this.token = token; 
}

}

public class RestTemplateInterceptor implements ClientHttpRequestInterceptor{ 

@Override 
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException { 

    String token = RequestContext.getContext().getToken(); 

    request.getHeaders().add(RequestContext.REQUEST_HEADER_NAME, token); 

    return execution.execute(request, body); 

} 

}
令牌

添加攔截器的配置

@PostConstruct 
public void addInterceptors() { 
    List<ClientHttpRequestInterceptor> interceptors = restTemplate.getInterceptors(); 
    interceptors.add(new RestTemplateInterceptor()); 
    restTemplate.setInterceptors(interceptors); 
}

來源

2017-10-23 15:13:18 dragonalvaro

2

基本上你的令牌應該位於請求的頭部,例如:Authorization:Bearer。爲了得到它,你可以在你的控制器檢索由@RequestHeader()的任何標頭值:

@GetMapping("/someMapping") 
public String someMethod(@RequestHeader("Authorization") String token) { 

}

現在,你可以把令牌中的報頭中的以下請求:

HttpHeaders headers = new HttpHeaders(); 
headers.set("Authorization", token); 

HttpEntity<RestRequest> entityReq = new HttpEntity<RestRequest>(request, headers);

現在,你可以通過在HttpEntity您休息的模板:

template.exchange("RestSvcUrl", HttpMethod.POST, entityReq, SomeResponse.class);

希望我能幫助

來源

2017-10-14 16:11:42

+0

完全吻合。你可以使用任何頭文件。 – eis

+0

似乎非常穩固的解決方案,但它有點「手工工藝」。我正在尋找使用像ClientHttpRequestInterceptor這樣的攔截器的不同解決方案。但我不知道如何從那裏取回令牌。例如,TraceInterceptorConfiguration的sleuth庫也是這樣做的。不需要手動添加標題 – dragonalvaro

+0

或者您可以使用控制器通知(類級別註釋)而不是攔截器。你也有可能注入頭文件 –

相關問題

 相關問題