优化Feign拦截器，增加access_token、username、roles、client等重要参数传递

261b74bd · zlt2000 · b5f71b95 · 261b74bd · 261b74bd · 261b74bd
6 changed file
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
        <security-jwt.version>1.0.9.RELEASE</security-jwt.version>
        <redisson.version>3.9.1</redisson.version>
        <kaptcha.version>0.0.9</kaptcha.version>
-        <hutool.version>4.3.1</hutool.version>
+        <hutool.version>4.6.1</hutool.version>
        <mybatis-plus-boot-starter.version>3.1.2</mybatis-plus-boot-starter.version>
        <aliyun-sdk-oss>3.4.2</aliyun-sdk-oss>
        <qiniu-java-sdk>7.2.18</qiniu-java-sdk>

--- a/zlt-business/file-center/src/main/java/com/central/FileCenterApp.java
+++ b/zlt-business/file-center/src/main/java/com/central/FileCenterApp.java
 package com.central;

+import com.central.common.ribbon.annotation.EnableFeignInterceptor;
 import com.central.file.properties.FileServerProperties;
-import com.central.file.properties.OssProperties;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -13,6 +13,7 @@ import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 */
 @EnableDiscoveryClient
 @EnableConfigurationProperties(FileServerProperties.class)
+@EnableFeignInterceptor
 @SpringBootApplication
 public class FileCenterApp {
    public static void main(String[] args) {

--- a/zlt-business/user-center/src/main/java/com/central/UserCenterApp.java
+++ b/zlt-business/user-center/src/main/java/com/central/UserCenterApp.java
 package com.central;

 import com.central.common.annotation.EnableLoginArgResolver;
+import com.central.common.ribbon.annotation.EnableFeignInterceptor;
 import com.central.search.annotation.EnableSearchClient;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
-import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.transaction.annotation.EnableTransactionManagement;

 /**
@@ -15,6 +15,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
 @EnableDiscoveryClient
 @EnableSearchClient
 @EnableTransactionManagement
+@EnableFeignInterceptor
 @SpringBootApplication
 public class UserCenterApp {
    public static void main(String[] args) {

--- a/zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/constant/CommonConstant.java
+++ b/zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/constant/CommonConstant.java
@@ -12,6 +12,13 @@ public interface CommonConstant {
     */
    String TOKEN_HEADER = "Authorization";

+    /**
+     * The access token issued by the authorization server. This value is REQUIRED.
+     */
+    String ACCESS_TOKEN = "access_token";
+
+    String BEARER_TYPE = "Bearer";
+
    /**
     * 标签 header key
     */

--- a/zlt-commons/zlt-ribbon-spring-boot-starter/pom.xml
+++ b/zlt-commons/zlt-ribbon-spring-boot-starter/pom.xml
@@ -29,9 +29,8 @@
            <artifactId>httpclient</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-oauth2</artifactId>
-            <optional>true</optional>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
        </dependency>
    </dependencies>
 </project>
--- a/zlt-commons/zlt-ribbon-spring-boot-starter/src/main/java/com/central/common/ribbon/config/FeignInterceptorConfig.java
+++ b/zlt-commons/zlt-ribbon-spring-boot-starter/src/main/java/com/central/common/ribbon/config/FeignInterceptorConfig.java
 package com.central.common.ribbon.config;

+import cn.hutool.core.util.StrUtil;
+import com.central.common.constant.CommonConstant;
+import com.central.common.constant.SecurityConstants;
 import feign.RequestInterceptor;
 import org.springframework.context.annotation.Bean;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Enumeration;

 /**
 * feign拦截器
@@ -16,21 +19,62 @@ import org.springframework.security.oauth2.provider.authentication.OAuth2Authent
 public class FeignInterceptorConfig {

    /**
-     * 使用feign client访问别的微服务时，将access_token放入参数或者header ，Authorization:Bearer xxx
-     * 或者url?access_token=xxx
+     * 使用feign client访问别的微服务时，将access_token、username、roles、client等信息放入header传递给下一个服务
     */
    @Bean
    public RequestInterceptor requestInterceptor() {
        RequestInterceptor requestInterceptor = template -> {
-            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-            if (authentication != null) {
-                if (authentication instanceof OAuth2Authentication) {
-                    OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
-                    String access_token = details.getTokenValue();
-                    template.header("Authorization", OAuth2AccessToken.BEARER_TYPE + " " + access_token);
-                }
+            ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder
+                    .getRequestAttributes();
+            HttpServletRequest request = attributes.getRequest();
+
+            //传递access_token
+            String token = extractHeaderToken(request);
+            if (StrUtil.isNotEmpty(token)) {
+                token = request.getParameter(CommonConstant.ACCESS_TOKEN);
+            }
+            if (StrUtil.isNotEmpty(token)) {
+                template.header(CommonConstant.TOKEN_HEADER, CommonConstant.BEARER_TYPE + " " + token);
+            }
+
+            //传递username
+            String username = request.getHeader(SecurityConstants.USER_HEADER);
+            if (StrUtil.isNotEmpty(username)) {
+                template.header(SecurityConstants.USER_HEADER, username);
+            }
+
+            //传递roles
+            String roles = request.getHeader(SecurityConstants.ROLE_HEADER);
+            if (StrUtil.isNotEmpty(roles)) {
+                template.header(SecurityConstants.ROLE_HEADER, roles);
+            }
+
+            //传递client
+            String client = request.getHeader(SecurityConstants.CLIENT_HEADER);
+            if (StrUtil.isNotEmpty(client)) {
+                template.header(SecurityConstants.CLIENT_HEADER, client);
            }
        };
        return requestInterceptor;
    }
+
+    /**
+     * 解析head中的token
+     * @param request
+     */
+    private static String extractHeaderToken(HttpServletRequest request) {
+        Enumeration<String> headers = request.getHeaders(CommonConstant.TOKEN_HEADER);
+        while (headers.hasMoreElements()) {
+            String value = headers.nextElement();
+            if ((value.toLowerCase().startsWith(CommonConstant.BEARER_TYPE.toLowerCase()))) {
+                String authHeaderValue = value.substring(CommonConstant.BEARER_TYPE.length()).trim();
+                int commaIndex = authHeaderValue.indexOf(',');
+                if (commaIndex > 0) {
+                    authHeaderValue = authHeaderValue.substring(0, commaIndex);
+                }
+                return authHeaderValue;
+            }
+        }
+        return null;
+    }
 }