服务提供者过滤器
java
import java.util.Map;
import java.util.Objects;
/**
* @title ProviderTokenFilter
* @description 服务提供者 token 验证
* author zzw
* version 1.0.0
* create 2025/5/7 22:17
**/
@Activate(group = CommonConstants.PROVIDER)
public class ProviderTokenFilter implements Filter {
/**
* token 字段名
*/
private static final String TOKEN_KEY = "TOKEN";
/**
* token 验证是否开启 字段名
*/
public static final String KEY_AUTH_ENABLED = "auth.enable";
/**
* token 值 字段名
*/
private static final String KEY_AUTH_TOKEN = "auth.token";
@Override
public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {
// 未开启 token 验证时,直接调用方法
if (!authEnable(invoker, invocation)) {
return invoker.invoke(invocation);
}
// 获取请求参数中的 token
String receiveToken = getTokenFromRequest(invocation);
if (Objects.isNull(receiveToken)) {
throw new RuntimeException("Receive token is null or empty, path: " +
String.join(".", invoker.getInterface().getName(), invocation.getMethodName()));
}
// 获取服务提供方配置的 token
String authToken = getTokenConfig(invoker, invocation);
// 判断入参token和服务提供者配置是否一致
if (!receiveToken.equals(authToken)) {
throw new RuntimeException("Receive token is invalid, path: " +
String.join(".", invoker.getInterface().getName(), invocation.getMethodName()));
}
// 验证通过后执行下一个过滤器或者执行最终方法
return invoker.invoke(invocation);
}
/**
* 获取服务提供方配置的token
*/
private String getTokenConfig(Invoker<?> invoker, Invocation invocation) {
return invoker.getUrl().getParameter(KEY_AUTH_TOKEN);
}
/**
* 获取请求参数中的 token
*/
private String getTokenFromRequest(Invocation invocation) {
Map<String, Object> attachments = invocation.getObjectAttachments();
if (null == attachments || Objects.isNull(attachments.get(TOKEN_KEY))) {
return null;
}
return attachments.get(TOKEN_KEY).toString();
}
/**
* 判断 TOKEN 开关是否开启
*
* @return true:开启;false:未开启
*/
private boolean authEnable(Invoker<?> invoker, Invocation invocation) {
return invoker.getUrl().getParameter(KEY_AUTH_ENABLED, false);
}
}
服务提供者服务配置
java
@DubboService(validation = "true", parameters = {"auth.enable:true", "auth.token:123456"})
public class UserServiceImpl implements UserService {
@Override
public BaseResult<String> registerUser(UserDTO userDTO) {
return BaseResult.success("用户注册成功:" + userDTO.getUsername());
}
}
服务提供者过滤器配置
META-INF/dubbo/org.apache.dubbo.rpc.Filter
txt
providerToken=com.doudou.filter.ProviderTokenFilter
服务消费者过滤器
java
@Activate(group = CommonConstants.CONSUMER)
public class ConsumerTokeFilter implements Filter {
/**
* token 字段名
*/
private static final String TOKEN_KEY = "TOKEN";
/**
* token 值 字段名
*/
private static final String KEY_AUTH_TOKEN = "auth.token";
@Override
public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {
// 获取服务消费者配置的token
String authToken = getTokenConfig(invoker, invocation);
if (Objects.nonNull(authToken)) {
// 如果配置了token,放入到请求对象中
invocation.setAttachment(TOKEN_KEY, authToken);
}
// 执行后续操作
return invoker.invoke(invocation);
}
/**
* 获取消费者提供方配置的token
*/
private String getTokenConfig(Invoker<?> invoker, Invocation invocation) {
return invoker.getUrl().getParameter(KEY_AUTH_TOKEN);
}
}
服务消费者配置
java
@RestController
public class UserServiceController {
@DubboReference(validation = "false", parameters = {"auth.token:123456"})
private UserService userService;
@PostMapping("/test")
public BaseResult<String> test(@RequestBody UserDTO userDTO) {
return userService.registerUser(userDTO);
}
}
服务消费者过滤器配置
META-INF/dubbo/org.apache.dubbo.rpc.Filter
txt
providerToken=com.doudou.filter.ProviderTokenFilter