如何使用 WebFilter 实现授权 header 检查
How to implement authorization header checking using WebFilter
我是 Spring Webflux 的新手。我想使用 WebFilter 进行身份验证检查。所以,想法是拦截请求,检查授权 header,然后传播请求
这是我尝试做的。我已成功拦截请求并检查 header 是否正确。
public class AuthWebFilter implements WebFilter {
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
log.info("Request {} called", exchange.getRequest().getPath().value());
System.out.println("Tokent authenitcation..");
ServerHttpResponse response = exchange.getResponse();
getAuthorization(exchange.getRequest())
.doOnError(error -> exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
.subscribe(authorization -> System.out.println(authorization));
return chain.filter(exchange);
}
private Mono<String> getAuthorization(ServerHttpRequest request) {
String authorization = request.getHeaders().getFirst(Authorization);
if (StringUtils.isBlank(authorization)) {
return Mono.error(
new UnauthorizedException(
Status.Unauthorized, "The request must provide authorization.", null));
}
return Mono.just(authorization);
}
}
问题是如果发生错误我不知道如何中断流程。虽然状态代码更改为 401,但响应 body 仍然包含请求的数据。也就是算作请求成功,只是改变了状态码
有谁知道我在这里错过了哪一步?
像这样将您的代码组合成一条链:
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
log.info("Request {} called", exchange.getRequest().getPath().value());
System.out.println("Tokent authenitcation..");
ServerHttpResponse response = exchange.getResponse();
return getAuthorization(exchange.getRequest())
.doOnError(error -> exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
.then(chain.filter(exchange));
}
如果您的授权方法发出错误,将不会调用过滤器链。
我是 Spring Webflux 的新手。我想使用 WebFilter 进行身份验证检查。所以,想法是拦截请求,检查授权 header,然后传播请求
这是我尝试做的。我已成功拦截请求并检查 header 是否正确。
public class AuthWebFilter implements WebFilter {
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
log.info("Request {} called", exchange.getRequest().getPath().value());
System.out.println("Tokent authenitcation..");
ServerHttpResponse response = exchange.getResponse();
getAuthorization(exchange.getRequest())
.doOnError(error -> exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
.subscribe(authorization -> System.out.println(authorization));
return chain.filter(exchange);
}
private Mono<String> getAuthorization(ServerHttpRequest request) {
String authorization = request.getHeaders().getFirst(Authorization);
if (StringUtils.isBlank(authorization)) {
return Mono.error(
new UnauthorizedException(
Status.Unauthorized, "The request must provide authorization.", null));
}
return Mono.just(authorization);
}
}
问题是如果发生错误我不知道如何中断流程。虽然状态代码更改为 401,但响应 body 仍然包含请求的数据。也就是算作请求成功,只是改变了状态码
有谁知道我在这里错过了哪一步?
像这样将您的代码组合成一条链:
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
log.info("Request {} called", exchange.getRequest().getPath().value());
System.out.println("Tokent authenitcation..");
ServerHttpResponse response = exchange.getResponse();
return getAuthorization(exchange.getRequest())
.doOnError(error -> exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
.then(chain.filter(exchange));
}
如果您的授权方法发出错误,将不会调用过滤器链。