13. User-Service - AuthorizationHeaderFilter 추가
- 📚 Spring/Spring Cloud
- 2023. 2. 13. 08:00
| User-Service - AuthorizationHeaderFilter 추가
ApiGatewayService에 AuthorizationHeaderFilter 추가
- 회원가입과 로그인은 Authenticate 필요가 없다
- id: user-service # user-service (GET)
uri: lb://USER-SERVICE
predicates:
- Path=/user-service/**
- Method=GET
filters:
- RemoveRequestHeader=Cookie
- RewritePath=/user-service/(?<segment>.*), /$\{segment}
- AuthorizationHeaderFilter
application.yml에 toekn 설정
token:
secret: user_token
AuthorizationHeaderFilter 추가
package com.example.apigatewayservice.filter;
import io.jsonwebtoken.Jwts;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@Component
@Slf4j
public class AuthorizationHeaderFilter extends AbstractGatewayFilterFactory<AuthorizationHeaderFilter.Config> {
Environment env;
public AuthorizationHeaderFilter(Environment env) {
super(Config.class);
this.env = env;
}
public static class Config {
}
// login -> token -> user(with token) ->
@Override
public GatewayFilter apply(AuthorizationHeaderFilter.Config config) {
//사용자로 부터 요청이오면 요청데이터 안에 Authorization 데이터가가 있는지 판단및 검증
return ((exchange, chain) -> {
ServerHttpRequest request = exchange.getRequest(); //사용자가 로그인했었더 토큰을받는다
if(!request.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)) {
return onError(exchange, "no authrization header", HttpStatus.UNAUTHORIZED);
}
//BearerToken
String authorizationHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION).get(0);
String jwt = authorizationHeader.replace("Bearer", "");
if(!isJwtValid(jwt)) {
return onError(exchange, "JWT token is not valid", HttpStatus.UNAUTHORIZED);
}
return chain.filter(exchange);
});
}
private boolean isJwtValid(String jwt) {
boolean returnValue = true;
String subject = null;
try {
subject = Jwts.parser().setSigningKey(env.getProperty("token.secret"))
.parseClaimsJws(jwt).getBody()
.getSubject();
} catch (Exception ex) {
returnValue = false;
}
if (subject == null || subject.isEmpty()) {
returnValue = false;
}
return returnValue;
}
private Mono<Void> onError(ServerWebExchange exchange, String err, HttpStatus httpStatus) {
ServerHttpResponse response = exchange.getResponse();
response.setStatusCode(httpStatus);
log.error(err);
return response.setComplete();
}
}
로그인 테스트
1. 로그인 성공
2. token
POSTMAN으로 테스트 시 결과가 나오지 않을 때
POSTMAN 테스트 시 response 쪽에 결과가 나오지 않을 때 아래 dependency 추가해야된다. 제대로 파싱이 되지 않아서 발생.
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>
'📚 Spring > Spring Cloud' 카테고리의 다른 글
[Error] JWT 구현 시 javax/xml/bind/DatatypeConverter 에러 대처법 (0) | 2023.05.04 |
---|---|
14. Spring Cloud Config / Actuator (0) | 2023.02.13 |
12. User-Service JWT 생성 (0) | 2023.02.12 |
11. User-Service에 인증권한 추가 (Authentication) (0) | 2023.02.05 |
10. Order-service와 Spring Cloud Gateway 연동 (0) | 2023.01.28 |