瀏覽代碼

解决拒绝直接访问服务唯一标识bug

songxinlu 3 年之前
父節點
當前提交
c284badd73

+ 8 - 1
bus-interceptor/src/main/java/com/lantone/interceptor/interceptor/HttpInterceptor.java

@@ -10,6 +10,7 @@ import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
 
 /**
  * @Description:
@@ -24,11 +25,17 @@ public class HttpInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
         String uuid = httpServletRequest.getHeader(AuthConstant.UUID);
+        String sessionId = httpServletRequest.getHeader(AuthConstant.SESSION_ID)+1;
         if (StringUtil.isNotBlank(uuid)) {
-            if (uuid.equals(redisService.get(AuthConstant.UUID))) {
+            if (uuid.equals(redisService.get(AuthConstant.UUID+":"+sessionId))) {
                 return true;
             }
         }
+        httpServletResponse.setCharacterEncoding("UTF-8");
+        httpServletResponse.setHeader("content-type", "text/html;charset=UTF-8");
+        httpServletResponse.setStatus(403);
+        PrintWriter out = httpServletResponse.getWriter();
+        out.println("该请求无效被拦截");
         return false;
     }
 

+ 1 - 0
common/src/main/java/com/lantone/common/constant/AuthConstant.java

@@ -73,6 +73,7 @@ public interface AuthConstant {
      * 网关UUID
      */
     String UUID = "UUID";
+    String SESSION_ID = "SESSIONID";
     /**
      * Token
      */

+ 5 - 2
gateway-service/src/main/java/com/lantone/filter/GateWayFilter.java

@@ -10,6 +10,7 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
+import org.springframework.web.server.WebSession;
 import reactor.core.publisher.Mono;
 
 /**
@@ -25,9 +26,11 @@ public class GateWayFilter implements WebFilter {
     public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
         //请求头添加uuid
         String uuid = UUidUtil.getUUid();
-        ServerHttpRequest request = exchange.getRequest().mutate().header(AuthConstant.UUID,uuid).build();
+        String sessionId = exchange.getSession().block().getId();
+        ServerHttpRequest request = exchange.getRequest().mutate().header(AuthConstant.UUID,uuid)
+                .header(AuthConstant.SESSION_ID,sessionId).build();
         exchange = exchange.mutate().request(request).build();
-        redisService.set(AuthConstant.UUID,uuid);
+        redisService.set(AuthConstant.UUID+":"+sessionId,uuid,5);
         return chain.filter(exchange);
     }
 }