## 全局過濾器 全局過濾器作用于所有的路由，不需要單獨配置，我們可以用它來實現很多統一化處理的業務需求，比如權限認證，IP訪問限制等等。目前網關統一鑒權`AuthFilter.java`就是采用的全局過濾器。 單獨定義只需要實現`GlobalFilter`, `Ordered`這兩個接口就可以了。 ``` @Configuration @Slf4j public class AuthFilter implements GlobalFilter, Ordered { @Autowired private StringRedisTemplate redisTemplate; /** * 實現權限攔截方法 */ @Override public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) { ServerHttpRequest request = serverWebExchange.getRequest(); String url = request.getPath().pathWithinApplication().value(); log.debug("【網關權限攔截】.....url...."+url); String token = serverWebExchange.getRequest().getHeaders().getFirst(SecConstant.REQUEST_AUTH_HEADER); String versionNO = serverWebExchange.getRequest().getHeaders().getFirst(SecConstant.REQUEST_VERSION_HEADER); serverWebExchange.getRequest().mutate().header(SecConstant.HEADER_KEY_FEIGN_FROM, SecConstant.HEADER_VALUE_FEIGN_FROM).build(); //swagger文檔請求 放過 if (url.endsWith("v2/api-docs")){ return gatewayFilterChain.filter(serverWebExchange); } //未攜帶token或token在黑名單內 if (StringUtils.isBlank(token) ||isBlackToken(token)) { //跳過不需要驗證的路徑 //遠程配置文件獲取 String skipUrls = XxlConfClient.get("hjmall-gateway.skipauthurls", ""); String us[]=skipUrls.split(","); //本地配置文件獲取 //if(Arrays.asList(skipAuthUrls).contains(url)){ if(Arrays.asList(us).contains(url)){ return gatewayFilterChain.filter(serverWebExchange); }else{ ServerHttpResponse response = serverWebExchange.getResponse(); DataBuffer buffer=respMsg(response,"非法請求"); log.error("【網關權限攔截】.....非法請求url...."+url); return response.writeWith(Flux.just(buffer)); } } log.info("token................."+token); //驗證token數據合法性 Map tokenM= JwtUtil.verifyToken(token); if(tokenM==null||tokenM.isEmpty()||tokenM.get("code").equals(CodeUtil.error)||tokenM.get("code").equals(CodeUtil.token_invalid)){ log.error("【網關權限攔截】.....token驗證失敗 url...."+url); DataBuffer buffer=respMsg(serverWebExchange.getResponse(),"無效的Token"); return serverWebExchange.getResponse().writeWith(Flux.just(buffer)); } String account= MapUtils.getString(tokenM, SecConstant.ACCOUNT); if (StringUtils.isBlank(account)) { ServerHttpResponse response = serverWebExchange.getResponse(); DataBuffer buffer=respMsg(response,"非法請求"); log.error("【網關權限攔截】.....非法請求url...."+url); return response.writeWith(Flux.just(buffer)); } initHeaders(request.getHeaders()); if (request.getMethod() == HttpMethod.OPTIONS) { serverWebExchange.getResponse().setStatusCode(HttpStatus.OK); return Mono.empty(); } //將現在的request，添加當前身份 ServerHttpRequest mutableReq = serverWebExchange.getRequest().mutate().header(SecConstant.REQUEST_AUTH_HEADER_ACCOUNTID, account).build(); ServerWebExchange mutableExchange = serverWebExchange.mutate().request(mutableReq).build(); return gatewayFilterChain.filter(mutableExchange); } /** * 判斷token是否在黑名單內 */ private boolean isBlackToken(String token){ assert token != null; String blackListKey= XxlConfClient.get("hjmall-gateway.token.black.key", ""); return redisTemplate.hasKey(String.format(blackListKey, token)); } /** * 設置過濾器的執行順序 */ @Override public int getOrder() { return Ordered.LOWEST_PRECEDENCE; } ```