内容简介:本文主要研究一下dubbo的TokenFilterdubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.javadubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/TokenFilterTest.java
序
本文主要研究一下dubbo的TokenFilter
TokenFilter
dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.java
@Activate(group = CommonConstants.PROVIDER, value = TOKEN_KEY)
public class TokenFilter implements Filter {
@Override
public Result invoke(Invoker<?> invoker, Invocation inv)
throws RpcException {
String token = invoker.getUrl().getParameter(TOKEN_KEY);
if (ConfigUtils.isNotEmpty(token)) {
Class<?> serviceType = invoker.getInterface();
Map<String, String> attachments = inv.getAttachments();
String remoteToken = attachments == null ? null : attachments.get(TOKEN_KEY);
if (!token.equals(remoteToken)) {
throw new RpcException("Invalid token! Forbid invoke remote service " + serviceType + " method " + inv.getMethodName() + "() from consumer " + RpcContext.getContext().getRemoteHost() + " to provider " + RpcContext.getContext().getLocalHost());
}
}
return invoker.invoke(inv);
}
}
- TokenFilter实现了Filter接口,其invoke方法会判断invoker的URL中是否有token属性,如果该值不为空,则从attachments中获取remoteToken,然后对比两个token是否相同,不同则抛出RpcException,相同则执行invoker.invoke(inv)
实例
dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/TokenFilterTest.java
public class TokenFilterTest {
private TokenFilter tokenFilter = new TokenFilter();
@Test
public void testInvokeWithToken() throws Exception {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Map<String, String> attachments = new HashMap<String, String>();
attachments.put(TOKEN_KEY, token);
Invocation invocation = Mockito.mock(Invocation.class);
when(invocation.getAttachments()).thenReturn(attachments);
Result result = tokenFilter.invoke(invoker, invocation);
Assertions.assertEquals("result", result.getValue());
}
@Test
public void testInvokeWithWrongToken() throws Exception {
Assertions.assertThrows(RpcException.class, () -> {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Map<String, String> attachments = new HashMap<String, String>();
attachments.put(TOKEN_KEY, "wrongToken");
Invocation invocation = Mockito.mock(Invocation.class);
when(invocation.getAttachments()).thenReturn(attachments);
tokenFilter.invoke(invoker, invocation);
});
}
@Test
public void testInvokeWithoutToken() throws Exception {
Assertions.assertThrows(RpcException.class, () -> {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Invocation invocation = Mockito.mock(Invocation.class);
tokenFilter.invoke(invoker, invocation);
});
}
}
- 这里分别验证了使用正确的token,不对的token以及不带token的场景
小结
TokenFilter实现了Filter接口,其invoke方法会判断invoker的URL中是否有token属性,如果该值不为空,则从attachments中获取remoteToken,然后对比两个token是否相同,不同则抛出RpcException,相同则执行invoker.invoke(inv)
doc
以上所述就是小编给大家介绍的《聊聊dubbo的TokenFilter》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
