服务提供者过滤器
import java.util.Map;
import java.util.Objects;/*** @title ProviderTokenFilter* @description 服务提供者 token 验证* author zzw* version 1.0.0* create 2025/5/7 22:17**/
@Activate(group = CommonConstants.PROVIDER)
public class ProviderTokenFilter implements Filter {/*** token 字段名*/private static final String TOKEN_KEY = "TOKEN";/*** token 验证是否开启 字段名*/public static final String KEY_AUTH_ENABLED = "auth.enable";/*** token 值 字段名*/private static final String KEY_AUTH_TOKEN = "auth.token";@Overridepublic Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {// 未开启 token 验证时,直接调用方法if (!authEnable(invoker, invocation)) {return invoker.invoke(invocation);}// 获取请求参数中的 tokenString receiveToken = getTokenFromRequest(invocation);if (Objects.isNull(receiveToken)) {throw new RuntimeException("Receive token is null or empty, path: " +String.join(".", invoker.getInterface().getName(), invocation.getMethodName()));}// 获取服务提供方配置的 tokenString authToken = getTokenConfig(invoker, invocation);// 判断入参token和服务提供者配置是否一致if (!receiveToken.equals(authToken)) {throw new RuntimeException("Receive token is invalid, path: " +String.join(".", invoker.getInterface().getName(), invocation.getMethodName()));}// 验证通过后执行下一个过滤器或者执行最终方法return invoker.invoke(invocation);}/*** 获取服务提供方配置的token*/private String getTokenConfig(Invoker<?> invoker, Invocation invocation) {return invoker.getUrl().getParameter(KEY_AUTH_TOKEN);}/*** 获取请求参数中的 token*/private String getTokenFromRequest(Invocation invocation) {Map<String, Object> attachments = invocation.getObjectAttachments();if (null == attachments || Objects.isNull(attachments.get(TOKEN_KEY))) {return null;}return attachments.get(TOKEN_KEY).toString();}/*** 判断 TOKEN 开关是否开启** @return true:开启;false:未开启*/private boolean authEnable(Invoker<?> invoker, Invocation invocation) {return invoker.getUrl().getParameter(KEY_AUTH_ENABLED, false);}}
服务提供者服务配置
@DubboService(validation = "true", parameters = {"auth.enable:true", "auth.token:123456"})
public class UserServiceImpl implements UserService {@Overridepublic BaseResult<String> registerUser(UserDTO userDTO) {return BaseResult.success("用户注册成功:" + userDTO.getUsername());}
}
服务提供者过滤器配置
META-INF/dubbo/org.apache.dubbo.rpc.Filter
providerToken=com.doudou.filter.ProviderTokenFilter
服务消费者过滤器
@Activate(group = CommonConstants.CONSUMER)
public class ConsumerTokeFilter implements Filter {/*** token 字段名*/private static final String TOKEN_KEY = "TOKEN";/*** token 值 字段名*/private static final String KEY_AUTH_TOKEN = "auth.token";@Overridepublic Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {// 获取服务消费者配置的tokenString authToken = getTokenConfig(invoker, invocation);if (Objects.nonNull(authToken)) {// 如果配置了token,放入到请求对象中invocation.setAttachment(TOKEN_KEY, authToken);}// 执行后续操作return invoker.invoke(invocation);}/*** 获取消费者提供方配置的token*/private String getTokenConfig(Invoker<?> invoker, Invocation invocation) {return invoker.getUrl().getParameter(KEY_AUTH_TOKEN);}
}
服务消费者配置
@RestController
public class UserServiceController {@DubboReference(validation = "false", parameters = {"auth.token:123456"})private UserService userService;@PostMapping("/test")public BaseResult<String> test(@RequestBody UserDTO userDTO) {return userService.registerUser(userDTO);}
}
服务消费者过滤器配置
META-INF/dubbo/org.apache.dubbo.rpc.Filter
providerToken=com.doudou.filter.ProviderTokenFilter
 服务器恶意软件分析及防御)
