序
本文主要研究一下 dubbo 的 TokenFilter
TokenFilter
dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.java
@Activate(group = CommonConstants.PROVIDER, value = TOKEN_KEY)
public class TokenFilter implements Filter {
@Override
public Result invoke(Invoker<?> invoker, Invocation inv)
throws RpcException {String token = invoker.getUrl().getParameter(TOKEN_KEY);
if (ConfigUtils.isNotEmpty(token)) {Class<?> serviceType = invoker.getInterface();
Map<String, String> attachments = inv.getAttachments();
String remoteToken = attachments == null ? null : attachments.get(TOKEN_KEY);
if (!token.equals(remoteToken)) {throw new RpcException("Invalid token! Forbid invoke remote service" + serviceType + "method" + inv.getMethodName() + "() from consumer" + RpcContext.getContext().getRemoteHost() + "to provider" + RpcContext.getContext().getLocalHost());
}
}
return invoker.invoke(inv);
}
}- TokenFilter 实现了 Filter 接口,其 invoke 方法会判断 invoker 的 URL 中是否有 token 属性,如果该值不为空,则从 attachments 中获取 remoteToken,然后对比两个 token 是否相同,不同则抛出 RpcException,相同则执行 invoker.invoke(inv)
实例
dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/TokenFilterTest.java
public class TokenFilterTest {private TokenFilter tokenFilter = new TokenFilter();
@Test
public void testInvokeWithToken() throws Exception {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Map<String, String> attachments = new HashMap<String, String>();
attachments.put(TOKEN_KEY, token);
Invocation invocation = Mockito.mock(Invocation.class);
when(invocation.getAttachments()).thenReturn(attachments);
Result result = tokenFilter.invoke(invoker, invocation);
Assertions.assertEquals("result", result.getValue());
}
@Test
public void testInvokeWithWrongToken() throws Exception {Assertions.assertThrows(RpcException.class, () -> {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Map<String, String> attachments = new HashMap<String, String>();
attachments.put(TOKEN_KEY, "wrongToken");
Invocation invocation = Mockito.mock(Invocation.class);
when(invocation.getAttachments()).thenReturn(attachments);
tokenFilter.invoke(invoker, invocation);
});
}
@Test
public void testInvokeWithoutToken() throws Exception {Assertions.assertThrows(RpcException.class, () -> {
String token = "token";
Invoker invoker = Mockito.mock(Invoker.class);
URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
when(invoker.getUrl()).thenReturn(url);
when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));
Invocation invocation = Mockito.mock(Invocation.class);
tokenFilter.invoke(invoker, invocation);
});
}
}- 这里分别验证了使用正确的 token,不对的 token 以及不带 token 的场景
小结
TokenFilter 实现了 Filter 接口,其 invoke 方法会判断 invoker 的 URL 中是否有 token 属性,如果该值不为空,则从 attachments 中获取 remoteToken,然后对比两个 token 是否相同,不同则抛出 RpcException,相同则执行 invoker.invoke(inv)
doc
- TokenFilter