## 全局过滤器 全局过滤器作用于所有的路由，不需要单独配置，我们可以用它来实现很多统一化处理的业务需求，比如权限认证，IP访问限制等等。目前网关统一鉴权`AuthFilter.java`就是采用的全局过滤器。 单独定义只需要实现`GlobalFilter`, `Ordered`这两个接口就可以了。 ``` @Configuration @Slf4j public class AuthFilter implements GlobalFilter, Ordered { @Autowired private StringRedisTemplate redisTemplate; /** * 实现权限拦截方法 */ @Override public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) { ServerHttpRequest request = serverWebExchange.getRequest(); String url = request.getPath().pathWithinApplication().value(); log.debug("【网关权限拦截】.....url...."+url); String token = serverWebExchange.getRequest().getHeaders().getFirst(SecConstant.REQUEST_AUTH_HEADER); String versionNO = serverWebExchange.getRequest().getHeaders().getFirst(SecConstant.REQUEST_VERSION_HEADER); serverWebExchange.getRequest().mutate().header(SecConstant.HEADER_KEY_FEIGN_FROM, SecConstant.HEADER_VALUE_FEIGN_FROM).build(); //swagger文档请求 放过 if (url.endsWith("v2/api-docs")){ return gatewayFilterChain.filter(serverWebExchange); } //未携带token或token在黑名单内 if (StringUtils.isBlank(token) ||isBlackToken(token)) { //跳过不需要验证的路径 //远程配置文件获取 String skipUrls = XxlConfClient.get("hjmall-gateway.skipauthurls", ""); String us[]=skipUrls.split(","); //本地配置文件获取 //if(Arrays.asList(skipAuthUrls).contains(url)){ if(Arrays.asList(us).contains(url)){ return gatewayFilterChain.filter(serverWebExchange); }else{ ServerHttpResponse response = serverWebExchange.getResponse(); DataBuffer buffer=respMsg(response,"非法请求"); log.error("【网关权限拦截】.....非法请求url...."+url); return response.writeWith(Flux.just(buffer)); } } log.info("token................."+token); //验证token数据合法性 Map tokenM= JwtUtil.verifyToken(token); if(tokenM==null||tokenM.isEmpty()||tokenM.get("code").equals(CodeUtil.error)||tokenM.get("code").equals(CodeUtil.token_invalid)){ log.error("【网关权限拦截】.....token验证失败 url...."+url); DataBuffer buffer=respMsg(serverWebExchange.getResponse(),"无效的Token"); return serverWebExchange.getResponse().writeWith(Flux.just(buffer)); } String account= MapUtils.getString(tokenM, SecConstant.ACCOUNT); if (StringUtils.isBlank(account)) { ServerHttpResponse response = serverWebExchange.getResponse(); DataBuffer buffer=respMsg(response,"非法请求"); log.error("【网关权限拦截】.....非法请求url...."+url); return response.writeWith(Flux.just(buffer)); } initHeaders(request.getHeaders()); if (request.getMethod() == HttpMethod.OPTIONS) { serverWebExchange.getResponse().setStatusCode(HttpStatus.OK); return Mono.empty(); } //将现在的request，添加当前身份 ServerHttpRequest mutableReq = serverWebExchange.getRequest().mutate().header(SecConstant.REQUEST_AUTH_HEADER_ACCOUNTID, account).build(); ServerWebExchange mutableExchange = serverWebExchange.mutate().request(mutableReq).build(); return gatewayFilterChain.filter(mutableExchange); } /** * 判断token是否在黑名单内 */ private boolean isBlackToken(String token){ assert token != null; String blackListKey= XxlConfClient.get("hjmall-gateway.token.black.key", ""); return redisTemplate.hasKey(String.format(blackListKey, token)); } /** * 设置过滤器的执行顺序 */ @Override public int getOrder() { return Ordered.LOWEST_PRECEDENCE; } ```