feat($api-gateway): set HTTP header "X-Username"

johnnymillergh · Jun 8, 2021 · d83fe38 · d83fe38
1 parent 4c37cc4
commit d83fe38
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/...ava/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java b/...ava/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java
@@ -1,10 +1,8 @@
 package com.jmsoftware.maf.apigateway.security.impl;
 
 import cn.hutool.core.util.StrUtil;
-import cn.hutool.json.JSONUtil;
 import com.google.common.collect.Lists;
 import com.jmsoftware.maf.apigateway.remoteapi.AuthCenterRemoteApi;
-import com.jmsoftware.maf.common.bean.ResponseBodyBean;
 import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListPayload;
 import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListResponse;
 import com.jmsoftware.maf.common.domain.authcenter.permission.PermissionType;
@@ -22,11 +20,9 @@
 import org.springframework.security.web.server.authorization.AuthorizationContext;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
-import org.springframework.web.reactive.function.client.WebClient;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
-import javax.annotation.Resource;
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
@@ -112,6 +108,10 @@ public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, Au
                 if (checkRestfulAccess(buttonPermission, request)) {
                     log.info("Authorization success! Resource [{}] {} is accessible for user(username: {})",
                              request.getMethod(), request.getURI(), userPrincipal.getUsername());
+                    request
+                            .mutate()
+                            .headers(httpHeaders -> httpHeaders.set("X-Username", userPrincipal.getUsername()))
+                            .build();
                     return new AuthorizationDecision(true);
                 }
             }

diff --git a/...center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java b/...center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java
@@ -21,6 +21,8 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
@@ -101,6 +103,9 @@ public boolean logout(HttpServletRequest request) throws SecurityException {
 
     @Override
     public String getUserStatus(@Valid @NotNull GetUserStatusPayload payload) {
+        final ServletRequestAttributes servletRequestAttributes =
+                (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
+        log.info("getHeader: {}", servletRequestAttributes.getRequest().getHeader("X-Username"));
         return UserStatus.ofValue(payload.getStatus()).getDescription();
     }
 }