聊聊dubbo的TokenFilter

序

本文主要研究一下dubbo的TokenFilter

TokenFilter

dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.java

@Activate(group = CommonConstants.PROVIDER, value = TOKEN_KEY)
public class TokenFilter implements Filter {

    @Override
    public Result invoke(Invoker<?> invoker, Invocation inv)
            throws RpcException {
        String token = invoker.getUrl().getParameter(TOKEN_KEY);
        if (ConfigUtils.isNotEmpty(token)) {
            Class<?> serviceType = invoker.getInterface();
            Map<String, String> attachments = inv.getAttachments();
            String remoteToken = attachments == null ? null : attachments.get(TOKEN_KEY);
            if (!token.equals(remoteToken)) {
                throw new RpcException("Invalid token! Forbid invoke remote service " + serviceType + " method " + inv.getMethodName() + "() from consumer " + RpcContext.getContext().getRemoteHost() + " to provider " + RpcContext.getContext().getLocalHost());
            }
        }
        return invoker.invoke(inv);
    }

}

• TokenFilter实现了Filter接口，其invoke方法会判断invoker的URL中是否有token属性，如果该值不为空，则从attachments中获取remoteToken，然后对比两个token是否相同，不同则抛出RpcException，相同则执行invoker.invoke(inv)

实例

dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/TokenFilterTest.java

public class TokenFilterTest {

    private TokenFilter tokenFilter = new TokenFilter();

    @Test
    public void testInvokeWithToken() throws Exception {
        String token = "token";

        Invoker invoker = Mockito.mock(Invoker.class);
        URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
        when(invoker.getUrl()).thenReturn(url);
        when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

        Map<String, String> attachments = new HashMap<String, String>();
        attachments.put(TOKEN_KEY, token);
        Invocation invocation = Mockito.mock(Invocation.class);
        when(invocation.getAttachments()).thenReturn(attachments);

        Result result = tokenFilter.invoke(invoker, invocation);
        Assertions.assertEquals("result", result.getValue());
    }

    @Test
    public void testInvokeWithWrongToken() throws Exception {
        Assertions.assertThrows(RpcException.class, () -> {
            String token = "token";

            Invoker invoker = Mockito.mock(Invoker.class);
            URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
            when(invoker.getUrl()).thenReturn(url);
            when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

            Map<String, String> attachments = new HashMap<String, String>();
            attachments.put(TOKEN_KEY, "wrongToken");
            Invocation invocation = Mockito.mock(Invocation.class);
            when(invocation.getAttachments()).thenReturn(attachments);

            tokenFilter.invoke(invoker, invocation);
        });
    }

    @Test
    public void testInvokeWithoutToken() throws Exception {
        Assertions.assertThrows(RpcException.class, () -> {
            String token = "token";

            Invoker invoker = Mockito.mock(Invoker.class);
            URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
            when(invoker.getUrl()).thenReturn(url);
            when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

            Invocation invocation = Mockito.mock(Invocation.class);

            tokenFilter.invoke(invoker, invocation);
        });
    }
}

• 这里分别验证了使用正确的token，不对的token以及不带token的场景

小结

TokenFilter实现了Filter接口，其invoke方法会判断invoker的URL中是否有token属性，如果该值不为空，则从attachments中获取remoteToken，然后对比两个token是否相同，不同则抛出RpcException，相同则执行invoker.invoke(inv)

doc

• TokenFilter