Talk about dubbo’s TokenFilter

  dubbo

Order

This article mainly studies dubbo’s TokenFilter

TokenFilter

dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.java

@Activate(group = CommonConstants.PROVIDER, value = TOKEN_KEY)
public class TokenFilter implements Filter {

    @Override
    public Result invoke(Invoker<?> invoker, Invocation inv)
            throws RpcException {
        String token = invoker.getUrl().getParameter(TOKEN_KEY);
        if (ConfigUtils.isNotEmpty(token)) {
            Class<?> serviceType = invoker.getInterface();
            Map<String, String> attachments = inv.getAttachments();
            String remoteToken = attachments == null ? null : attachments.get(TOKEN_KEY);
            if (!token.equals(remoteToken)) {
                throw new RpcException("Invalid token! Forbid invoke remote service " + serviceType + " method " + inv.getMethodName() + "() from consumer " + RpcContext.getContext().getRemoteHost() + " to provider " + RpcContext.getContext().getLocalHost());
            }
        }
        return invoker.invoke(inv);
    }

}
  • TokenFilter implements the Filter interface, and its invoke method will determine whether there is a token attribute in the URL of the invoker. if the value is not empty, it will obtain the remoteToken from attachments, and then compare whether the two tokens are the same. if the two tokens are different, RpcException will be thrown, and if the two tokens are the same, invoke (invoke) will be executed.

Example

dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/TokenFilterTest.java

public class TokenFilterTest {

    private TokenFilter tokenFilter = new TokenFilter();

    @Test
    public void testInvokeWithToken() throws Exception {
        String token = "token";

        Invoker invoker = Mockito.mock(Invoker.class);
        URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
        when(invoker.getUrl()).thenReturn(url);
        when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

        Map<String, String> attachments = new HashMap<String, String>();
        attachments.put(TOKEN_KEY, token);
        Invocation invocation = Mockito.mock(Invocation.class);
        when(invocation.getAttachments()).thenReturn(attachments);

        Result result = tokenFilter.invoke(invoker, invocation);
        Assertions.assertEquals("result", result.getValue());
    }

    @Test
    public void testInvokeWithWrongToken() throws Exception {
        Assertions.assertThrows(RpcException.class, () -> {
            String token = "token";

            Invoker invoker = Mockito.mock(Invoker.class);
            URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
            when(invoker.getUrl()).thenReturn(url);
            when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

            Map<String, String> attachments = new HashMap<String, String>();
            attachments.put(TOKEN_KEY, "wrongToken");
            Invocation invocation = Mockito.mock(Invocation.class);
            when(invocation.getAttachments()).thenReturn(attachments);

            tokenFilter.invoke(invoker, invocation);
        });
    }

    @Test
    public void testInvokeWithoutToken() throws Exception {
        Assertions.assertThrows(RpcException.class, () -> {
            String token = "token";

            Invoker invoker = Mockito.mock(Invoker.class);
            URL url = URL.valueOf("test://test:11/test?accesslog=true&group=dubbo&version=1.1&token=" + token);
            when(invoker.getUrl()).thenReturn(url);
            when(invoker.invoke(any(Invocation.class))).thenReturn(new AppResponse("result"));

            Invocation invocation = Mockito.mock(Invocation.class);

            tokenFilter.invoke(invoker, invocation);
        });
    }
}
  • Here, the correct token, the wrong token and the scenario without token are verified respectively.

Summary

TokenFilter implements the Filter interface, and its invoke method will determine whether there is a token attribute in the URL of the invoker. if the value is not empty, it will obtain the remoteToken from attachments, and then compare whether the two tokens are the same. if the two tokens are different, RpcException will be thrown, and if the two tokens are the same, invoke (invoke) will be executed.

doc