早上好。我在api网关和spring reactiveauthorizationmanager的上下文中。我必须提取body请求并过滤一些字段来实现请求的安全性（如果用户没有基于某些body字段值的权限，则不允许用户获得响应）。所以我先把尸体作为焊剂。然后我将其转换为inputstream，并使用ioutils将inputstream转换为字符串，这样我就可以用jsonpath提取一个字段，并将其用于实现安全性。在api gateway中，一切似乎都正常，我调试并获得了我期望的值，但是当权限检查全部成功，因此请求转到服务器微服务时，我得到了一个java.net.sockettimeoutexception。下面是将通量转换为输入流的代码：

static InputStream getInputStreamFromFluxDataBuffer(Flux<DataBuffer> data) throws IOException {
    PipedOutputStream osPipe = new PipedOutputStream();
    PipedInputStream isPipe = new PipedInputStream(osPipe);

    DataBufferUtils.write(data, osPipe)
            .subscribeOn(Schedulers.elastic())
            .doOnComplete(() -> {
                try {
                    osPipe.close();
                } catch (IOException ignored) {

                }
            })
            .subscribe(DataBufferUtils.releaseConsumer());
    return isPipe;
}

然后我检索请求主体，它是flux的一个示例，我使用这个方法来获得一个inputstream。因此，我将其转换为string以获取字符串形式的主体（我不想在api网关microservice中导入实体的模型）。

public static String getBodyAsString(AuthorizationContext authorizationContext) throws IOException {
    Flux<DataBuffer> body = authorizationContext.getExchange()
            .getRequest().getBody();

    InputStream inputStream = getInputStreamFromFluxDataBuffer(body);

   String bodyAsString = IOUtils.inputStreamAsString(inputStream, UTF_8.name());
    inputStream.close();

    return bodyAsString;

}

以下步骤包括检索主体的json值，我对使用jsonpath感兴趣：

public static String getFieldfromBody(String field, AuthorizationContext authorizationContext) throws IOException {
    String body =  getBodyAsString(authorizationContext);
    System.out.println(body);
    DocumentContext docCtx = JsonPath.parse(body);
    String JsonExp="$."+field;
    JsonPath jsonPath = JsonPath.compile(JsonExp);
    return docCtx.read(jsonPath);

}

然后我实现了安全性的业务逻辑：

@Component

公共类usermgtupdateuserreactiveauthorizationmanager实现reactiveauthorizationmanager{

@Override
public Mono<AuthorizationDecision> check(Mono<Authentication> authenticationMono, AuthorizationContext authorizationContext) {
    return authenticationMono.map( authentication -> Tuples.of(authentication.getAuthorities(),  (String) authentication.getPrincipal()))
            .map( authoritiesAndUserDetails -> {
                String roleValueField = null;
                String username = SecurityUtils.getUsernamePathVariable(authorizationContext);
                try {
                    roleValueField = SecurityUtils.getFieldfromBody("role", authorizationContext);
                } catch (Exception e) {
                    e.printStackTrace();
                }

                return new AuthorizationDecision(checkPermissions(authoritiesAndUserDetails, username, roleValueField));
            });
}

private static boolean checkPermissions(Tuple2<? extends Collection<? extends GrantedAuthority>, String> authoritiesAndUserDetails, String username, String role) {
    Collection<? extends GrantedAuthority> authorities = authoritiesAndUserDetails.getT1();
    String loggedUser = authoritiesAndUserDetails.getT2();
    if(loggedUser.equals(username))
        return false;
    if (StringUtils.isEmpty(role))
        return UserPermissionsUtils.hasUserUpdatePermission(authorities);
    else
        return UserPermissionsUtils.hasUserUpdateRole(authorities) && UserPermissionsUtils.hasUserUpdatePermission(authorities);
}

}
服务器微服务中的api如下所示：

@RequestMapping(value = "/users/{username}", method = RequestMethod.PATCH)
public ResponseEntity<UserNew> updateUser(@PathVariable("username") String username, @RequestBody UserNewDto userDto) throws Exception {
    userDto.setUsername(username);
    userNewDtoUtils.validateRequiredFieldsForUpdate(userDto);
    userNewDtoUtils.validateInput(userDto);
    userNewDtoUtils.throwExceptionIfCompanyDoesNotExist(userDto);
    userNewDtoUtils.throwExceptionIfAtLeastOneSiteDoesNotExist(userDto);
    userNewDtoUtils.throwExceptionIfAtLeastOneDataloggerDoesNotExists(userDto);

    UserNew userNew = null;
    try {
        userNew = userRegistrationService.updateUser(userDto);
    } catch (UserRepositoryException e) {
        if (UserRepositoryException.USER_NOT_FOUND_ERROR_CODE.equals(e.getErrorCode()))
            throw new ResponseStatusException(HttpStatus.NOT_FOUND, e.getMessage());
        throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage());
    }
    if (userNew == null)
        throw new ResponseStatusException(HttpStatus.NOT_FOUND, userErrorMessageService.buildUserNotFoundErrorMessage(userDto.getUsername()));
    return ResponseEntity.ok()
            .header(HttpHeaders.LOCATION, "/" + userNew.getId())
            .body(userNew);
}

我在服务器微服务控制台中遇到以下异常：

Resolved [org.springframework.http.converter.HttpMessageNotReadableException: I/O error while reading input message; nested exception is org.apache.catalina.connector.ClientAbortException: java.net.SocketTimeoutException]

没有更多的stacktrace。我在用 Postman 执行剩下的电话。输入json为：

{
"email": "s@a.it",
"status": "INACTIVE",
"role": "admin"

}
输出json为

{
"timestamp": 1608628117729,
"status": 400,
"error": "Bad Request",
"message": "I/O error while reading input message; nested exception is org.apache.catalina.connector.ClientAbortException: java.net.SocketTimeoutException",
"path": "/users/use04"

}
所以它包含对tomcat的引用。
有人能帮我吗？先谢谢你。