Custom Sign Algorithm

Description

• Users can customize the signature authentication algorithm to achieve verification.

Extension

• The default implementation is org.apache.shenyu.plugin.sign.service.ComposableSignService.

  @Bean
  @ConditionalOnMissingBean(value = SignService.class, search = SearchStrategy.ALL)
  public SignService signService() {
      return new ComposableSignService(new DefaultExtractor(), new DefaultSignProvider());
  }

• Declare a new class named CustomSignService and implements org.apache.shenyu.plugin.plugin.sign.service.

public interface SignService {

    /**
     * Gets verifyResult.
     * @param exchange exchange
     * @param requestBody requestBody
     * @return result
     */
    VerifyResult signatureVerify(ServerWebExchange exchange, String requestBody);

    /**
     * Gets verifyResult.
     * @param exchange exchange
     * @return result
     */
    VerifyResult signatureVerify(ServerWebExchange exchange);
}

• When returning is isSuccess() of VerifyResult, the sign verification passes. If there's false, the getReason() of VerifyResult will be return to the frontend to show.
• Register defined class as a Spring Bean.

   @Bean
   public SignService customSignService() {
         return new CustomSignService();
   }