登录校验注解【@Login】
/**
* app登录校验
* ClassName Login
* @Function TODO
* @date 2017年12月1日
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Login {
}
2.登录用户信息注解【@LoginUser 】
/**
* 登录用户信息
* ClassName LoginUser
* @Function TODO
* @date 2017年12月1日
*/
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginUser {
}
3.有@LoginUser注解的方法参数,注入当前登录用户
package com.esurer.modules.app.resolver;
import com.esurer.modules.app.annotation.LoginUser;
import com.esurer.modules.app.entity.UserEntity;
import com.esurer.modules.app.interceptor.AuthorizationInterceptor;
import com.esurer.modules.app.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
/**
* 有@LoginUser注解的方法参数,注入当前登录用户
* ClassName LoginUserHandlerMethodArgumentResolver
* @Function TODO
* @date 2017年12月1日
*/
@Component
public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Autowired
private UserService userService;
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.getParameterType().isAssignableFrom(UserEntity.class) && parameter.hasParameterAnnotation(LoginUser.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer container,
NativeWebRequest request, WebDataBinderFactory factory) throws Exception {
//获取用户ID
Object object = request.getAttribute(AuthorizationInterceptor.USER_KEY, RequestAttributes.SCOPE_REQUEST);
if(object == null){
return null;
}
//获取用户信息
UserEntity user = userService.queryObject((Long)object);
return user;
}
}
装配LoginUserHandlerMethodArgumentResolver
package com.esurer.modules.app.config;
import com.esurer.modules.app.interceptor.AuthorizationInterceptor;
import com.esurer.modules.app.resolver.LoginUserHandlerMethodArgumentResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.List;
/**
* MVC配置
* ClassName WebMvcConfig
* @Function TODO
* @date 2017年12月1日
*/
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Autowired
private AuthorizationInterceptor authorizationInterceptor;
@Autowired
private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizationInterceptor).addPathPatterns("/app/**");
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(loginUserHandlerMethodArgumentResolver);
}
}
- 权限(Token)验证--登陆校验
package com.esurer.modules.app.interceptor;
import io.jsonwebtoken.Claims;
import com.esurer.common.exception.RRException;
import com.esurer.modules.app.utils.JwtUtils;
import com.esurer.modules.app.annotation.Login;
import com.esurer.modules.app.dao.UserDao;
import com.esurer.modules.app.entity.UserEntity;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 权限(Token)验证
* ClassName AuthorizationInterceptor
* @Function TODO
* @date 2017年12月1日
*/
@Component
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
@Autowired
private JwtUtils jwtUtils;
@Autowired
private UserDao userDao;
public static final String USER_KEY = "userId";
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Login annotation;
if(handler instanceof HandlerMethod) {
annotation = ((HandlerMethod) handler).getMethodAnnotation(Login.class);
}else{
return true;
}
if(annotation == null){
return true;
}
//获取用户凭证
String token = request.getHeader(jwtUtils.getHeader());
if(StringUtils.isBlank(token)){
token = request.getParameter(jwtUtils.getHeader());
}
//凭证为空
if(StringUtils.isBlank(token)){
throw new RRException(jwtUtils.getHeader() + "不能为空", HttpStatus.UNAUTHORIZED.value());
}
Claims claims = jwtUtils.getClaimByToken(token);
if(claims == null || jwtUtils.isTokenExpired(claims.getExpiration())){
throw new RRException(jwtUtils.getHeader() + "失效,请重新登录", HttpStatus.UNAUTHORIZED.value());
}
//更新用户最新登录时间
UserEntity user = new UserEntity();
user.setUserId(Long.parseLong(claims.getSubject()));
user.setLatestLoginTime(new Date());
userDao.update(user);
//设置userId到request里,后续根据userId,获取用户信息
request.setAttribute(USER_KEY, Long.parseLong(claims.getSubject()));
return true;
}
}
实例如下
/**
* 获取用户信息
*/
@Login
@GetMapping("info")
public R userInfo(@LoginUser UserEntity user){
return R.ok().put("user", user);
}
响应:
{
"code":0,
"msg":"success",
"user":{
"id":"1",
"name":"赵三"
}
}
作者:阿南的生活记录
链接:https://www.jianshu.com/p/b63dc8b3e501
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。