1. 编写ThreadLocal
public class UserThreadLocal {
private static final ThreadLocal<User> USER_THREAD_LOCAL = new ThreadLocal<>();
private UserThreadLocal(){}
public static void set(User user){
USER_THREAD_LOCAL.set(user);
}
public static User get(){
return USER_THREAD_LOCAL.get();
}
}
2. 编写不需要登录权限的注解
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented // 标记注解
public @interface NoAuthorization {
}
3. 编写拦截器
@Component
public class TokenInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 判断 请求方式是否包含了NoAuthorazation, 如果包含了就不需要进行处理
if (handler instanceof HandlerMethod){
HandlerMethod handlerMethod = (HandlerMethod) handler;
NoAuthorization annotation = handlerMethod.getMethod().getAnnotation(NoAuthorization.class);
if (annotation != null){
return true;
}
}
// 获取到请求头里面的token
String token = request.getHeader("Authorization");
// 根据token查询用户信息
User user = userService.queryUserByToken(token);
if (user == null){
response.setStatus(401); // 没有权限
return false;
}
UserThreadLocal.set(user);
return true;
}
}
4. 注册拦截器
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Autowired
private RedisCacheInterceptor redisCacheInterceptor;
@Autowired
private TokenInterceptor tokenInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(this.tokenInterceptor).addPathPatterns("/**");
registry.addInterceptor(this.redisCacheInterceptor).addPathPatterns("/**");
}
}
5. 应用 直接调用即可