登录拦截器和遇到的各种跨域问题
在需求增加的时候登录需要增加拦截器和token校验,首先是jwt的检验。
当登录成功时,后端会给前端发送一个jwt块,这个块存储着用户的登录信息,有用户的userID和userName。之后其余的接口要想进入必须携带这个jwt块,后端会通过preHandle来校验是否登录,登录就放行。这是最基本的登录操作,但是前端往往都会把这个每个接口都增加一个header,因此在login接口会遇到跨域的问题,所以必须设置
res.setHeader("Access-Control-Allow-Headers", "*");
但是下面的LoginStatusFilter 会影响到跨域过滤器
@Component
@Slf4j
public class LoginStatusFilter implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if ("OPTIONS".equals(request.getMethod().toLowerCase())) {
return true;
}
log.error("come in");
if (!JwtUtils.checkToken(request)) {
throw new CmsException(401, "未登录");
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
@Configuration
public class WebAppConfigurer extends WebMvcConfigurationSupport {
private List<String> excludePathPatternList;
@Autowired
private LoginStatusFilter loginStatusFilter;
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginStatusFilter)
.addPathPatterns("/**")
.excludePathPatterns(getUrls());
super.addInterceptors(registry);
}
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**")
.addResourceLocations("classpath:/static/");
registry.addResourceHandler("swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
super.addResourceHandlers(registry);
}
private List<String> getUrls() {
List<String> list = new ArrayList<>();
list.add("/swagger-ui.html/**");
list.add("/login/request/login/**");
list.add("/swagger-resources/**");
list.add("/webjars/**");
list.add("/v2/**");
this.setExcludePathPatternList(list);
return excludePathPatternList;
}
public void setExcludePathPatternList(List<String> excludePathPatternList) {
this.excludePathPatternList = excludePathPatternList;
}
}
因此在
if ("OPTIONS".equals(request.getMethod().toLowerCase())) {return true}
这样能够在login的时候不进行拦截,这就是基本的登录接口,从中会遇到很多跨域问题,即可解决。