springboot的拦截器,早前是用的cookie,session的,后来才改用JWT(json web token)的,一个基于服务端,一个基于客户端,至于为什么不用cookie那一套而改用JWT,随便百度一下,也就知道了.我这里就不讲理论了.
ok,上才艺
依赖
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>2.0.2.graal</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.19.1</version>
</dependency>
1.使用JWT生成token(建议存放在utils包下)
package com.BooksAdmin.config;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
/**
* @Author: 新写的旧代码
* @Description: token生成
* @CreateTime: 2022/3/24
*/
public class JWT {
// 任意字符串
private static final String SING = "!A;E]R'T'!S-*G-S*'S[;HS.HH]D*S-VS+D=GS-=";
private static String token;
// get and set
public static String getToken() {
return token;
}
public static void setToken(String token) {
JWT.token = token;
}
// 生成用户token
public static String getJWToken(Long id){
Calendar instance = Calendar.getInstance();
// 设置过期时间,这里设置的是一天
instance.add(Calendar.DATE,1);
JWTCreator.Builder builder = com.auth0.jwt.JWT.create();
// 指定标识字段
builder.withClaim("lawyerId", id);
// 指定过期时间
token = builder.withExpiresAt(instance.getTime())
// 指定生成算法及签名
.sign(Algorithm.HMAC256(SING));
return token;
}
// 验证token,返回true或false
public static boolean verify(String token){
try {
com.auth0.jwt.JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
return true;
}catch (Exception e){
return false;
}
}
// 验证token,正确通过,否则抛出异常
public static DecodedJWT verifyToken(String lawyerToken){
return com.auth0.jwt.JWT.require(Algorithm.HMAC256(SING)).build().verify(lawyerToken);
}
// 从token中获取用户id
public static int getTokenId(String token){
DecodedJWT verify = com.auth0.jwt.JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
return verify.getClaim("Id").asInt();
}
}
2.编写拦截器(建议存放于interceptor包下)
package com.BooksAdmin.interceptor;
import com.BooksAdmin.config.JWT;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
/**
* @Description: 拦截器
* @Author: 新写的旧代码
* @CreateTime: 2022/3/24
*/
public class UserInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map<String, Object> map = new HashMap<>();
String Token = request.getHeader("token");
// 捕获刚刚JWT中抛出的异常,并封装对应的返回信息
try {
JWT.verifyToken(Token);
return true;
}catch (SignatureVerificationException e){
map.put("msg", "无效签名");
}catch (TokenExpiredException e){
map.put("msg", "已过期");
}catch (AlgorithmMismatchException e){
map.put("msg", "算法不一致");
}catch (Exception e){
map.put("msg", "无效身份信息");
}
// 封装返回值
map.put("code", 4010);
JSONObject json = new JSONObject(map);
response.setContentType("application/json;charset=UTF-8");
PrintWriter writer = response.getWriter();
writer.print(json);
writer.flush();
writer.close();
return false;
}
}
3.编写拦截器配置(config包下)
package com.BooksAdmin.config;
import com.BooksAdmin.interceptor.UserInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* @Description: springMVC配置
* @Author: 新写的旧代码
* @CreateTime: 2022/3/24
*/
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 用户拦截器
registry.addInterceptor(new UserInterceptor())
// 需要拦截的请求
.addPathPatterns("/user/**")
// 需要放行的请求
.excludePathPatterns("/user/UserLogin")
// 添加swagger-ui的放行路径
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**","/doc.html/**")
;
}
}
完事,收工