1.自定义注解
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface Notoken {
boolean required() default true;
}
2.拦截器
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class InterceptorConfig extends WebMvcConfigurerAdapter {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor())
.addPathPatterns("/**"); // 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录
}
@Bean
public AuthenticationInterceptor authenticationInterceptor() {
return new AuthenticationInterceptor();
}
}
3.根据token选择是否放行
import cn.hutool.json.JSONObject;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.shitou.mybatisplus.utils.JWTUtil;
import com.shitou.mybatisplus.utils.WebContextUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.lang.Nullable;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
public class AuthenticationInterceptor implements HandlerInterceptor {
@Autowired
private RedisTemplate<String, Object> redisTemplate;
@Value("${redistoken.time-out}")
private String timeOut;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
String token = request.getHeader("token");
HashMap<String, String> map = new HashMap<>();
// 如果不是映射到方法直接通过
if(!(object instanceof HandlerMethod)){
return true;
}
HandlerMethod handlerMethod=(HandlerMethod)object;
Method method=handlerMethod.getMethod();
//如果有Notoken注解的方法直接跳过拦截
if (method.isAnnotationPresent(Notoken.class)) {
Notoken passToken = method.getAnnotation(Notoken.class);
if (passToken.required()) {
return true;
}
}
try {
JWTUtil.verify(token);//验证令牌
DecodedJWT tokenInfo = JWTUtil.getTokenInfo(token);
Object obj = redisTemplate.opsForValue().get(tokenInfo.getClaims().get("username").asString());
if(obj==null){
map.put("msg", "token过期!");
}else{ redisTemplate.opsForValue().set(tokenInfo.getClaims().get("username").asString(),obj); redisTemplate.expire(tokenInfo.getClaims().get("username").asString(),Integer.parseInt(timeOut), TimeUnit.SECONDS);
//将token放入本地缓存
JWTUtil.verifyToken(token);
JSONObject json = new JSONObject();
json.put("username",tokenInfo.getClaims().get("username").asString())
.put("role",tokenInfo.getClaims().get("role").asString())
.put("images",tokenInfo.getClaims().get("images").asString())
.put("address",tokenInfo.getClaims().get("address").asString());
WebContextUtil.setUserToken(json.toString());
return true;//放行请求
}
} catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg", "无效签名!");
map.put("msg", "无效签名!");
} catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg", "token过期!");
} catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg", "token算法不一致!");
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "token无效!!");
}
map.put("code", "403");//设置状态
//将 map 转为json jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json); //前台返回数据
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView){
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}