package com.amigo.companion.provider.user.interceptor;
import java.lang.reflect.Method;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.amigo.companion.common.base.security.LocalUser;
import com.amigo.companion.common.core.response.StatusCode;
import com.amigo.companion.common.core.security.IgnoreSecurity;
import com.amigo.companion.provider.user.exception.TokenException;
import com.amigo.companion.provider.user.service.TokenManagerService;
/**
* token拦截器
*
* @author amigo
*
*/
@Component
public class TokenInterceptor extends HandlerInterceptorAdapter {
private static final Logger logger = LoggerFactory.getLogger(TokenInterceptor.class);
@Resource
private TokenManagerService tokenManagerService;
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
LocalUser.removeUser();
super.afterCompletion(request, response, handler, ex);
// logger.info("请求结束!请求线程名:" + Thread.currentThread().getId() + ",请求路径:" +
// request.getRequestURI());
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
super.afterConcurrentHandlingStarted(request, response, handler);
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
String token = request.getHeader("ACCESS_TOKEN");
if (StringUtils.isEmpty(token)) {
token = request.getParameter("access_token");
}
logger.info("Token:{},请求路径{}", token, request.getRequestURI());
if (method.isAnnotationPresent(IgnoreSecurity.class)) {
if (StringUtils.isNotEmpty(token)) {
tokenManagerService.checkToken(token);
}
return true;
}
if (StringUtils.isEmpty(token)) {
logger.info("必须要传token的接口,Token:{},请求路径{}", token, request.getRequestURI());
throw new TokenException(StatusCode.UNAUTHORIZED);
}
// 检查 token 有效性
if (!tokenManagerService.checkToken(token)) {
logger.error("Token:{},请求路径{},checkToken返回false", token, request.getRequestURI());
throw new TokenException(StatusCode.UNAUTHORIZED);
}
return true;
}
}
package com.amigo.companion.common.core.security;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import java.lang.annotation.ElementType;
import java.lang.annotation.RetentionPolicy;
/**
* 忽略安全性检查
* @author amigo
*
*/
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnoreSecurity {
}
package com.amigo.companion.provider.user.service;
import com.amigo.companion.provider.user.entity.UserInfo;
/**
* token管理服务
* @author amigo
*
*/
public interface TokenManagerService {
String createToken(UserInfo user);
boolean checkToken(String token);
void removeToken(String tokenOld);
}
package com.amigo.companion.provider.user.service.impl;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
import com.amigo.companion.common.base.security.LocalUser;
import com.amigo.companion.common.param.redis.LocalUserId;
import com.amigo.companion.common.param.redis.LocalUserId.User;
import com.amigo.companion.common.param.redis.RedisKey;
import com.amigo.companion.common.util.StringUtils;
import com.amigo.companion.provider.user.common.RwRedisService;
import com.amigo.companion.provider.user.entity.UserInfo;
import com.amigo.companion.provider.user.service.TokenManagerService;
@Service
public class TokenManagerServiceImpl implements TokenManagerService {
private static final Logger logger = LoggerFactory.getLogger(TokenManagerServiceImpl.class);
@Autowired
RwRedisService rwRedisService;
@Autowired
@Qualifier("writeRedisTemplate")
RedisTemplate<String, Object> writeRedisTemplate;
@Override
public String createToken(UserInfo user) {
LocalUserId info = new LocalUserId();
String token = StringUtils.createUserToken();
info.setUserId(user.getUserId());
info.setToken(token);
LocalUserId.User tokenUser = new User();
tokenUser.setId(user.getUserId());
info.setUser(tokenUser);
rwRedisService.opsForValue().set(RedisKey.TOKEN + token, info, 2592000L, TimeUnit.SECONDS);
return token;
}
@Override
public boolean checkToken(String token) {
if(StringUtils.isBlank(token)) {
return false;
}
if(!rwRedisService.hasKey(RedisKey.TOKEN + token)) {
logger.info("token:{}在redis中不存在",token);
return false;
}else {
logger.info("token:{}在redis中存在",RedisKey.TOKEN + token);
rwRedisService.expire(token, 2592000L);
LocalUserId user = (LocalUserId) rwRedisService.getThroughWrite(RedisKey.TOKEN + token);
LocalUser.setUser(user);
}
return true;
}
@Override
public void removeToken(String tokenOld) {
writeRedisTemplate.delete(RedisKey.TOKEN + tokenOld);
}
}