Token验证实现步骤:
1. 实现自定义注解
1.0. @Login(拦截请求验证token,结合token实现单点登录,挂机时限) 与 @LoginUser(前台传入token转换为userID)
图片示例:
2. 拦截器的注册类
2.0. extends(继承)WebMvcConfigurerAdapter类 (继承WebMvcConfigurationSupport 类,implements(实现) WebMvcConfigurer接口,根据不同的开发环境选择不同方式)
WebMvcConfigurerAdapter : Spring内部的一种配置方式采用JavaBean的形式来代替传统的xml配置文件形式进行针对框架个性化定制
package com.shengwei.businessschoolapi.config;
import com.shengwei.businessschoolapi.interceptor.AuthorizationInterceptor;
import com.shengwei.businessschoolapi.resolver.LoginUserHandlerMethodArgumentResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.List;
@Configuration
public class WebLoginHandlerConfig extends WebMvcConfigurerAdapter {
@Autowired
private AuthorizationInterceptor authorizationInterceptor;
@Autowired
private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver;
/*
*重写拦截器:添加拦截请求方法 excludePathPatterns(不拦截请求) addPathPatterns(拦截的请求)
*authorizationInterceptor:作用:拦截器实现 实现功能:用于每次请求验证Token(结合自定义注解@Login实现)
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizationInterceptor).excludePathPatterns("/api/wxUser/login").addPathPatterns("/api/**");
}
/*
*添加参数解析器
*loginUserHandlerMethodArgumentResolver 实现功能如:不传参数情况下可通过@LoginUser实现数据注入(结合自定义注解@LoginUser实现)
*/
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(loginUserHandlerMethodArgumentResolver);
}
}
WebMvcConfigurerAdapter 实现类
3. 拦截器实现
package com.shengwei.businessschoolapi.interceptor;
import com.shengwei.businessschoolapi.annotation.Login;
import com.shengwei.businessschoolapi.exception.RRException;
import com.shengwei.businessschoolapi.model.TokenEntity;
import com.shengwei.businessschoolapi.service.TokenService;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
@Autowired
private TokenService tokenService;
//统一设置userId的 KEY值
public static final String USER_KEY = "userId";
//前台统一token的 KEY值
public static final String LOGIN_TOKEN_KEY = "WM-SHOP-TOKEN";
/*
* preHandle()作用:在业务处理器处理请求之前被调用 预处理 可以进行编码 安全控制等处理
*
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Login annotation;
if(handler instanceof HandlerMethod) {
annotation = ((HandlerMethod) handler).getMethodAnnotation(Login.class);
}else{
return true;
}
if(annotation == null){
return true;
}
//从header中获取token
String token = request.getHeader(LOGIN_TOKEN_KEY);
//如果header中不存在token,则从参数中获取token
if(StringUtils.isBlank(token)){
token = request.getParameter("token");
}
//token为空
if(StringUtils.isBlank(token)){
throw new RRException("token不能为空");
}
//查询token信息
TokenEntity tokenEntity = tokenService.queryByToken(token);
if(tokenEntity == null || tokenEntity.getExpirationTime().getTime() < System.currentTimeMillis()){
throw new RRException("token失效,请重新登录");
}
//设置userId到request里,后续根据userId,获取用户信息
request.setAttribute(USER_KEY, tokenEntity.getUserid());
return true;
}
}
HandlerInterceptorAdapter 实现类
自定义注解拦截注入步骤:
1. 实现自定义注解(这里我们用(@LoginUser)
2. 添加参数解析器(这里我们用 LoginUserHandlerMethodArgumentResolver实现类)
3. 实现参数解析器
package com.shengwei.businessschoolapi.resolver;
import com.shengwei.businessschoolapi.annotation.LoginUser;
import com.shengwei.businessschoolapi.exception.RRException;
import com.shengwei.businessschoolapi.service.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
@Component
public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Autowired
private TokenService tokenService;
//前台统一token的 KEY值
public static final String LOGIN_TOKEN_KEY = "WM-SHOP-TOKEN";
/*
*getParameterType().isAssignableFrom(Long.class):为参数注入类型判断 hasParameterAnnotation(LoginUser.class)为当前注解名称判断
*当 retuer返回为true时 执行resolveArgument()方法
*/
@Override
public boolean supportsParameter(MethodParameter methodParameter) {
return methodParameter.getParameterType().isAssignableFrom(Long.class) && methodParameter.hasParameterAnnotation(LoginUser.class);
}
/*
* 注入数据方法
*/
@Override
public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) {
//获取用户token
String token = nativeWebRequest.getHeader(LOGIN_TOKEN_KEY);
if (token == null || token.isEmpty()) {
new RRException("没有token");
}
//获取用户Id
Long userId = tokenService.getUserId(token);
if (userId == null) {
new RRException("请登录");
}
return userId;
}
}
HandlerMethodArgumentResolver 接口实现类
提示:使用环境springboot(1.5.8)