filter
@Slf4j
@WebFilter(filterName = "authFilter", urlPatterns = "/*")
@Order(1) //测试好像这个参数不生效,实际生效的是Filter扫描到的顺序(所以起名很重要)
public class AuthFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.debug("start to auth request validate...111");
HttpServletRequest req = (HttpServletRequest) request;
String token = req.getHeader("token");
if (token != null) {
// :TODO check token
log.info("auth success");
chain.doFilter(request, response);
} else {
log.err("auth failed");
}
}
}
在SpringBootApplication上使用@ServletComponentScan注解后,Servlet、Filter、Listener可以直接通过@WebServlet、@WebFilter、@WebListener注解自动注册,无需其他代码。
@Slf4j
@EnableScheduling
@ServletComponentScan(basePackages = {"com.sanro.filter"}) //这一句完成了配置,Springboot的”懒理念“真的厉害。
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
log.debug("rest server start success.");
}
}
基于配置
@Configuration
public class FilterConfig {
@Autowired
private AuthFilter authFilter;
@Bean
public FilterRegistrationBean registerAuthFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(authFilter);
registration.addUrlPatterns("/*");
registration.setName("authFilter");
registration.setOrder(1); //值越小,Filter越靠前。
return registration;
}
//如果有多个Filter,再写一个public FilterRegistrationBean registerOtherFilter(){...}即可。
}
2、Interceptor
public class LoginInterceptor extends HandlerInterceptorAdapter{
/**
* 在请求处理之前进行调用(Controller方法调用之前)
* 基于URL实现的拦截器
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String path = request.getServletPath();
if (path.matches(Const.NO_INTERCEPTOR_PATH)) {
//不需要的拦截直接过
return true;
} else {
// 这写你拦截需要干的事儿,比如取缓存,SESSION,权限判断等
System.out.println("====================================");
return true;
}
}
}
/**
* 和springmvc的webmvc拦截配置一样
* @author BIANP
*/
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录
registry.addInterceptor(LoginInterceptor()).addPathPatterns("/**");
registry.addInterceptor(AuthorityInterceptor()).addPathPatterns("/**");
}
@Bean
public LoginInterceptor LoginInterceptor() {
return new LoginInterceptor();
}
@Bean
public AuthorityInterceptor AuthorityInterceptor() {
return new AuthorityInterceptor();
}
}