前端请求api服务器时,对accessToken进行拦截判断,有效则可以访问接口,否则返回错误。
1、首先创建接口类
@Component
public class InterceptorJWT extends HandlerInterceptorAdapter {
@Autowired
private Audience audienceEntity;
@Autowired
private RedisUtils redisUtils;
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
System.out.println("自定义拦截器");
if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
IgnoreSecurity ignoreSecurity = ((HandlerMethod) handler).getMethodAnnotation(IgnoreSecurity.class);
if (ignoreSecurity != null)
return true;
}
String accessToken = StringUtils.isNotEmpty(request.getParameter("token")) ? request.getParameter("token") : request.getHeader("token");
if(StringUtils.isNotEmpty(accessToken)){
String HeadStr = accessToken.substring(0, 6).toLowerCase();
if(HeadStr.equals("bearer")){
accessToken = accessToken.substring(6);
Claims claims = JwtHelper.parseJWT(accessToken, audienceEntity.getBase64Secret());
if(claims != null){
Integer userId = (Integer)claims.get("userId");
String serviceToken = redisUtils.getToken(userId);
System.out.println("service redis token : " + serviceToken);
System.out.println("request accessToken : " + accessToken);
System.out.println("token" + (accessToken.equals(serviceToken) ? "一致" : "不一致"));
if(claims.getAudience().equals(audienceEntity.getClientId()) && accessToken.equals(serviceToken)){
request.setAttribute("userId", userId);
return true;
}
}else {
System.out.println("token解码失败");
}
}
}else {
System.out.println("请传递token");
}
throw new TokenErrorException();
}
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
super.afterCompletion(request, response, handler, ex);
}
public void afterConcurrentHandlingStarted(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
super.afterConcurrentHandlingStarted(request, response, handler);
}
}
2、设置一个token异常类
public class TokenErrorException extends RuntimeException{
public TokenErrorException(String message) {
super(message);
}
public TokenErrorException() {
}
}
3、创建一个实现类,实现WebMvcConfigurer
@SpringBootApplication
@EnableWebMvc
public class MyWebMvcConfigurerAdapter implements WebMvcConfigurer {
@Autowired
private InterceptorJWT interceptorJWT;
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(interceptorJWT)
.excludePathPatterns("/api/oauth/**")
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
}
}
实现类中对登陆api以及swagger做了处理,不会被拦截!
4、实现过滤拦截注解
@Documented
@Inherited
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnoreSecurity {
}
此注解使用在接口中,对于使用该注解的接口,会自动过滤掉拦截设置。
以上就是springboot配置拦截器的过程,如有问题,请指正!