springboot配置拦截器

前端请求api服务器时,对accessToken进行拦截判断,有效则可以访问接口,否则返回错误。

1、首先创建接口类

/**
 * 请求api服务器时,对accessToken进行拦截判断,有效则可以访问接口,否则返回错误
 * @author Win7
 *
 */
@Component
public class InterceptorJWT extends HandlerInterceptorAdapter {

	@Autowired
    private Audience audienceEntity;
	@Autowired
	private RedisUtils redisUtils;


	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		System.out.println("自定义拦截器");
		// 若目标方法忽略了安全性检查,则直接调用目标方法
		if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
			//如果方法上有@IgnoreSecurity注解,则不需要进行token验证
			IgnoreSecurity ignoreSecurity = ((HandlerMethod) handler).getMethodAnnotation(IgnoreSecurity.class);
			if (ignoreSecurity != null)
				return true;
		}
		String accessToken = StringUtils.isNotEmpty(request.getParameter("token")) ? request.getParameter("token") : request.getHeader("token");

		if(StringUtils.isNotEmpty(accessToken)){
			String HeadStr = accessToken.substring(0, 6).toLowerCase();
			if(HeadStr.equals("bearer")){
				accessToken = accessToken.substring(6);

				Claims claims = JwtHelper.parseJWT(accessToken, audienceEntity.getBase64Secret());
				//判断密钥是否相等,如果不等则认为时无效的token
				if(claims != null){
					Integer userId = (Integer)claims.get("userId");
					//token未失效,token需要和redis服务器中的储存的token值一样才有效
					//System.out.println(redisUtils.getToken(driverId));
					String serviceToken = redisUtils.getToken(userId);
					System.out.println("service redis token : " + serviceToken);
					System.out.println("request accessToken : " + accessToken);
					System.out.println("token" + (accessToken.equals(serviceToken) ? "一致" : "不一致"));
					if(claims.getAudience().equals(audienceEntity.getClientId()) && accessToken.equals(serviceToken)){
						request.setAttribute("userId", userId);
						return true;
					}
				}else {
					System.out.println("token解码失败");
				}
			}
		}else {
			System.out.println("请传递token");
		}

		throw new TokenErrorException();
	}


	public void postHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {

		super.postHandle(request, response, handler, modelAndView);
	}


	public void afterCompletion(HttpServletRequest request,
			HttpServletResponse response, Object handler, Exception ex)
			throws Exception {

		super.afterCompletion(request, response, handler, ex);
	}


	public void afterConcurrentHandlingStarted(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {

		super.afterConcurrentHandlingStarted(request, response, handler);
	}
}

2、设置一个token异常类

/**
 * @Description: app请求api时携带的token失效异常
 * @Date: 2018/1/4
 * @Author: wcf
 */
public class TokenErrorException extends RuntimeException{

    public TokenErrorException(String message) {
        super(message);
    }

    public TokenErrorException() {
    }
}

3、创建一个实现类,实现WebMvcConfigurer

@SpringBootApplication
@EnableWebMvc
public class MyWebMvcConfigurerAdapter implements WebMvcConfigurer {

    @Autowired
    private InterceptorJWT interceptorJWT;


    @Override
    public void addInterceptors(InterceptorRegistry registry){
        registry.addInterceptor(interceptorJWT)
                .excludePathPatterns("/api/oauth/**")
                .excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");;
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");
        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
    }
}

实现类中对登陆api以及swagger做了处理,不会被拦截!

4、实现过滤拦截注解

/**
 * @Description:
 * @Date: 2018/1/4
 * @Author: wcf
 */
@Documented
@Inherited
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnoreSecurity {

}

此注解使用在接口中,对于使用该注解的接口,会自动过滤掉拦截设置。

以上就是springboot配置拦截器的过程,如有问题,请指正!

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值