首先需要了解过滤器和拦截器的区别以及运行顺序
图片来自@程序员内点事
有些时候需要在过滤中写跨域请求的处理
这里Token的验证就在拦截器里 当然写在过滤器里也行
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/**
* @Author XuZhuHong
* @CreateTime 2021/12/1 9:12
*/
@Configuration
public class MyConfig {
@Order
@Component
@Slf4j
public class AuthFilter implements Filter {
String errorInterface = "/LoginController/request";//兜底方法
//白名单接口
private static List< String > whiteList = Arrays.asList(
"/LoginController/login",
"/LoginController/request"
);
//过滤器 这个过滤器用来处理跨域请求 验证token
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//接口转换
HttpServletRequest req = (HttpServletRequest) request;
//白名单接口放行的操作(即不需要验证Token)
String path = req.getServletPath()
for (String s : whiteList) {
if (path.contains(s)) {
chain.doFilter(request, response);
return;
}
}
//中间写逻辑代码,判断Token是否正确,失败则返回false
String token = req.getHeader("Token"); //从请求头中得到token
if (token == null || token.trim().length() == 0) {
//没有Token直接转发到错误请求
request.getRequestDispatcher(errorInterface).forward(request, response);
return;
} else {
chain.doFilter(request, response);
return;
}
}
}
}