LoginInterceptor
package com.lx.common.config;
import com.lx.common.CodeResultCode;
import com.lx.common.utils.SecurityUtils;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Order(1)
@Component
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if(!(handler instanceof HandlerMethod)){
return true; // 静态资源直接放行
}
String token = request.getHeader("Authorization");
String userId = request.getHeader("userId");
if(token == null || token.isEmpty()||userId==null||userId.isEmpty()){ // token 是否为空和userID是否为空
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
throw new ServiceException("未登录,无权访问",CodeResultCode.CODE_1003);
}else{
if (!SecurityUtils.authToken(token)) {
throw new ServiceException("token校验失败",CodeResultCode.CODE_1004);
}
}
return true;
}
}
MyWebAppConfigurer
package com.lx.common.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 多个拦截器组成一个拦截器链
// addPathPatterns 用于添加拦截规则
// excludePathPatterns 用户排除拦截
registry.addInterceptor(new LoginInterceptor())
.excludePathPatterns("/system/comments/commentList")
.excludePathPatterns("/system/topic/getStatus")
.addPathPatterns("/**");
super.addInterceptors(registry);
}
}
SecurityUtils
package com.lx.common.utils;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.spring.SpringUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
/**
* 获取登录信息
*
*/
@Slf4j
public class SecurityUtils {
/**
* 获取当前登录用户的token
*
* @return
*/
public static Long getUserId() {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
return Convert.toLong(request.getHeader("userId"));
}
/**
* token校验
* @param token
* @return
*/
public static boolean authToken(String token) {
if (StrUtil.isBlank(token)) {
return false;
}
//校验token
}catch (Exception e){
log.error("token查询异常"+e.getMessage());
return false;
}
return ObjectUtil.isNotNull(authData);
}
}