在Filter中通过session进行登录校验
1.明确思路
需要通过Filter对前端的不同请求进行过滤,具体逻辑如下:
- 如果前端请求登录接口,直接放行
- 如果前端在没有登录的情况下访问管理界面,直接返回错误信息
- 在登陆后,针对不同的请求在Filter中添加必要的信息之后然后放行
本例是在登录之后,会将用户名存储在上session中,然后在保存和更新用户信息的时候,在Filter中根据不同的请求添加createUser和updateUser。
2.具体步骤
1.首先新建HttpHelper请求处理字符串工具类
import javax.servlet.ServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
/**
* 请求处理工具类
*
*/
public class HttpHelper {
public static String getBodyString(ServletRequest request) {
StringBuilder sb = new StringBuilder();
InputStream inputStream = null;
BufferedReader reader = null;
try {
inputStream = request.getInputStream();
reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")));
String line = "";
while ((line = reader.readLine()) != null) {
sb.append(line);
}
} catch (IOException e) {
LogUtils.error(e);
} finally {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException e) {
LogUtils.error(e);
}
}
if (reader != null) {
try {
reader.close();
} catch (IOException e) {
LogUtils.error(e);
}
}
}
return sb.toString()/*.replaceAll(" ","")*/;
}
}
- 继承HttpRequestWrapper创建RequestWrapper重写请求参数
import com.hean.iot.platform.utils.HttpHelper;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
/**
* 请求参数重写
*
*/
public class RequestWrapper extends HttpServletRequestWrapper {
private byte[] body;
public RequestWrapper(HttpServletRequest request) {
super(request);
body = HttpHelper.getBodyString(request).getBytes(Charset.forName("UTF-8"));
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
/**
* 重写获取 输入流的方法,保证流可写可读多次
* @return
* @throws IOException
*/
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
};
}
public byte[] getBody() {
return body;
}
public void setBody(byte[] body) {
this.body = body;
}
}
- 在过滤器中限制过滤内容
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.hean.iot.platform.model.RequestWrapper;
import com.hean.iot.platform.session.SessionBeanService;
import org.springframework.context.annotation.Configuration;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
/**
* 过滤器
*
*/
@Configuration
@WebFilter(filterName = "authFilter", urlPatterns = {"/*"})
public class PostFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/*
* @Date: 2021/1/18 14:59
* Step 1: 重写 RequestWrapper,重写获取流的方法
*/
RequestWrapper requestWrapper = new RequestWrapper((HttpServletRequest) request);
/*
* @Date: 2021/1/18 14:59
* Step 2: 读取输入流,将所需信息写入
* json形式参数填充(这里新增customerId的键值)
*/
StringBuffer buffer = new StringBuffer();
String line = null;
BufferedReader reader = null;
reader = requestWrapper.getReader();
while ((line = reader.readLine()) != null) {
buffer.append(line);
}
JSONObject object = JSON.parseObject(buffer.toString());
object.put("customerId", SessionBeanService.getCustomerId());
requestWrapper.setBody(object.toString().getBytes());
/*
* @Date: 2021/1/18 15:00
* Step 3: 普通形式参数填充(这里新增customerId的键值)
*/
HashMap parameterMap = new HashMap(requestWrapper.getParameterMap());
parameterMap.put("customerId", new String[]{SessionBeanService.getCustomerId().toString()});
ParameterRequestWrapper newRequest = new ParameterRequestWrapper(requestWrapper, parameterMap);
/**
* 过滤跳转
*/
chain.doFilter(newRequest, response);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
然后直接调用后端的接口就可以测试过滤器了,注意在对请求参数修改之后,chain.doFilter中的requeat要重写之后的新请求,就比如上例中的应该写为chain.doFilter(newRequest,Response)