1、拦截类class TokenInterceptor implements HandlerInterceptor
在web模块interceptor包下,创建拦截器类TokenInterceptor:
1、判定是否OPTIONS,是就放行
2、获取token的,进行验证
- 2.1 读jwt
- 2.2 获取jwt中的数据,uid
3、token没有验证通过,需要给vue错误提示
- 2.1 返回json数据给前端
- 2.2 使用HttpServletResponse输出 json
package com.bjpowernode.front.interceptor;
import com.alibaba.fastjson.JSONObject;
import com.bjpowernode.common.enums.RCode;
import com.bjpowernode.common.util.JwtUtil;
import com.bjpowernode.front.view.RespResult;
import io.jsonwebtoken.Claims;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
public class TokenInterceptor implements HandlerInterceptor {
private String secret = "";
public TokenInterceptor(String secret) {
this.secret = secret;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//1.如果是OPTIONS,放行
if( "OPTIONS".equalsIgnoreCase(request.getMethod())){
return true;
}
boolean requestSend = false;
try{
//2.获取token的,进行验证
String headerUid = request.getHeader("uid");
String headerToken = request.getHeader("Authorization");
if(StringUtils.isNotBlank(headerToken)){
//Bearer eyxxxxx
String jwt = headerToken.substring(7);
//读jwt
JwtUtil jwtUtil = new JwtUtil(secret);
Claims claims = jwtUtil.readJwt(jwt);
//获取jwt中的数据,uid
Integer jwtUid = claims.get("uid",Integer.class);
if( headerUid.equals( String.valueOf(jwtUid))){
//token和发起请求用户是同一个。 请求可以被处理
requestSend = true;
}
}
}catch (Exception e){
requestSend = false;
e.printStackTrace();
}
//token没有验证通过,需要给vue错误提示
if( requestSend == false ){
//返回json数据给前端
RespResult result = RespResult.fail();
result.setRCode(RCode.TOKEN_INVALID);
//使用HttpServletResponse输出 json
String respJson = JSONObject.toJSONString(result);
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
out.print(respJson);
out.flush();
out.close();
}
return requestSend;
}
}
2、重写跨域配置类WebMvcConfiguration
在web模块settings包下,WebMvcConfiguration重写addInterceptors方法:
package com.bjpowernode.front.settings;
import com.bjpowernode.front.interceptor.TokenInterceptor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Value("${jwt.secret}")
private String jwtSecret;
/*token拦截器*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
TokenInterceptor tokenInterceptor = new TokenInterceptor(jwtSecret);
String [] addPath = {"/v1/user/realname"};
registry.addInterceptor(tokenInterceptor)
.addPathPatterns(addPath);
}
/*处理跨域*/
@Override
public void addCorsMappings(CorsRegistry registry) {
System.out.println("===========addCorsMappings===========");
//addMapping 处理的请求地址, 拦截这些地址,使用跨域处理逻辑
registry.addMapping("/**")
.allowedOriginPatterns("http://localhost:8080") //可跨域的域名,可以为 *
//支持跨域请求的,http方式
.allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
.allowCredentials(true)
.maxAge(3600)
//支持跨域的请求头, 在请求头包含哪些数据时,可以支持跨域功能
.allowedHeaders("*");
}
}