在项目目录下建立两个包:inter 与contsfig
在inter新建层中实现HandlerInterceptor的继承类
import com.example.gameboxadminserver.entity.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class MyInterceptor implements HandlerInterceptor {
//在preHandle方法中进行登录判断
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
//session.setAttribute("adminName","o");
String adminName = (String)session.getAttribute("adminName");//获取储存的session
//System.out.println(adminName);
if(adminName==null){
System.out.println("请先登陆!");
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
在conrsfig中新增WebMvcConfiguer的继承类LoginConfig
实现addInterceptors方法
package com.example.gameboxadminserver.contsfig;
import com.example.gameboxadminserver.inter.MyInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class LoginConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
//注册拦截器
InterceptorRegistration registration = registry.addInterceptor(new MyInterceptor());
registration.addPathPatterns("/**"); //所有路径都被拦截
registration.excludePathPatterns(
//添加不拦截路径
"/admin/adminLogin",
);
}
}
排除knife4j拦截设置
拦截器配置代码
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override // 配置拦截器
public void addInterceptors(InterceptorRegistry registry) {
// 对swagger的请求不进行拦截
String[] excludePatterns = new String[]{"/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**",
"/api", "/api-docs", "/api-docs/**", "/doc.html/**"};
registry.addInterceptor(new MyInterceptor())
// 拦截所有请求
.addPathPatterns("/**")
// 排除指定请求
.excludePathPatterns(excludePatterns);
}
}
LoginInterceptor
参考:
package com.minglei.hotnews.config;
import com.minglei.hotnews.Utils.*;
import io.jsonwebtoken.Claims;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@Component
public class LoginInterceptor implements HandlerInterceptor {
//方法执行前
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//判断前端是否传来token如果没传进行拦截
String token=request.getHeader("token");//从http请求头中获取token
System.out.println("handler:"+handler);
if(!(handler instanceof HandlerMethod)){
return true;
}
HandlerMethod handlerMethod=(HandlerMethod)handler;
PassToken handlePass = handlerMethod.getBean().getClass().getDeclaredAnnotation(PassToken.class);
System.out.println("拿到的handlePass“"+handlePass);
System.out.println("handle拿到的类是:"+handlerMethod.getBean().getClass().getName());
System.out.println("handle拿到的类是否是swagger的控制器类:"+handlerMethod.getBean().getClass().getName().equals("springfox.documentation.swagger.web.ApiResourceController"));
//判断如果请求的类是swagger的控制器,直接通行。
if(handlerMethod.getBean().getClass().getName().equals("springfox.documentation.swagger.web.ApiResourceController")){
return true;
}
if(null != handlePass){
System.out.println("类上带PassToken注解,直接通行");
return true;
}else {
Method method=handlerMethod.getMethod();
//检查是否有@passtoken注解,有则跳过验证
if(method.isAnnotationPresent(PassToken.class))
{
PassToken passToken=method.getAnnotation(PassToken.class);
if(passToken.required())
{
//方法带passToken直接通行
System.out.println("方法带passToken直接通行");
return true;
}else {
System.out.println("方法没有带passToken,进行token验证");
//判断token是否过期
if(token!=null)
{
Claims claims = JWTUtil.parseJWT(token);
//解析token判断是否过期
if(claims!=null) {
long expTime = Long.parseLong(claims.get("ExpTime").toString());
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date nowDate = new Date();
Date expDate = new Date(expTime);
String nowDateStr = sdf.format(nowDate);
String expDateStr=sdf.format(expDate);
if (nowDate.getTime() >= expDate.getTime()) {
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter = response.getWriter();
Map<String, String> resultError = new HashMap<>();
resultError.put("code", "403");
resultError.put("message", "Token已过期,请重新登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
else
{
//把当前登录信息保存到threadLocal
LocalThreadRelUserInfo localThreadRelUserInfo=new LocalThreadRelUserInfo();
localThreadRelUserInfo.setUserId(Long.parseLong(claims.get("UserId").toString()));
localThreadRelUserInfo.setUserName(claims.get("UserName").toString());
LocalThreadRelUser.set(localThreadRelUserInfo);
}
}
else
{
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter = response.getWriter();
Map<String, String> resultError = new HashMap<>();
resultError.put("code", "403");
resultError.put("message", "Token已过期,请重新登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
}else {
//提示无权限访问
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter=response.getWriter();
Map<String,String> resultError=new HashMap<>();
resultError.put("code","403");
resultError.put("message","用户无权限访问,请登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
}
}else {
System.out.println("方法没有带passToken,进行token验证");
//判断token是否过期
if(token!=null)
{
Claims claims = JWTUtil.parseJWT(token);
//解析token判断是否过期
if(claims!=null) {
long expTime = Long.parseLong(claims.get("ExpTime").toString());
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date nowDate = new Date();
Date expDate = new Date(expTime);
String nowDateStr = sdf.format(nowDate);
String expDateStr=sdf.format(expDate);
if (nowDate.getTime() >= expDate.getTime()) {
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter = response.getWriter();
Map<String, String> resultError = new HashMap<>();
resultError.put("code", "403");
resultError.put("message", "Token已过期,请重新登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
else
{
//把当前登录信息保存到threadLocal
LocalThreadRelUserInfo localThreadRelUserInfo=new LocalThreadRelUserInfo();
localThreadRelUserInfo.setUserId(Long.parseLong(claims.get("UserId").toString()));
localThreadRelUserInfo.setUserName(claims.get("UserName").toString());
LocalThreadRelUser.set(localThreadRelUserInfo);
}
}
else
{
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter = response.getWriter();
Map<String, String> resultError = new HashMap<>();
resultError.put("code", "403");
resultError.put("message", "Token已过期,请重新登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
}else {
//提示无权限访问
response.setContentType("json/html; charset=utf-8");
//response.sendError(HttpServletResponse.SC_FORBIDDEN,"用户无权限,请登录");
PrintWriter printWriter=response.getWriter();
Map<String,String> resultError=new HashMap<>();
resultError.put("code","403");
resultError.put("message","用户无权限访问,请登录");
Object ces = JsonUtil.objectToString(resultError);
printWriter.write(ces.toString());
return false;
}
}
}
return true;// 只有返回true才会继续向下执行,返回false取消当前请求
}
//方法执行结束后
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
//清楚掉线程保存的用户信息
LocalThreadRelUser.remove();
}
}
jwt拦截放行配置
anonymousAccessList.add("/swagger-resources");
anonymousAccessList.add("/swagger-resources/configuration/ui");
anonymousAccessList.add("/v2/api-docs");
anonymousAccessList.add("/v2/api-docs-ext");
anonymousAccessList.add("/doc.html");
anonymousAccessList.add("/webjars/*");
anonymousAccessList.add("/favicon.ico");