1.创建一个实现filter接口的实现类SecurityFilter
public class LoginFilter implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { } }
2.创建原生Servlet的配置类
注册创建的SecurityFilter类,注入redis模板(后续需要进行token校验)
@Configuration public class ServletConfig { //注入redis模板 @Autowired private StringRedisTemplate redisTemplate; /** * 注册原生Servlet的Filter */ @Bean public FilterRegistrationBean securityFilter(){ FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); //创建SecurityFilter对象 SecurityFilter securityFilter = new SecurityFilter(); //给SecurityFilter对象注入redis模板 securityFilter.setRedisTemplate(redisTemplate); //注册SecurityFilter filterRegistrationBean.setFilter(securityFilter); //配置SecurityFilter拦截所有请求 filterRegistrationBean.addUrlPatterns("/*"); return filterRegistrationBean; } }
3. 在SecurityFilter类中实现拦截逻辑
public class SecurityFilter implements Filter { //将redis模板定义为其成员变量 private StringRedisTemplate redisTemplate; //成员变量redis模板的set方法 public void setRedisTemplate(StringRedisTemplate redisTemplate) { this.redisTemplate = redisTemplate; } /** * 过滤器拦截到请求执行的方法: */ @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)resp; //获取请求url接口 String path = request.getServletPath(); /* 白名单请求都直接放行: */ List<String> urlList = new ArrayList<>(); urlList.add("/captcha/captchaImage"); //验证码 urlList.add("/login"); /* 其它请求都校验token: */ //拿到前端归还的token String clientToken = request.getHeader(WarehouseConstants.HEADER_TOKEN_NAME); //校验token,校验通过请求放行 放置前端token数据的名字,WarehouseConstants.HEADER_TOKEN_NAME="Token" if(StringUtils.hasText(clientToken)&&redisTemplate.hasKey(clientToken)){ chain.doFilter(request, response); return; } //校验失败,向前端响应失败的Result对象转成的json串 Result result = Result.err(Result.CODE_ERR_UNLOGINED, "请登录!"); String jsonStr = JSON.toJSONString(result); response.setContentType("application/json;charset=UTF-8"); PrintWriter out = response.getWriter(); out.print(jsonStr); out.flush(); out.close(); } }