上代码
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map<Object, Object> map = new HashMap<>();
String token = request.getHeader("token");
try {
DecodedJWT verify = JWTUtils.verify(token);
map.put("state",true);
map.put("msg","请求成功");
return true;
}catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg","无效签名");
}catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg","token过期");
}catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg","token算法不一致");
} catch (Exception e) {
e.printStackTrace();
map.put("msg","token无效!");
}
map.put("state",false);
//将 map装换为json ResponseBody底层使用jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json);
return false;
}
}
//@Component
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
// @Override
// public void addInterceptors(InterceptorRegistry registry) {
// //拦截所有请求
// String[] addPathPatterns = {"/**"};
// //不需要拦截的请求
// String[] excludePathPatterns = {"/page/logout","/page/login","/page/init","/reader/login"};
// registry.addInterceptor(new MyInterceptor()).addPathPatterns(addPathPatterns).excludePathPatterns(excludePathPatterns);
// super.addInterceptors(registry);
// }
@Override
public void addInterceptors(InterceptorRegistry registry) {
String[] addPathPatterns = {"/user/test","/user/testgetInfo"}; //需要拦截的路径
registry.addInterceptor(new JWTInterceptor())
// .addPathPatterns("/user/test")
.addPathPatterns(addPathPatterns)
.excludePathPatterns("/user/login");
// .excludePathPatterns("/user/login");
}
}
public class JWTUtils {
private static final String SING="QWERT";
/**
* 生成token
*/
public static String getToken(Map<String,String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE,7); //默认7天过期
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(SING));
return token;
}
/**
* 验证token
*/
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
}
@IgnoreToken
该注解可以忽略token,意思是在方法上面添加注解 @IgnoreToken 后,那么请求该方法体时,则可以不用在header传token进行验证了。
@GetMapping(value = "/getOrgCodeAndNameDataBase")
@ResponseBody
@IgnoreToken
public ResponseResult getOrgCodeAndNameDataBase(@RequestParam String orgCode) {
IgnoreToken注解的配置
首选定义自定义注解
@Retention(RetentionPolicy.RUNTIME)
@Target(value = {ElementType.METHOD, ElementType.TYPE})
public @interface IgnoreToken {
}
其次在AuthInterceptor 中配置。
public class AuthInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HandlerMethod handlerMethod = (HandlerMethod) handler;
// 配置该注解,说明不进行拦截
IgnoreToken annotation = handlerMethod.getBeanType().getAnnotation(IgnoreToken.class);
if (annotation == null) {
annotation = handlerMethod.getMethodAnnotation(IgnoreToken.class);
}
if (annotation != null) {
return true;
}
}
@Target(value = {ElementType.METHOD, ElementType.TYPE})
ElementType.METHOD表示注解可以放在方法上
ElementType.TYPE 表示注解可以放在类上
handlerMethod.getBeanType().getAnnotation(IgnoreToken.class); //从类上获取注解
annotation = handlerMethod.getMethodAnnotation(IgnoreToken.class); 从方法上获取注解
~~这辈子坚持与不坚持都不可怕,怕的是独自走在坚持的道路上!!!~~