springmvc 拦截器实现原理-CSDN博客

首先pom.xml文件中导入JWT maven依赖

<dependency>
	<groupId>io.jsonwebtoken</groupId>
	<artifactId>jjwt</artifactId>
	<version>0.9.1</version>
</dependency>
复制代码

其次新创建一个拦截器，继承HandlerInterceptor类

package com.irs.shiro;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.irs.util.JsonUtils;
import com.irs.util.JwtHelper;
import com.irs.util.WxResult;
import io.jsonwebtoken.Claims;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import java.io.IOException;
import java.io.PrintWriter;

import static com.sun.xml.internal.ws.api.message.Packet.State.ServerResponse;

public class ApiInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        System.out.println("---------preHandle--------");
        return check(request, response);
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println("---------postHandle--------");
    }

    private boolean check(HttpServletRequest request, HttpServletResponse response) throws Exception{
    //对url进行拦截和处理
        if (request.getServletPath().equals("/api/getToken")) {
            return true;
        }
        final String requestHeader = request.getHeader("token");
        String authToken;

        if (requestHeader != null) {
            authToken = requestHeader;
            Claims r;
            //验证token是否过期,包含了验证jwt是否正确
            try {
                r = JwtHelper.parseJWT(authToken);
                Object exp=r.get("exp");
                long times=Long.valueOf(exp.toString());
                long nowMillis = System.currentTimeMillis()/1000; //10位时间戳
                if(nowMillis<=times){
                    return true;
                }else{
                    //重置response
                    response.reset();
                    //设置编码格式
                    response.setCharacterEncoding("UTF-8");
                    response.setContentType("application/json;charset=UTF-8");
                    PrintWriter pw = null;
                    pw = response.getWriter();
                    pw.write(JsonUtils.objectToJson(WxResult.build(400,"token过期")));
                    pw.flush();
                    pw.close();
                    return false;
                }
            } catch (Exception e) {
                //有异常就是token解析失败
                //重置response
                response.reset();
                //设置编码格式
                response.setCharacterEncoding("UTF-8");
                response.setContentType("application/json;charset=UTF-8");
                PrintWriter pw = null;
                pw = response.getWriter();
                pw.write(JsonUtils.objectToJson(WxResult.build(400,"token验证失败")));
                pw.flush();
                pw.close();
                return false;
            }
        } else {
            //header没有带Bearer字段
            //重置response
            response.reset();
            //设置编码格式
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json;charset=UTF-8");
            PrintWriter pw = null;
            pw = response.getWriter();
            pw.write(JsonUtils.objectToJson(WxResult.build(400,"请携带token")));
            pw.flush();
            pw.close();
            return false;
        }

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)  throws Exception {
        System.out.println("---------afterCompletion--------");
    }

}

复制代码

最后在springmvc.xml中配置拦截器

<mvc:interceptors>
	<mvc:interceptor>
		<!-- 配置拦截规则 -->
		<mvc:mapping path="/api/*"/>
		<bean class="com.irs.shiro.ApiInterceptor"></bean>
	</mvc:interceptor>
</mvc:interceptors>
复制代码