importjavax.servlet.annotation.WebFilter;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.stereotype.Component;importspringfox.documentation.spring.web.json.Json;importcom.alibaba.fastjson.JSON;importjava.io.IOException;importjava.io.OutputStreamWriter;importjava.io.PrintWriter;importjava.io.UnsupportedEncodingException;importjavax.servlet.Filter;importjavax.servlet.FilterChain;importjavax.servlet.FilterConfig;importjavax.servlet.ServletException;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;/***************
* token验证拦截
*@authorbamboo zjcjava@163.com
* @time 2017-08-01*/@Component//@WebFilter(urlPatterns = { "/api/v/*" }, filterName = "tokenAuthorFilter")
public class TokenAuthorFilter implementsFilter {private static Logger logger =LoggerFactory
.getLogger(TokenAuthorFilter.class);
@Overridepublic voiddestroy() {
}
@Overridepublic voiddoFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throwsIOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse rep=(HttpServletResponse) response;//设置允许跨域的配置//这里填写你允许进行跨域的主机ip(正式上线时可以动态配置具体允许的域名和IP)
rep.setHeader("Access-Control-Allow-Origin", "*");//允许的访问方法
rep.setHeader("Access-Control-Allow-Methods","POST, GET, PUT, OPTIONS, DELETE, PATCH");//Access-Control-Max-Age 用于 CORS 相关配置的缓存
rep.setHeader("Access-Control-Max-Age", "3600");
rep.setHeader("Access-Control-Allow-Headers","token,Origin, X-Requested-With, Content-Type, Accept");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
String token= req.getHeader("token");//header方式
ResultInfo resultInfo = newResultInfo();boolean isFilter = false;
String method=((HttpServletRequest) request).getMethod();if (method.equals("OPTIONS")) {
rep.setStatus(HttpServletResponse.SC_OK);
}else{if (null == token ||token.isEmpty()) {
resultInfo.setCode(Constant.UN_AUTHORIZED);
resultInfo.setMsg("用户授权认证没有通过!客户端请求参数中无token信息");
}else{if(TokenUtil.volidateToken(token)) {
resultInfo.setCode(Constant.SUCCESS);
resultInfo.setMsg("用户授权认证通过!");
isFilter= true;
}else{
resultInfo.setCode(Constant.UN_AUTHORIZED);
resultInfo.setMsg("用户授权认证没有通过!客户端请求参数token信息无效");
}
}if (resultInfo.getCode() == Constant.UN_AUTHORIZED) {//验证失败
PrintWriter writer = null;
OutputStreamWriter osw= null;try{
osw= newOutputStreamWriter(response.getOutputStream(),"UTF-8");
writer= new PrintWriter(osw, true);
String jsonStr=JSON.toJSONString(resultInfo);
writer.write(jsonStr);
writer.flush();
writer.close();
osw.close();
}catch(UnsupportedEncodingException e) {
logger.error("过滤器返回信息失败:" +e.getMessage(), e);
}catch(IOException e) {
logger.error("过滤器返回信息失败:" +e.getMessage(), e);
}finally{if (null !=writer) {
writer.close();
}if (null !=osw) {
osw.close();
}
}return;
}if(isFilter) {
logger.info("token filter过滤ok!");
chain.doFilter(request, response);
}
}
}
@Overridepublic void init(FilterConfig arg0) throwsServletException {
}
}