第一部分:访问控制
目的:防止非本系统用户通过http请求操作用户数据
方法:
1 当用户执行登录操作的时候,由前端生成token传到后台,后台将token以及该token的过期的时间存储在数据库
2 往后所有的api请求头内必须携带该token,否则该请求无效。如果请求中携带token则前去数据库检索该token的有效性及是否超时
实现:
@Component
//拦截所有路径
@WebFilter(urlPatterns = { "/**" }, filterName = "tokenAuthorFilter")
public class ConfigurationFilter implements Filter{
@Autowired
shiroService shiroService;
//定义不需要拦截的url
private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(
Arrays.asList(
"webjars",
"druid",
"swagger",
"v2",
"swagger-ui.html",
"swagger-resources",
"configuration",
"images"
)
)
);
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse responses = (HttpServletResponse) response;
HttpServletRequest requestes = (HttpServletRe