新建注解
package com.democxy.common.annotation;import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;/** * 在需要登录验证的Controller的方法上使用此注解 * @Target 注解的作用范围 方法之上 * @Retention 注解的生存周期 运行级别,注解存在于源码、字节码、java虚拟机中,主要用于运行时,可以使用反射获取相关的信息 */@Target({ElementType.METHOD})@Retention(RetentionPolicy.RUNTIME)public @interface LoginRequired {}
新建拦截器
package com.democxy.common.interceptor;import com.democxy.common.annotation.LoginRequired;import com.democxy.common.exception.CustomException;import com.democxy.common.utils.JwtUtil;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.lang.reflect.Method;/** * 授权验证拦截器 */public class AuthenticationInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 从 http 请求头中取出 token// String token = request.getHeader("token");// boolean verity = JwtUtil.validateToken(token);// if (!verity){// throw new CustomException(4040,"token过期,请重新登录");// } //基于注解配置登录拦截 HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod(); // 接口是否有@LoginRequired注解, 有则需要判断是否登录 boolean annotationPresent = method.isAnnotationPresent(LoginRequired.class); if (annotationPresent) { // 验证token String token = request.getHeader("token"); boolean verity = JwtUtil.validateToken(token); if (!verity) { throw new CustomException(4040, "token过期,请重新登录"); } return true; } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { }}
注册拦截器
package com.democxy.common.config;import com.democxy.common.interceptor.AuthenticationInterceptor;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;@Configurationpublic class WebConfig implements WebMvcConfigurer { // 这个方法用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效 @Override public void addInterceptors(InterceptorRegistry registry) {// registry.addInterceptor(new AuthenticationInterceptor())// .addPathPatterns("/","/admin/**")// .excludePathPatterns("/admin/account/login","/admin/account/logout"); //基于注解配置拦截,只需要注册拦截器,不在需要指定拦截方法 registry.addInterceptor(new AuthenticationInterceptor()); }}
使用注解
@ResponseBody@RequestMapping(value = "getAccount",method = RequestMethod.POST)@LoginRequiredpublic ResponeData getAccountByToken(HttpServletRequest request) { Claims claims = JwtUtil.parseToken(request.getHeader("token")); String subject = claims.getSubject(); return new ResponeData<>(ResultEnum.SUCCESS,subject);}