/***@author: Gabriel
* @date: 2020/2/5 13:45
* @description 登录认证拦截*/@Slf4j
@Componentpublic class AuthenticationInterceptor implementsHandlerInterceptor {
@Autowired
IUserService userService;/*** 前置处理-方法执行前执行
*@paramrequest
*@paramresponse
*@paramhandler
*@return*@throwsException*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throwsException {
String token= request.getHeader("token");//如果不是映射到方法就放行
if (!(handler instanceofHandlerMethod)) {return true;
}
HandlerMethod handlerMethod=(HandlerMethod) handler;//获取方法及其相关注解//检查是否有不需要登录的注解,有则跳过认证
Method method =handlerMethod.getMethod();if (method.isAnnotationPresent(NoRequiredLoginToken.class)) {
NoRequiredLoginToken noRequiredLoginToken= method.getAnnotation(NoRequiredLoginToken.class);if(noRequiredLoginToken.required()) {return true;
}
}//检查有没有需要用户权限的注解
if (method.isAnnotationPresent(RequiredLoginToken.class)) {
RequiredLoginToken requiredLoginToken= method.getAnnotation(RequiredLoginToken.class);if(requiredLoginToken.required()) {//执行认证
if(StringUtils.isBlank(token)) {throw newBusinessException(ResultCode.NO_LOGIN);
}//获取token中的userId
String userId;try{
userId=JWT.decode(token).getAudience().get(0);
}catch(JWTDecodeException e) {throw newBusinessException(ResultCode.NO_LOGIN);
}
User user=userService.getById(userId);if(ObjectUtil.isNull(user)) {//TODO 用户不存在,请重新登录,这里需要优化异常类的构造方法
throw newBusinessException(ResultCode.NO_LOGIN);
}
JWTVerifier jwtVerifier=JWT.require(Algorithm.HMAC256(user.getPassword())).build();try{
jwtVerifier.verify(token);
}catch(JWTVerificationException e) {//TODO 校验失败,token有误
throw newBusinessException(ResultCode.NO_LOGIN);
}return true;
}
}//未加注解的方法直接放行-默认是不需要校验的
return true;
}/*** 后置处理-方法执行后执行
*@paramrequest
*@paramresponse
*@paramhandler
*@parammodelAndView
*@throwsException*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throwsException {
}/*** 最终处理-控制器执行完成后执行
*@paramrequest
*@paramresponse
*@paramhandler
*@paramex
*@throwsException*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throwsException {
}
}