详细
@PassToken作用就是为了不需要token也能访问,方便好用
简单易懂!!
一、使用步骤
1.注解
代码如下(示例):
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
boolean required() default true;
}
2.逻辑处理
需要在filter拦截时候判断token,shiro拦截或者网关gateway拦截时候都行,自己写的拦截器也一样。拿到method就能到注解,判断就行
代码如下(示例):
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
//通过ApplicationContext上下文(spring)找到RequestMappingHandlerMapping这个bean
RequestMappingHandlerMapping handlerMapping = ApplicationContextUtil.getBean(RequestMappingHandlerMapping.class);
//RequestMappingHandlerMapping是对应url和处理类方法的一个类
HandlerExecutionChain handlerChain = handlerMapping.getHandler(httpServletRequest);
//通过处理链找到对应的HandlerMethod类
HandlerMethod handler = (HandlerMethod) handlerChain.getHandler();
//HandlerMethod中有bean和method
// Object bean = handler.getBean();//处理请求的类
Method method = handler.getMethod();//处理请求的方法
// boolean annotationPresent = method.isAnnotationPresent(PostMapping.class);
if (method.isAnnotationPresent(PassToken.class)) {
PassToken passToken = method.getAnnotation(PassToken.class);
if (passToken.required()) {
return true;
}
}
}
3.使用
@ApiOperation("登录")
@PostMapping("/login")
@PassToken
public Response login(@RequestBody UserParam loginParam) {
LoginVO userVO = userService.login(loginParam);
return Response.ok(userVO);
}
总结
提示:这里对文章进行总结:
用@PassToken就行了,方便好用!!!
因为我用的Oauth2+shiro,主要在于获取 注解 这里,
有两种:
方法一:
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
WebApplicationContext ctx = RequestContextUtils.findWebApplicationContext(httpServletRequest);
RequestMappingHandlerMapping mapping = ctx.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
HandlerExecutionChain handler = null;
handler = mapping.getHandler(httpServletRequest);
Annotation[] declaredAnnotations = ((HandlerMethod) handler.getHandler()).
getMethod().getDeclaredAnnotations();
for(Annotation annotation:declaredAnnotations) {
if (PassToken.class.equals(annotation.annotationType())) {
return true;
}
}
方法二:
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
WebApplicationContext ctx = RequestContextUtils.findWebApplicationContext(httpServletRequest);
RequestMappingHandlerMapping mapping = ctx.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
HandlerExecutionChain handler = null;
handler = mapping.getHandler(httpServletRequest);
Annotation[] declaredAnnotations = ((HandlerMethod) handler.getHandler()).
getMethod().getDeclaredAnnotations();
for(Annotation annotation:declaredAnnotations) {
if (PassToken.class.equals(annotation.annotationType())) {
return true;
}
}
总结:
1.自己写一个@PassToken注解
2.使用aop拦截器时候,获取request接口上的注解,如果有@PassToken则返回true,不需要验证token