@EnableAsync
@Configuration
@MapperScan({"org.springblade.**.mapper.**"})
public class ApiConfiguration extends WebMvcConfigurerAdapter {
@Bean
public AuthInterceptor authInterceptor() {
return new AuthInterceptor();
}
@Resource
private HeaderInterceptor headerInterceptor;
给所有html的请求带上token的时候再拦截
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authInterceptor())
.addPathPatterns("/index/**");
.excludePathPatterns("/**/v1/auth/login","/**/v1/device/connect");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(headerInterceptor);
}
下面是拦截器代码
package org.springblade.waterModel.interceptor;
import lombok.extern.slf4j.Slf4j;
import org.springblade.core.cache.utils.CacheUtil;
import org.springblade.core.tool.api.R;
import org.springblade.modules.system.entity.User;
import org.springblade.modules.system.service.IUserService;
import org.springblade.waterModel.cache.CacheConstant;
import org.springblade.waterModel.cache.CacheNames;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Enumeration;
@Slf4j
public class AuthInterceptor implements HandlerInterceptor {
@Resource
private IUserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String token = request.getHeader("Access-Token");
Enumeration<String> headerNames = request.getHeaderNames();
if(token == null){
log.warn("缺失权限信息,拒绝访问");
response.setStatus(401);
}else {
User user = CacheUtil.get(CacheNames.CACHE_NAME_HTML, CacheConstant.USER_BY_ID, token, () -> {
R<User> result = userService.userInfoById(Long.parseLong(token));
return result.getData();
});
if(user != null){
AuthCache.CURRENT_USER.set(user);//放ThreadLocal一份,方便后续使用
return true;
}else {
log.warn("无效的授权信息,拒绝访问");
response.setStatus(403);
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
没有用到jwt等技术