责任链模式+过滤器+检验用户身份的合法性token
定义需要过滤的接口以及实现类
public interface FilterChain {
/**
* 过滤请求数据
* /
boolean intercept(HttpServletRequest request) throws SQLException;
}
实现过滤请求数据中是否含有token(唯一身份标识),还可以实现其他的过滤,如:关键词、黑名单等等
public class AuthticationFilter implements FilterChain{
private Logger logger = LoggerFactory.getLogger(AuthticationFilter.class);
private IUserService iUserService = (IUserService) ObjectUtils.getObject("userService");
//需要放行的静态资源
private String[] noStaticIntercept={
".lpg",".png","html",".css",".js"
};
//不能拦截的请求 登录请求、通过手机获取密码
private String[] noActionIntercept={
"/mobile/users/getPassword.action",
"/mobile/users/login.action"
};
@Override
public boolean intercept(HttpServletRequest request) throws SQLException {
String requestURI = request.getRequestURI();
//判断是否是静态资源
for (String str :noStaticIntercept){
if (requestURI.endsWith(str)){
logger.info("请求的是静态资源");
return true;
}
}
//判断是否是特殊方法
for (String str :
noActionIntercept) {
if(requestURI.endsWith(str)){
logger.info("特殊的请求地址");
return true;
}
}
//身份验证
String token = request.getHeader("token");
if (StringUtils.isEmpty(token)){
//token 有误
throw new BusinessException(ResponseCode.TOKEN_NAME_ERROR.getCode(), ResponseCode.TOKEN_NAME_ERROR.getMessage());
}
//使用token查找用户
User user = iUserService.getByToken(token);
if (null==user){
logger.info("token信息有误");
throw new BusinessException(ResponseCode.TOKEN_USER_ERROR.getCode(),ResponseCode.TOKEN_USER_ERROR.getMessage());
}
logger.info("认证执行了。。。。。。。。");
return false;
}
}
过滤资源管理器
public class FilterChainManagerImpl{
private static Map<String,FilterChain> filterChainMap = new HashMap<>();
static {
filterChainMap.put("authticationFilter",new AuthticationFilter());
filterChainMap.put("limitFilter",new LimitFilter());
}
public boolean intercept(HttpServletRequest request) throws SQLException {
List<String> filterOrder = getFilterOrder();
//按照顺序执行
for (String orderName :
filterOrder) {
//根据名字获取map中的过滤对象,起到了按顺序
FilterChain filterChain = filterChainMap.get(orderName);
if (null==filterChain){
//名字有误
throw new BusinessException(ResponseCode.FILTER_NAME_ERROR.getCode(), ResponseCode.FILTER_NAME_ERROR.getMessage());
}
//对request进行过滤
boolean intercept = filterChain.intercept(request);
}
return false;
}
/**
* 获取配置文件中过滤器链的执行顺序
* @return
*/
private List<String> getFilterOrder(){
List<String> lists = new ArrayList<>();
InputStream in = FilterChainManagerImpl.class.getClassLoader().getResourceAsStream("filter-order.properties");
Properties properties = new Properties();
try {
properties.load(in);
String val = properties.getProperty("filterOrder");
if (StringUtils.isEmpty(val)){
//未设置执行顺序
throw new BusinessException(ResponseCode.FILTER_ORDR_ERROR.getCode(), ResponseCode.FILTER_ORDR_ERROR.getMessage());
}
//按照顺序执行 说明只有一个
if(!val.contains(",")){
lists.add(val);
return lists;
}
//按照,进行分割并添加到数组
String[] split = val.split(",");
lists = Arrays.asList(split);
return lists;
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
}
使用过滤器执行过滤管理器
这里贴出doFilter方法
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
//责任链执行
try {
//执行各种认证信息 如果认证不成功,就会抛出异常
boolean intercept = filterChainManager.intercept(req);
//没有抛出异常说明验证通过
filterChain.doFilter(servletRequest,servletResponse);
}catch (Exception e){
DataResult dataResult = new DataResult();
if (e instanceof BusinessException){
BusinessException businessException = (BusinessException) e;
dataResult.setCode(businessException.getCode());
dataResult.setMessage(businessException.getErrMessage());
}else {
dataResult.setCode(ResponseCode.SYSTEM_ERROR.getCode());
dataResult.setMessage(ResponseCode.SYSTEM_ERROR.getMessage());
}
//输出返回值 验证不通过输出错误信息
sendToResponse(JSON.toJSONString(dataResult),req, (HttpServletResponse) servletResponse);
return;
}
}