1.需求
请求接口要认证token,认证成功正常调用接口
2.使用 HttpServletRequestWrapper重写
/** * 获取请求中携带的 token,验证登录 */ public class WrappedRequest extends HttpServletRequestWrapper { private static final Logger log = LoggerFactory.getLogger(WrappedRequest.class); private String mBody; public WrappedRequest(HttpServletRequest request) throws IOException { super(request); this.mBody = this.getBody(request); } public static String convertStreamToString(InputStream is) { BufferedReader reader = new BufferedReader(new InputStreamReader(is)); StringBuilder sb = new StringBuilder(); try { String line; try { while((line = reader.readLine()) != null) { sb.append(line + "\n"); } } catch (IOException var13) { log.error("IOException", var13); } } finally { try { is.close(); } catch (IOException var12) { log.error("IOException", var12); } } return sb.toString(); } private String getBody(HttpServletRequest request) throws IOException{ return convertStreamToString(request.getInputStream()); } public String getBody() { return this.mBody; } public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(this.getInputStream())); } public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream bais = new ByteArrayInputStream(this.mBody.getBytes(Charset.defaultCharset())); return new ServletInputStream() { public boolean isFinished() { return false; } public boolean isReady() { return false; } public void setReadListener(ReadListener readListener) { } public int read() throws IOException { return bais.read(); } }; }
3.新增Filter
@Component public class LoginFilter implements Filter { @Resource private RedisService redisService; /** * 匿名,不需要登录的 url */ private static final String[] anon_uris = new String[]{ "/unified/login", "/unified/logout" }; @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; //忽略掉匿名的路径 if(ServletUtils.requestUriMatch(anon_uris, request)){ filterChain.doFilter(request, response); return; } WrappedRequest myRequestWrapper = new WrappedRequest(request); //校验 token if(!validToken(myRequestWrapper, response)) return; //继续往下执行 if (myRequestWrapper == null) { filterChain.doFilter(servletRequest, servletResponse); }else{ filterChain.doFilter(myRequestWrapper, servletResponse); } } /** * 校验 token * @param myRequestWrapper * @param response * @return */ private boolean validToken(WrappedRequest myRequestWrapper, HttpServletResponse response) throws IOException { String param = myRequestWrapper.getBody(); System.out.println(param); HashMap hashMap = JSON.parseObject(param, HashMap.class); //获取 token String token = EmptyUtil.isNotEmpty(hashMap.get("token")) ? hashMap.get("token").toString() : null; //获取 userId String userId = EmptyUtil.isNotEmpty(hashMap.get("userId")) ? hashMap.get("userId").toString() : null; //校验token参数 if(EmptyUtil.isEmpty(token)) { ret(response, R.noToken().toJson()); return false; } if(EmptyUtil.isEmpty(userId)) { ret(response, R.noUserId().toJson()); return false; } //校验userId对应token String userLoginKey = "umpsLogin:" + userId; String userRedisToken = EmptyUtil.isEmpty(redisService.get(userLoginKey)) ? null : redisService.get(userLoginKey).toString(); if(EmptyUtil.isEmpty(userRedisToken)){ ret(response, R.noLogin().toJson()); return false; } if(!userRedisToken.equals(token)){ ret(response, R.noPerm().toJson()); return false; } //从 Redis 中获取用户信息 String userJson = redisService.get(token).toString(); if(userJson == null){ ret(response, R.noLogin().toJson()); return false; } //获取过期时间,与 token 过期时间保持一致 Long timeout = 21600l; //重置过期时间,单位为 “秒” redisService.expire(userId.toString(), timeout); //刷新 userId 的缓存时间 redisService.expire(token, timeout); //刷新 token 的缓存时间 return true; } public void ret(HttpServletResponse response, String body) throws IOException { response.setContentType("application/json; charset=utf-8"); response.getWriter().println(body); } }