自定义注解跳过Token验证
在JWT+token+redis实现登录逻辑中通过配置webconfig对登录接口进行放行,现通过给对应接口添加注解的方式使其不用经过token验证
- PassToken.java 自定义注解
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
}
- AuthenticationInterceptor.java 修改拦截器preHandle方法
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,Object object) {
//判断方法是否有PassToken注解 如果有则放行
if(object instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) object;
Method method = handlerMethod.getMethod();
if (method.isAnnotationPresent(PassToken.class)) {
return true;
}
}
//获取请求头信息
String token = httpServletRequest.getHeader("token");
if (token == null) {
return false;
}
String username;
try {
username = JWT.decode(token).getAudience().get(0);
} catch (Exception j) {
return false;
}
// 验证 token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(userService.getPassword(username))).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
return false;
}
return true;
}
- TestVontroller.java 在测试方法上添加PassToken注解
@RestController
@RequestMapping("/test")
public class TestController {
@GetMapping
@PassToken
public void test(){
System.out.println("hello world");
}
}