首先是拦截类AuthInterceptor.java中的具体逻辑,主要是有继承BaseInterceptor.java 类,而这个BaseInterceptor.java类继承了HandlerInterceptorAdapter类,然后拦截类AuthInterceptor.java实现了其中的preHandle方法
以下是全部代码
拦截器主要逻辑类——AuthInterceptor.java
package com.magnet.movie.rest.interceptor;
import com.alibaba.dubbo.config.annotation.Reference;
import com.magnet.movie.common.entity.User;
import com.magnet.movie.common.vo.MessageKey;
import com.magnet.movie.data.api.UserService;
import com.magnet.movie.rest.annotation.DisableAuth;
import com.magnet.movie.rest.utils.Constants;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
@Component
public class AuthInterceptor extends BaseInterceptor {
@Reference
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
if (!(handler instanceof HandlerMethod)) {
return true;
}
//放行逻辑
HandlerMethod method = (HandlerMethod) handler;
DisableAuth auth = method.getMethod().getAnnotation(DisableAuth.class);
if (isDisableAuth(auth)) {
return super.preHandle(request, response, handler);
}
//获取token
String accessToken = getAuthToken(request);
if (StringUtils.isBlank(accessToken)) {
setResponse(request, response, MessageKey.ACCESS_TOKEN_IS_NULL_CODE,"Error: token is null");
return false;
}
// 3.查询token是否正确
User account = userService.findAccessTokenIsValid(accessToken);
if (account == null) {
setResponse(request, response, MessageKey.ACCESS_TOKEN_IS_INVALID_CODE,"Error: token is invalid");
return false;
}
// 将userId写入到request请求中
request.setAttribute(Constants.REQUEST_ATTR_USER_ID, account.getId());
request.setAttribute("UserToken", accessToken);
request.setAttribute("UserId", account.getId());
return true;
}
private static boolean isDisableAuth(DisableAuth auth) {
return auth != null;
}
/**
* 获取http请求头部或者参数中的token值
*
* @param request
* http请求传递的值
* @return 返回token
*/
private String getAuthToken(HttpServletRequest request) {
String token = request.getHeader("accessToken");
if (token == null) {
token = request.getParameter("accessToken");
}
return token;
}
}
父类BaseInterceptor.java 这个类里面的代码其实与我要做的token校验关系不大
package com.magnet.movie.rest.interceptor;
import java.io.IOException;
import java.io.Writer;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.alibaba.fastjson.JSON;
@Slf4j
public abstract class BaseInterceptor extends HandlerInterceptorAdapter {
public void setResponse(HttpServletRequest request,
HttpServletResponse response, String messageKey,String message) {
response.setContentType("application/json;charset=UTF-8");
try (Writer writer = response.getWriter()) {
Map<String, Object> resultMap = new HashMap<>();
resultMap.put("code", messageKey);
resultMap.put("message", message);
logger(request, resultMap);
JSON.writeJSONString(writer, resultMap);
writer.flush();
} catch (IOException e) {
log.error("respose 设置操作异常:" + e);
}
}
public void setResponse(HttpServletRequest request,
HttpServletResponse response, String messageKey) {
setResponse(request,response,messageKey,"OK");
}
/**
* 记录日志
*/
private void logger(HttpServletRequest request, Map<String, Object> resultMap) {
StringBuffer msg = new StringBuffer();
msg.append("异常拦截日志:");
msg.append("[uri:").append(request.getRequestURI()).append("]");
Enumeration<String> enumer = request.getParameterNames();
while (enumer.hasMoreElements()) {
String name = enumer.nextElement();
String[] values = request.getParameterValues(name);
msg.append("[").append(name).append("=");
if (values != null) {
int i = 0;
for (String value : values) {
i++;
msg.append(value);
if (i < values.length) {
msg.append("|");
}
}
}
msg.append("]");
}
msg.append(JSON.toJSONString(resultMap));
log.warn(msg.toString());
}
}
回到拦截器逻辑类中会发现我重写了preHandle方法
重写方法
这个方法的作用:
原文链接 : https://blog.csdn.net/azhegps/article/details/99342891
适配器HandlerInterceptorAdapter的作用
这样我们所有的请求都会经过拦截器的逻辑,如果请求不符合逻辑就会被拦截到,并不会执行到方法内部。
有的接口需要token校验,有的并不需要,所以还要一个放行的逻辑。
可以直接用自定义注解来实现
自定义注解@DisableAuth 代码
package com.magnet.movie.rest.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 非鉴权注解,Controller使用此注解,过滤器将不拦截
* @author hudahua
*
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Documented
@Inherited
public @interface DisableAuth {
}
上面四个注解就是java的四大元注解,具体的用法如下(出自百度):
原文链接 : https://blog.csdn.net/qq_26125865/article/details/82881481
元注解作用
在需要放行的方法上加上自定义注解@DisableAuth
用法
拦截类AuthInterceptor.java中的放行逻辑
