在 TokenInterceptor.java 中输入以下代码,以下的代码将生成一个在请求到达controller前进行拦截的拦截器
import com.alibaba.fastjson.JSONObject; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.PrintWriter; import java.util.Arrays; import java.util.List; @Component public class TokenInterceptor implements HandlerInterceptor { // 假设现在的token有如下数据 List<String> tokenList = Arrays.asList("111", "222", "333"); // 这个方法是在访问接口之前执行的,我们只需要在这里写验证登陆状态的业务逻辑,就可以在用户调用指定接口之前验证登陆状态了 @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 设置返回为json格式,使用UTF-8 response.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); String token = request.getHeader("token"); PrintWriter out; // 之后写你的判断逻辑:return true是通过拦截器,可以继续访问controller,return false是不通过 if (token == null || !tokenList.contains(token)) { // 如果失败了返回{state:"false", msg:"token is null or wrong"} JSONObject res = new JSONObject(); res.put("state","false"); res.put("msg","token is null or wrong"); out = response.getWriter(); out.append(res.toString()); return false; } // 否则返回true 进入controller return true; } public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception { } public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception { } }
将以下代码写在InterceptorConfig.java中 ,使用addInterceptors方法将我们定义的拦截器添加进入项目中
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import javax.annotation.Resource; @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Resource TokenInterceptor tokenInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { // 设置所有的路径都要进行拦截,除了/test/login registry.addInterceptor(tokenInterceptor).addPathPatterns("/**") .excludePathPatterns("/test/login"); } }
将如下代码到TestController中,用于测试拦截器效果
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; @RestController // canload用于检测拦截器是否正常工作 @RequestMapping("/test") public class TestController { @RequestMapping(value = "/canload") public Map<String, Object> canLoad(){ Map<String, Object> res = new HashMap<>(); res.put("state", "ok"); res.put("msg", "you can load"); return res; } // login模拟登录时token返回 @RequestMapping(value = "/login") public String login(){ return "111"; } }
可以看到如下结果 ①直接登录成功
②直接访问canload失败
③使用postman,带上token进行访问成功
你也可以使用注解来代替第三步配置中的excludePathPatterns(), 来实现对于指定方法和controller的免token访问,新建一个NoNeedToken.java注解,在拦截器里判断注解存在时,直接return true放行
import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target({ElementType.METHOD, ElementType.TYPE}) //注解的范围是类、接口、枚举的方法上 @Retention(RetentionPolicy.RUNTIME)//被虚拟机保存,可用反射机制读取 public @interface NoNeedToken { }
① 自定义拦截器
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); String token = request.getHeader("token"); PrintWriter out; // 对于注解的判断--------------------------------------------------- HandlerMethod handlerMethod = (HandlerMethod) handler; if(handlerMethod.getMethodAnnotation(NoNeedToken.class)!=null || handlerMethod.getBeanType().isAnnotationPresent(NoNeedToken.class)){ // 如果自己拥有NoNeedToken标注或者所属的class拥有NoNeedToken 就直接放行 return true; } //------------------------------------------------------------------ if (token == null || !tokenList.contains(token)) { JSONObject res = new JSONObject(); res.put("state","false"); res.put("msg","token is null or wrong"); out = response.getWriter(); out.append(res.toString()); return false; } return true; }
② 去除拦截器配置中的去除项
public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(tokenInterceptor).addPathPatterns("/**"); // .excludePathPatterns("/test/login"); }
③ 在测试的login方法上添加注释
@RequestMapping(value = "/login") @NoNeedToken public String login(){ return "111"; }
修改完成之后效果和上面相同
https://blog.csdn.net/zt15732625878/article/details/100061528,这篇文章写的很详细了
一般出现这种情况是类与方法的获取注解方式不同,在本文中作者使用了下面的一句话来表述
handlerMethod.getMethodAnnotation(NoNeedToken.class)!=null || handlerMethod.getBeanType().isAnnotationPresent(NoNeedToken.class)
其中handlerMethod.getMethodAnnotation(NoNeedToken.class)!=null是对于方法的 而handlerMethod.getBeanType().isAnnotationPresent(NoNeedToken.class)是对于类的
handlerMethod.getMethodAnnotation(NoNeedToken.class)!=null
handlerMethod.getBeanType().isAnnotationPresent(NoNeedToken.class)
结语:希望对大家有帮助
原文链接:https://www.cnblogs.com/nihilwater/p/13447023.html