创建注解类
import java.lang.annotation.*;
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface AuthToken {
}
创建拦截器
import com.rz.common.annotation.AuthToken;
import com.rz.common.ex.BusinessException;
import com.rz.entity.po.Employees;
import com.rz.utils.Constant;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
@Component
public class AuthorizationInterceptor implements HandlerInterceptor {
private Logger logger = Logger.getLogger(getClass());
@Autowired
RedisTemplate redisTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws BusinessException {
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
// 如果打上了AuthToken注解则需要验证token
if (method.getAnnotation(AuthToken.class) != null || handlerMethod.getBeanType().getAnnotation(AuthToken.class) != null) {
String token = request.getParameter(Constant.USER_TOKEN);
Employees employees;
//验证token的有效性
if(StringUtils.isNotEmpty(token)){
employees=(Employees)redisTemplate.opsForValue().get(token);
if(employees!=null){
return true;
}
}
logger.info("认证失效,清重新登录!");
throw new BusinessException(Constant.YES_ERROR, "认证失效,清重新登录!");
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
配置
import com.rz.handler.AuthorizationInterceptor;
import com.rz.handler.LogInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import javax.annotation.Resource;
@Configuration
public class WebAppConfig extends WebMvcConfigurerAdapter {
@Resource
private AuthorizationInterceptor authorizationInterceptor;
@Resource
//private LogInterceptor logInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
//1.加入的顺序就是拦截器执行的顺序,
//2.按顺序执行所有拦截器的preHandle
//3.所有的preHandle 执行完再执行全部postHandle 最后是postHandle
registry.addInterceptor(authorizationInterceptor).addPathPatterns("/**");
//registry.addInterceptor(logInterceptor).addPathPatterns("/**");
}
}
使用
