版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_27786919/article/details/87858280
拦截器 package com.zy.interceptor; import com.zy.annotation.Login; import com.zy.common.exception.RRException; import com.zy.entity.TokenEntity; import com.zy.service.TokenService; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 权限(Token)验证 * @author chenshun * @email [email protected] * @date 2018-08-01 15:38 */ @Component public class AuthorizationInterceptor extends HandlerInterceptorAdapter { @Autowired private TokenService tokenService; public static final String USER_KEY = "userId"; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //跨域访问CORS response.addHeader("Access-Control-Allow-Origin", "*"); response.addHeader("Access-Control-Allow-Methods", "POST,OPTIONS,PUT,HEAD"); // response.addHeader("Access-Control-Allow-Headers", "*"); response.addHeader("Access-Control-Max-Age", "3600000"); response.addHeader("Access-Control-Allow-Credentials", "true"); response.addHeader("Access-Control-Allow-Headers", "Authentication,Origin, X-Requested-With, Content-Type, Accept,token"); //让请求,不被缓存, response.setHeader("Cache-Control", "no-cache"); response.setHeader("Cache-Control", "no-store"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", 0); if (request.getMethod().equals("OPTIONS")) response.setStatus(HttpServletResponse.SC_OK); Login annotation; if(handler instanceof HandlerMethod) { annotation = ((HandlerMethod) handler).getMethodAnnotation(Login.class); }else{ return true; } if(annotation == null){ return true; } //从header中获取token String token = request.getHeader("token"); //如果header中不存在token,则从参数中获取token if(StringUtils.isBlank(token)){ token = request.getParameter("token"); } //token为空 if(StringUtils.isBlank(token)){ throw new RRException("token不能为空"); } //查询token信息 TokenEntity tokenEntity = tokenService.queryByToken(token); System.out.println(tokenEntity.getExpireTime().getTime()); System.out.println( System.currentTimeMillis()); System.out.println(tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()); if(tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()){ throw new RRException("token失效,请重新登录"); } //设置userId到request里,后续根据userId,获取用户信息 request.setAttribute(USER_KEY, tokenEntity.getUserId()); return true; }
token服务层实现类
package com.zy.service.impl; import com.baomidou.mybatisplus.mapper.EntityWrapper; import com.baomidou.mybatisplus.service.impl.ServiceImpl; import com.zy.dao.TokenDao; import com.zy.entity.TokenEntity; import com.zy.service.TokenService; import org.springframework.stereotype.Service; import java.util.Date; import java.util.UUID; @Service("tokenService") public class TokenServiceImpl extends ServiceImpl<TokenDao, TokenEntity> implements TokenService { /** * 12小时后过期 */ private final static int EXPIRE = 3600 * 12; @Override public TokenEntity queryByToken(String token) { return this.selectOne(new EntityWrapper<TokenEntity>().eq("token", token)); } @Override public TokenEntity createToken(long userId) { //当前时间 Date now = new Date(); //过期时间 Date expireTime = new Date(now.getTime() + EXPIRE * 1000); //生成token String token = generateToken(); //保存或更新用户token TokenEntity tokenEntity = new TokenEntity(); tokenEntity.setUserId(userId); tokenEntity.setToken(token); tokenEntity.setUpdateTime(now); tokenEntity.setExpireTime(expireTime); this.insertOrUpdate(tokenEntity); return tokenEntity; } @Override public void expireToken(long userId){ Date now = new Date(); TokenEntity tokenEntity = new TokenEntity(); tokenEntity.setUserId(userId); tokenEntity.setUpdateTime(now); tokenEntity.setExpireTime(now); this.insertOrUpdate(tokenEntity); } private String generateToken(){ return UUID.randomUUID().toString().replace("-", ""); } }
token实体类
package com.zy.entity; import com.baomidou.mybatisplus.annotations.TableId; import com.baomidou.mybatisplus.annotations.TableName; import com.baomidou.mybatisplus.enums.IdType; import java.io.Serializable; import java.util.Date; /** * 用户Token * * @author chenshun * @email [email protected] * @date 2018-08-01 15:22:07 */ @TableName("tb_token") public class TokenEntity implements Serializable { private static final long serialVersionUID = 1L; /** * 用户ID */ @TableId(type=IdType.INPUT) private Long userId; private String token; /** * 过期时间 */ private Date expireTime; /** * 更新时间 */ private Date updateTime; /** * 设置:用户ID */ public void setUserId(Long userId) { this.userId = userId; } /** * 获取:用户ID */ public Long getUserId() { return userId; } /** * 设置:token */ public void setToken(String token) { this.token = token; } /** * 获取:token */ public String getToken() { return token; } /** * 设置:过期时间 */ public void setExpireTime(Date expireTime) { this.expireTime = expireTime; } /** * 获取:过期时间 */ public Date getExpireTime() { return expireTime; } /** * 设置:更新时间 */ public void setUpdateTime(Date updateTime) { this.updateTime = updateTime; } /** * 获取:更新时间 */ public Date getUpdateTime() { return updateTime; } }