创建注解类
import java.lang.annotation.*; @Target({ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface AuthToken { }
创建拦截器
import com.rz.common.annotation.AuthToken; import com.rz.common.ex.BusinessException; import com.rz.entity.po.Employees; import com.rz.utils.Constant; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; @Component public class AuthorizationInterceptor implements HandlerInterceptor { private Logger logger = Logger.getLogger(getClass()); @Autowired RedisTemplate redisTemplate; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws BusinessException { if (!(handler instanceof HandlerMethod)) { return true; } HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod(); // 如果打上了AuthToken注解则需要验证token if (method.getAnnotation(AuthToken.class) != null || handlerMethod.getBeanType().getAnnotation(AuthToken.class) != null) { String token = request.getParameter(Constant.USER_TOKEN); Employees employees; //验证token的有效性 if(StringUtils.isNotEmpty(token)){ employees=(Employees)redisTemplate.opsForValue().get(token); if(employees!=null){ return true; } } logger.info("认证失效,清重新登录!"); throw new BusinessException(Constant.YES_ERROR, "认证失效,清重新登录!"); } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }
配置
import com.rz.handler.AuthorizationInterceptor; import com.rz.handler.LogInterceptor; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import javax.annotation.Resource; @Configuration public class WebAppConfig extends WebMvcConfigurerAdapter { @Resource private AuthorizationInterceptor authorizationInterceptor; @Resource //private LogInterceptor logInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { //1.加入的顺序就是拦截器执行的顺序, //2.按顺序执行所有拦截器的preHandle //3.所有的preHandle 执行完再执行全部postHandle 最后是postHandle registry.addInterceptor(authorizationInterceptor).addPathPatterns("/**"); //registry.addInterceptor(logInterceptor).addPathPatterns("/**"); } }
使用