使用HandlerInterceptorAdapter实现访问过滤

最近在项目中用HandlerInterceptorAdapter实现了访问过滤。

关于HandlerInterceptorAdapter的学习，参考神玄晓的博客：http://www.cnblogs.com/lxaic/p/5851985.html   感谢他的分享！

1.配置文件，我这里是放在application.xml里面

<mvc:interceptors>
    <mvc:interceptor>
        <mvc:mapping path="/httpapi/**" />
        <bean class="com.easylife.user.util.interceptor.HTTPAPICallInterceptor" />
    </mvc:interceptor>
</mvc:interceptors>

 

 2.实现的Interceptor

public class HTTPAPICallInterceptor extends HandlerInterceptorAdapter  {
    
    @Autowired
    private ApplicationConfig appConfig;
    
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
        // 取得token
        String access_token = request.getParameter("access_token");
        if(StringUtils.isBlank(access_token)){
            access_token = this.getHeader(request, "access_token");
        }
        if(StringUtils.isBlank(access_token)){
            response.setCharacterEncoding("UTF-8");
            response.getWriter().print("{\"success\": false,\"code\":\"invalid_token\",\"message\": \"Token was not recognised\"}");
            return false;
        }else{
            String url=String.format(appConfig.getOauth2TokenCheckUrl(),access_token);
            String return_json=send(url, "GET", null);
            return_json=return_json.replace("{}", "");
            JSONObject object=JSONObject.parseObject(return_json);
            String keyFlg=object.getString("keyflg");
            if(StringUtils.isNotBlank(keyFlg)){
                JSONArray arr=JSONObject.parseArray(keyFlg);
                if(arr.contains(appConfig.getOauth2TokenCheckKey())){
                    // 合法token成功
                    return true;
                }else{
                    response.setCharacterEncoding("UTF-8");
                    response.getWriter().print("{\"success\": false,\"code\":\"invalid_token\",\"message\": \"Resources no permissions to access\"}");
                    return false;
                }
            }else{
                response.setCharacterEncoding("UTF-8");
                response.getWriter().print("{\"success\": false,\"code\":\"invalid_token\",\"message\": " + return_json + "}");
                return false;
            }
        }
    }

 

说明：

Interceptor 拦截以“/httpapi/”开头的请求，

使用preHandle方法，返回false表示拦截住了，不会再向controller层去请求。

返回true就可以继续走下去。