基于token 和拦截器进行用户的统一登录验证

1.定义自己的拦截器

  

package com.common.Interceptor;

import com.common.utils.JwtUtils;
import io.jsonwebtoken.Claims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;

/**
 * 自定义拦截器 ,作用不用再在每个方法前都去解析token了
 * .在preHandle中,可以进行编码、安全控制等处理;进入到api接口之前要做的事 必须要有布尔类型的返回值
 *      true 表示可以继续执行
 *      false 拦截了表示 不能往下执行了
 *  2.在postHandle中,有机会修改ModelAndView; 执行api方法之后要干的事
 *  3.在afterCompletion中,可以根据ex是否为null判断是否发生了异常,进行日志记录。 所有的请求结束之后要做的事
 */
@Component
public class JwtInterceptor extends HandlerInterceptorAdapter {
    @Autowired
    private JwtUtils jwtUtils;


    public JwtInterceptor() {
        super();
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        /**
         * 简化获取token 数据的代码编写
         *      统一用户的权限校验 即是否登录
         *  也可以判断当前用户是否有当前访问接口的权限
         */
        //1.通过request 获取token
        String authorization = request.getHeader("Authorization");
        //spring 判断为空的方法
        if(!StringUtils.isEmpty(authorization)&&authorization.startsWith("Bearer")){
            //表示该用户登录
            //获取到token 信息
            String token = authorization.replace("Bearer", "");
            Claims claims = jwtUtils.parseJwt(token);
//        claims.get("userName"); 获取设置的用户
            //设置claims 到请求中 new Date(System.currentTimeMillis())
           // Date issuedAt = claims.getIssuedAt();
            //System.out.println("issuedAt "+issuedAt);
            if(claims!=null) {
                //设置claims 到request 域上
                request.setAttribute("claims", claims);
                return true;
            }
        }
            //表示该用户没有登录,输出 出错信息
            PrintWriter out = null;
            try{
                response.setHeader("Content-type", "text/html;charset=UTF-8");
                out = response.getWriter();
                out.append("{\"success\":false,\"code\":SOS,\"msg\":\"您已经被蓝金黄了,请重新登录\"}");
            }catch(IOException e){
                e.printStackTrace();
            }finally {
                if (out != null) {
                    out.close();
                }
            }


        return false;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        super.postHandle(request, response, handler, modelAndView);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        super.afterCompletion(request, response, handler, ex);
    }

}
自定义拦截器

2.配置拦截器

package com.zhao.system.config;

import com.common.Interceptor.JwtInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

/**
 * 拦截器配置
 */
@Configuration
public class systemConfig extends WebMvcConfigurationSupport {
    //注入自定义的 拦截器
    @Autowired
    private JwtInterceptor jwtInterceptor;

    /**
     * 添加拦截器配置
     * @param registry
     */
    @Override
    protected void addInterceptors(InterceptorRegistry registry) {
       //添加自定义拦截器
        registry.addInterceptor(jwtInterceptor).addPathPatterns("/**") //指定拦截的url地址
        .excludePathPatterns("/login") ;//指定不拦截的url地址
    }
}
配置拦截器

3.controlller编写

package com.zhao.system.controller;

import com.common.utils.JwtUtils;
import io.jsonwebtoken.Claims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

@RestController
public class usercontroller {
    @Autowired
    private JwtUtils jwtUtils;
    int i=0;

    @GetMapping("/add")
    public  int add(){
;
        return i++;
    }

    @GetMapping("/add1")
    public  int add1(){
        int j=0;
        return j++;
    }
    /**
     * 使用jjwt token 进行验证登录
     */
    @ResponseBody
    @GetMapping("/login")
    public  String login(){
        Map<String ,Object> map= new HashMap();
        map.put("userName","zz");
         String token = jwtUtils.createJwt("1","zhao",map);
        return token;
    }

  
   

    @ResponseBody
    @GetMapping("/parseToken")
    public  String AopParseToken(HttpServletRequest request){

        Claims claims = (Claims)request.getAttribute("claims");
//        claims.get("userName"); 获取设置的用户
        return claims.get("userName").toString();
    }
}
View Code

posted @ 2020-01-27 17:46  Angry-rookie  阅读(3034)  评论(0)    收藏  举报