攔截器常用的場景
權限驗證,判斷用戶是否登錄,防重複提交等等
自定義攔截器
1. 實現HandlerInterceptor接口
HandlerInterceptor接口
public interface HandlerInterceptor {
//在業務處理器處理請求之前被調用;預處理,可以進行編碼、安全控制、權限校驗等處理
default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
return true;
}
//在業務處理器處理請求執行完成後,生成視圖之前執行。
default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
}
//在DispatcherServlet完全處理完請求後被調用
default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
}
}
實現類
在本篇文章的用法,是對token校驗
public class JwtInterceptor implements HandlerInterceptor {
@Autowired
private JwtUtil jwtUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String header = request.getHeader("Authorization");
if (StringUtils.isNotEmpty(header)){
if (header.startsWith("Bearer ")){
// 得到token
final String token = header.substring(7);
// 對令牌進行驗證
try {
Claims claims = jwtUtil.parseJWT(token);
String roles = (String) claims.get("roles");
if ("admin".equals(roles)) {
request.setAttribute("claims_admin", token);
}
if ("user".equals(roles)) {
request.setAttribute("claims_user", token);
}
} catch (Exception e) {
throw new RuntimeException("令牌有誤!");
}
}
}
return true;
}
}
2. 繼承WebMvcConfigurationSupport
WebMvcConfigurationSupport
@Configuration
public class InterceptorConfig extends WebMvcConfigurationSupport {
@Autowired
private JwtInterceptor jwtInterceptor;
// 添加攔截器
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor)
.addPathPatterns("/**")
.excludePathPatterns("/**/login/**");
}
}