最近項目中需要做每一個接口均加token參數,web端進行驗證。
我實用的是攔截器。
1、整體思路是定義好需要攔截的路徑,並將使用的接口添加@ApiToken
2、符合路徑並且添加了註解的接口發送請求時會進入攔截器,攔截器負責比對傳入的token是否正確(暫未加密處理);
3、正確則繼續,否則直接返回JSON。
1.Configuration
import cn.ac.bcc.ebap.common.interceptor.WebApiInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class AppTockenConfiguration extends WebMvcConfigurerAdapter {
@Bean
public WebApiInterceptor webApiInterceptor(){
return new WebApiInterceptor ();
}
@Override
public void addInterceptors(InterceptorRegistry registry){
//多個攔截器組成一個攔截器鏈
//addPathPattern 用於添加攔截規則 路徑,是帶api接口的
//用於定義、排除用戶的攔截
registry.addInterceptor(webApiInterceptor())
.addPathPatterns("/a/depart/**");
// .excludePathPatterns("/a/login");
super.addInterceptors(registry);
}
}
2.WebApiInterceptor
這邊返回值直接返回JSON。
import cn.ac.bcc.ebap.common.annotation.ApiToken;
import com.alibaba.fastjson.JSONObject;
import org.apache.log4j.Logger;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;
public class WebApiInterceptor extends HandlerInterceptorAdapter {
private static final Logger log = Logger.getLogger(WebApiInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
String sessionId = request.getSession ().getId ();
if(sessionId == null){
log.info("sessionId 已失效");
// throw new RuntimeException ();
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null ;
JSONObject res = new JSONObject ();
res.put("resultCode",302);
res.put("message","sessionId 已失效");
out = response.getWriter();
out.append(res.toString());
return false;
}
String token = request.getParameter ("access_token");
log.info("Token:{" + token + "}; 請求路徑:{" + request.getRequestURI() + "}");
if (method.isAnnotationPresent(ApiToken.class)) {
if (token != null) {
if(token.equals (sessionId)){
return true;
}else{
log.info("token不可用");
// throw new RuntimeException ();
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null ;
JSONObject res = new JSONObject ();
res.put("code",300);
res.put("message","token不可用");
out = response.getWriter();
out.append(res.toString());
return false;
}
}else{
log.info("token不可爲空");
// throw new RuntimeException ();
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null ;
JSONObject res = new JSONObject ();
res.put("code",301);
res.put("message","token不可爲空");
out = response.getWriter();
out.append(res.toString());
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
//方法執行之後攔截
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
System.out.println("========方法執行之後 開始調用===============");
}
}
3. 註解
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Created by zhanghaipeng on 2020/3/30.
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ApiToken {
}
ps:可以模擬JWT進一步優化,如加入過期時間參數等。