添加自定义拦截器
package com.juejiu.config;import com.juejiu.utils.TokenGenerate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;//token拦截器,对拦截下的接口检查其的token是否符合只有
// 在提供一个有效的token时才能通过验证,否则给出认证失败的响应。
@Component
public class TokenInterceptor implements HandlerInterceptor {@Autowiredprivate RedisTemplate redisTemplate;@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception{//Axios 发起跨域请求前,浏览器也会首先发起 OPTIONS 预检请求。检查服务器是否允许跨域访问。System.out.println("拦截的请求路径:" + request.getRequestURI());System.out.println("拦截的请求方法:" + request.getMethod());if(request.getMethod().equals("OPTIONS")){response.setStatus(HttpServletResponse.SC_OK);System.out.println("允许跨域访问");return true;}response.setCharacterEncoding("utf-8");String token = request.getHeader("token");if(token != null){boolean result = TokenGenerate.verify(token);if(result){Object o = redisTemplate.opsForValue().get("token:" + token);if(o==null){System.out.println("token过期或者在用户退出的时候已删除,redis找不到");return false;}System.out.println("通过拦截器");return true;}}response.setCharacterEncoding("UTF-8");PrintWriter out = null;response.getWriter().write("认证失败,错误码:50000");return false;}
}
添加mvc拦截器
package com.juejiu.config;import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;//入口拦截,设置哪些接口需要拦截或不拦截(保护后端接口 防止未经授权的访问)
//只需要拦截本身就不会携带token的接口(例如登陆注册)
//因为登陆后网页的请求头就会携带token,此时我们需要进行token的验证,防止在未登陆时就可以进行其他操作
@Configuration
public class IntercepterConfig implements WebMvcConfigurer {@Autowiredprivate final TokenInterceptor tokenInterceptor;// 构造方法public IntercepterConfig(TokenInterceptor tokenInterceptor) {this.tokenInterceptor = tokenInterceptor;}@Overridepublic void addInterceptors(InterceptorRegistry registry) {//excludePathPatterns用来配置不需要拦截的接口(或者相当于功能)List<String> excludePath = new ArrayList<>();//List用来保存所有不需要拦截的路径excludePath.add("/register"); //注册excludePath.add("/login/**"); //登录excludePath.add("/essay/**"); //登录//在登陆之后的网页中已经携带token,所以只需要放行登陆注册接口,//若放行其他接口,那么就相当于不需要登陆就可进行接口的使用registry.addInterceptor(tokenInterceptor)//添加名为tokenInterceptor的拦截器.addPathPatterns("/**") //指定拦截所有路径.excludePathPatterns(excludePath);//排除不需要拦截的路径WebMvcConfigurer.super.addInterceptors(registry);}
}
自定义的jwttoken生成器
package com.juejiu.utils;import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.springframework.stereotype.Component;import java.util.Date;
@Component
public class TokenGenerate {private static final long EXPIRE_TIME= 6*60*60*60*1000;private static final String TOKEN_SECRET="tokenqkj"; //密钥盐public String generateToken(String account){String token = null;try{Date expiresAt = new Date(System.currentTimeMillis() + EXPIRE_TIME);token = JWT.create().withIssuer("auth0").withClaim("account", account).withExpiresAt(expiresAt).sign(Algorithm.HMAC256(TOKEN_SECRET));}catch (Exception e){e.printStackTrace();}return token;}/*** 签名验证* @param token* @return*/public static boolean verify(String token){System.out.println("执行了token验证代码");System.out.println("获得Token为 :"+token);try {JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).withIssuer("auth0").build();DecodedJWT jwt = verifier.verify(token);System.out.println("认证通过:");System.out.println("issuer: " + jwt.getIssuer());System.out.println("account: " + jwt.getClaim("account").asString());System.out.println("过期时间: " + jwt.getExpiresAt());return true;} catch (Exception e){System.out.println("没通过");return false;}}
}