A企業和B企業要進行合作時,A要開放api接口給B調用,這時候A可以采用基於accessToken的方式實現開放api接口
數據庫表設計
B調用方式
B企業調用接口前先獲取accessToken
http://localhost:8080/auth/getAccessToken?appId=123456&appSecret=a1b2c3
然后調動真正的業務方法時攜帶accessToken
http://localhost:8080/openApi/getUser?accessToken=ac18deb132684f6c8cb2c01bd85f86aa
A企業具體實現
A企業設置accessToken過期時間為2小時,並且啟動一個job定時刷新
A企業在攔截器里攔截所有的開放api接口,驗證accessToken是否存在,是否過期,如果accessTokne存在並且沒有過期就可以繼續執行業務方法
@Component public class AccessTokenInterceptor extends BaseApiService implements HandlerInterceptor { @Autowired private BaseRedisService baseRedisService; public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception { System.out.println("---------------------開始進入請求地址攔截----------------------------"); String accessToken = httpServletRequest.getParameter("accessToken"); // 判斷accessToken是否空 if (StringUtils.isEmpty(accessToken)) { // 參數Token accessToken resultError(" this is parameter accessToken null ", httpServletResponse); return false; } String appId = (String) baseRedisService.getString(accessToken); if (StringUtils.isEmpty(appId)) { // accessToken 已經失效! resultError(" this is accessToken Invalid ", httpServletResponse); return false; } // 正常執行業務邏輯... return true; } public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { System.out.println("--------------處理請求完成后視圖渲染之前的處理操作---------------"); } public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { System.out.println("---------------視圖渲染之后的操作-------------------------0"); } // 返回錯誤提示 public void resultError(String errorMsg, HttpServletResponse httpServletResponse) throws IOException { PrintWriter printWriter = httpServletResponse.getWriter(); printWriter.write(new JSONObject().toJSONString(setResultError(errorMsg))); } }
項目結構:
github下載地址:https://github.com/jake1263/openApi