適用接口需授權token才能調用的場景
@Configuration public class WebMvcConfigurer extends WebMvcConfigurationSupport { //添加攔截器 @Override public void addInterceptors(InterceptorRegistry registry) { //接口簽名認證攔截器 registry.addInterceptor(new HandlerInterceptorAdapter() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Result result = new Result(); String token = request.getHeader("token"); //token 校驗 if (null == token) { result.setCode(ResultCode.UNAUTHORIZED).setMessage("請求 header 缺少 token"); responseResult(response, result); return false; } //TODO 進一步校驗 //endregion return true; } }).excludePathPatterns("/oauth/**"); } }
其中,excludePathPatterns 為不必校驗的路由,如 申請token接口
如果你用了 Swagger ui,會導致swagger頁面也被攔截,再排除
.excludePathPatterns("/oauth/**")
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");
這樣,swagger就能正常訪問了。但默認是不支持請求頭的,開發還是不方便,改配置如下
1 @Configuration 2 @EnableSwagger2 3 public class Swagger2Configurer { 4 5 @Bean 6 public Docket createRestApi(){ 7 ParameterBuilder ticketPar = new ParameterBuilder(); 8 List<Parameter> pars = new ArrayList<>(); 9 ticketPar.name("token").description("user ticket") 10 .modelRef(new ModelRef("string")).parameterType("header") 11 .required(false).build(); //header中的token參數非必填,傳空也可以 12 pars.add(ticketPar.build()); //根據每個方法名也知道當前方法在設置什么參數 13 14 return new Docket(DocumentationType.SWAGGER_2) 15 .apiInfo(apiInfo()) 16 .select() 17 .apis(RequestHandlerSelectors.basePackage("com.***.pub")) 18 .paths(PathSelectors.any()) 19 .build() 20 .globalOperationParameters(pars); 21 } 22 23 private ApiInfo apiInfo() { 24 return new ApiInfoBuilder() 25 .title("*********開放接口") 26 .version("1.0.0") 27 .build(); 28 } 29 }
如下圖
