SpringBoot中自定義攔截器詳解 (Token校驗與放行)
標簽(空格分隔): Springboot
首先是攔截類AuthInterceptor.java中的具體邏輯,主要是有繼承BaseInterceptor.java 類,而這個BaseInterceptor.java類繼承了HandlerInterceptorAdapter類,然后攔截類AuthInterceptor.java實現了其中的preHandle方法
以下是全部代碼
攔截器主要邏輯類——AuthInterceptor.java
package com.byted.store.aspect;
import com.byted.store.service.AuthAccessTokenService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.io.BaseEncoding;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.method.HandlerMethod;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
/**
* @program: parent
* @description: Auth
* @author: zhaobo.zeus
* @create: 2020-12-20 20:41
**/
@Slf4j
@Component
public class PreAuthInterceptor extends BaseInterceptor {
public static final String AUTHED_TOKEN = "authorized_token";
@Resource
private AuthAccessTokenService authAccessTokenService;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
if (!(handler instanceof HandlerMethod)) {
return true;
}
//放行邏輯
HandlerMethod method = (HandlerMethod) handler;
DisableAuth auth = method.getMethod().getAnnotation(DisableAuth.class);
if (isDisableAuth(auth)) {
return super.preHandle(request, response, handler);
}
//獲取token
List<String> Base64_token = decode(request.getHeader(HttpHeaders.AUTHORIZATION));
String bizOrOwner = Base64_token.get(0);
String token = Base64_token.get(1);
System.out.println(bizOrOwner);
if (StringUtils.isBlank(token)) {
setResponse(request, response, "400","Error: token is null");
return false;
}
// 3.查詢token是否正確
String biz = authAccessTokenService.getBizByTokenString(token);
if (biz == null) {
setResponse(request, response, "404","Error: token is invalid");
return false;
}
// 將userId寫入到request請求中
//request.setAttribute(Constants.REQUEST_ATTR_USER_ID, account.getId());
//request.setAttribute("UserToken", accessToken);
request.setAttribute("biz", biz);
return true;
}
private static boolean isDisableAuth(DisableAuth auth) {
return auth != null;
}
/**
* 獲取http請求頭部或者參數中的token值
*
* @param request
* http請求傳遞的值
* @return 返回token
*/
private String getAuthToken(HttpServletRequest request) {
String token = request.getHeader("accessToken");
if (token == null) {
token = request.getParameter("accessToken");
}
return token;
}
public static List<String> decode(String authString) {
List<String> strings = null;
if (StringUtils.isBlank(authString)) {
return null;
}
List<String> words = Splitter.on(" ").splitToList(authString);
if (words.size() != 2) {
return null;
}
switch (words.get(0)) {
case "Basic":
try {
String decoding = new String(BaseEncoding.base64().decode(words.get(1)), Charsets.UTF_8);
strings = Splitter.on(":").splitToList(decoding);
Preconditions.checkArgument(strings.size() == 2);
} catch (IllegalArgumentException e) {
throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED, "bad authorization");
}
return strings;
default:
throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED, "unsupported authorization");
}
}
@VisibleForTesting
public static String encode(String token) {
String encoding = Joiner.on(":").join("", token);
return Joiner.on(" ").join("Basic", BaseEncoding.base64().encode(encoding.getBytes()));
}
}
父類BaseInterceptor.java 這個類里面的代碼其實與token校驗關系不大
package com.byted.store.aspect;
import java.io.IOException;
import java.io.Writer;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.alibaba.fastjson.JSON;
/**
* @program: parent
* @description: BaseInterceptor
* @author: zhaobo.zeus
* @create: 2020-12-20 20:42
**/
@Slf4j
public abstract class BaseInterceptor extends HandlerInterceptorAdapter {
public void setResponse(HttpServletRequest request,
HttpServletResponse response, String messageKey,String message) {
response.setContentType("application/json;charset=UTF-8");
try (Writer writer = response.getWriter()) {
Map<String, Object> resultMap = new HashMap<>();
resultMap.put("code", messageKey);
resultMap.put("message", message);
logger(request, resultMap);
JSON.writeJSONString(writer, resultMap);
writer.flush();
} catch (IOException e) {
log.error("response 設置操作異常:" + e);
}
}
public void setResponse(HttpServletRequest request,
HttpServletResponse response, String messageKey) {
setResponse(request,response,messageKey,"OK");
}
/**
* 記錄日志
*/
private void logger(HttpServletRequest request, Map<String, Object> resultMap) {
StringBuffer msg = new StringBuffer();
msg.append("異常攔截日志:");
msg.append("[uri:").append(request.getRequestURI()).append("]");
Enumeration<String> enumer = request.getParameterNames();
while (enumer.hasMoreElements()) {
String name = enumer.nextElement();
String[] values = request.getParameterValues(name);
msg.append("[").append(name).append("=");
if (values != null) {
int i = 0;
for (String value : values) {
i++;
msg.append(value);
if (i < values.length) {
msg.append("|");
}
}
}
msg.append("]");
}
msg.append(JSON.toJSONString(resultMap));
log.warn(msg.toString());
}
}
回到攔截器邏輯類中會發現我重寫了preHandle方法
原文鏈接 : https://blog.csdn.net/azhegps/article/details/99342891
這樣我們所有的請求都會經過攔截器的邏輯,如果請求不符合邏輯就會被攔截到,並不會執行到方法內部。
有的接口需要token校驗,有的並不需要,所以還要一個放行的邏輯。
可以直接用自定義注解來實現
自定義注解@DisableAuth 代碼
package com.byted.store.aspect;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* @program: parent
* @description: 非鑒權注解,Controller使用此注解,過濾器將不攔截
* @author: zhaobo.zeus
* @create: 2020-12-20 20:44
**/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Documented
@Inherited
public @interface DisableAuth {
}
在需要放行的方法上加上自定義注解@DisableAuth