本文參考: https://blog.csdn.net/csdn_x_w/article/details/108027940
我發現走的都是OPTIONS協議,然后JWT 卻把OPTIONS攔截了,於是參考上文
放行了OPTION請求
攔截器
package com.pipihao.piyu.interceptor;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.pipihao.piyu.utils.JWTUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.SignatureException;
import java.util.HashMap;
import java.util.Map;
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if(request.getMethod().toUpperCase().equals("OPTIONS")){
return true; // 通過所有OPTION請求
}else{
Map<String,Object> map = new HashMap<>();
// 獲取請求令牌
String token = request.getHeader("token");
try{
JWTUtils.verifyToken(token); // 驗證令牌
return true;
}catch (SignatureVerificationException e){
e.printStackTrace();
map.put("msg","簽名無效");
}catch (TokenExpiredException e){
e.printStackTrace();
map.put("msg","token過期");
}catch(AlgorithmMismatchException e){
e.printStackTrace();
map.put("msg","token算法不一致");
}catch (Exception e){
e.printStackTrace();
map.put("msg","token無效");
}finally {
/*如果進入到 finally內,則必然是報錯了*/
// 將Map轉換成Json
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json);
return false;
}
}
}
}
MVC配置
package com.pipihao.piyu.config;
import com.pipihao.piyu.interceptor.JWTInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
/**
* 解決跨域
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowCredentials(true)
.allowedMethods("GET", "POST", "DELETE", "PUT")
.maxAge(3600);
}
/**
* 攔截器
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JWTInterceptor())
.addPathPatterns("/**") //攔截的接口,(理論上是所有的都攔截了)
.excludePathPatterns(
"/login",
"/user/register",
"/file/upload",
"/class/all" //所有分類
); // 不攔截的鏈接前端得加上“/”
}
}
這個文章這樣做不太聰明,https://www.cnblogs.com/pipihao/p/14336510.html
反省
對於跨域沒有一個清楚的認識,對於 OPTIONS 協議的玩法模糊。
不熟悉攔截器原理,不熟悉Servlet原理。(很少看過API)
通過此文 https://www.cnblogs.com/heioray/p/9392533.html
認識了OPTIONS 感覺該作者