拦截器(只需添上@IgnoreSecurity注解即可不验证tocken)

package com.amigo.companion.provider.user.interceptor;

import java.lang.reflect.Method;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.amigo.companion.common.base.security.LocalUser;
import com.amigo.companion.common.core.response.StatusCode;
import com.amigo.companion.common.core.security.IgnoreSecurity;
import com.amigo.companion.provider.user.exception.TokenException;
import com.amigo.companion.provider.user.service.TokenManagerService;


/**
 * token拦截器
 * 
 * @author amigo
 *
 */
@Component
public class TokenInterceptor extends HandlerInterceptorAdapter {

	private static final Logger logger = LoggerFactory.getLogger(TokenInterceptor.class);

	@Resource
	private TokenManagerService tokenManagerService;

	@Override
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
			throws Exception {
		LocalUser.removeUser();
		super.afterCompletion(request, response, handler, ex);
		// logger.info("请求结束!请求线程名:" + Thread.currentThread().getId() + ",请求路径:" +
		// request.getRequestURI());
	}

	@Override
	public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		super.afterConcurrentHandlingStarted(request, response, handler);
	}

	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
		super.postHandle(request, response, handler, modelAndView);
	}
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		if (!(handler instanceof HandlerMethod)) {
			return true;
		}
		HandlerMethod handlerMethod = (HandlerMethod) handler;
		Method method = handlerMethod.getMethod();
		

		String token = request.getHeader("ACCESS_TOKEN");
		if (StringUtils.isEmpty(token)) {
			token = request.getParameter("access_token");
		}
		logger.info("Token:{},请求路径{}", token, request.getRequestURI());
		if (method.isAnnotationPresent(IgnoreSecurity.class)) {
			if (StringUtils.isNotEmpty(token)) {
				tokenManagerService.checkToken(token);
			}
			return true;
		}
		if (StringUtils.isEmpty(token)) {
			logger.info("必须要传token的接口,Token:{},请求路径{}", token, request.getRequestURI());
			throw new TokenException(StatusCode.UNAUTHORIZED);
		}
		// 检查 token 有效性
		if (!tokenManagerService.checkToken(token)) {
			logger.error("Token:{},请求路径{},checkToken返回false", token, request.getRequestURI());
			throw new TokenException(StatusCode.UNAUTHORIZED);
		}
		return true;
	}

}
package com.amigo.companion.common.core.security;

import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import java.lang.annotation.ElementType;
import java.lang.annotation.RetentionPolicy;
/**
 * 忽略安全性检查
 * @author amigo
 *
 */
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnoreSecurity {

}
package com.amigo.companion.provider.user.service;

import com.amigo.companion.provider.user.entity.UserInfo;

/**
 * token管理服务
 * @author amigo
 *
 */
public interface TokenManagerService {
	
	String createToken(UserInfo user);
	
	boolean checkToken(String token);

	void removeToken(String tokenOld);
	
}
package com.amigo.companion.provider.user.service.impl;

import java.util.concurrent.TimeUnit;


import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;

import com.amigo.companion.common.base.security.LocalUser;
import com.amigo.companion.common.param.redis.LocalUserId;
import com.amigo.companion.common.param.redis.LocalUserId.User;
import com.amigo.companion.common.param.redis.RedisKey;
import com.amigo.companion.common.util.StringUtils;
import com.amigo.companion.provider.user.common.RwRedisService;
import com.amigo.companion.provider.user.entity.UserInfo;
import com.amigo.companion.provider.user.service.TokenManagerService;



@Service
public class TokenManagerServiceImpl implements TokenManagerService {
	
	private static final Logger logger = LoggerFactory.getLogger(TokenManagerServiceImpl.class);
	
	@Autowired
	RwRedisService rwRedisService;
	
	@Autowired
	@Qualifier("writeRedisTemplate")
	RedisTemplate writeRedisTemplate;
	
	
	@Override
	public String createToken(UserInfo user) {
		LocalUserId info = new LocalUserId();		
		String token = StringUtils.createUserToken();
		info.setUserId(user.getUserId());
		info.setToken(token);
		LocalUserId.User tokenUser = new User();
		tokenUser.setId(user.getUserId());
		info.setUser(tokenUser);
		rwRedisService.opsForValue().set(RedisKey.TOKEN + token, info, 2592000L, TimeUnit.SECONDS);
        return token;
	}

	@Override
	public boolean checkToken(String token) {
		if(StringUtils.isBlank(token)) {
			return false;
		}
		if(!rwRedisService.hasKey(RedisKey.TOKEN + token)) {
			logger.info("token:{}在redis中不存在",token);
			return false;
		}else {		
			logger.info("token:{}在redis中存在",RedisKey.TOKEN + token);
			rwRedisService.expire(token, 2592000L);
			LocalUserId user = (LocalUserId) rwRedisService.getThroughWrite(RedisKey.TOKEN + token);
			LocalUser.setUser(user);
		}
		return true;
	}

	@Override
	public void removeToken(String tokenOld) {
		writeRedisTemplate.delete(RedisKey.TOKEN + tokenOld);
	}

}

 

你可能感兴趣的:(java菜鸟苦逼前进史)