Jfinal结合redis实现JWT拦截器的token安全验证

拦截器:


public class AuthTokenInterceptor implements Interceptor {
    private final String ACCESS_TOKEN = "token";

    @Override
    public void intercept(Invocation inv) {
        Controller controller = inv.getController();
        String token = controller.getRequest().getHeader(ACCESS_TOKEN);
        if (StringUtils.isEmpty(token)) {
            controller.renderJson(Ret.create("code", 401).set("msg", "token不能为空"));
            return;
        }
        Cache bbs = Redis.use();
        User user = bbs.get(ACCESS_TOKEN + JwtUtils.getAppUID(token));
        if (user == null) {
            controller.renderJson(Ret.create("code", 401).set("msg", "未登录"));
            return;
        } else {
            controller.setAttr("user", user);
        }
        inv.invoke();
    }
}

需要拦截的方法 

@Before(AuthTokenInterceptor.class)
    public void index() {
        User user = getAttr("user");
         System.out.println(user)
        renderJson();
    }

 

你可能感兴趣的:(项目,框架,java)