拦截器处理Token

拦截器处理Token：

package cn.cnic.xiandao.commons.filter;

 

import cn.cnic.xiandao.util.ApplicationContextProvider;

import cn.cnic.xiandao.util.RedisUtil;

import org.springframework.web.method.HandlerMethod;

import org.springframework.web.servlet.HandlerInterceptor;

 

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.PrintWriter;

 

/**

* 拦截器处理token

*/

public class TokenInterceptor implements HandlerInterceptor {

 

private static RedisUtil redisUtil;

 

static{

redisUtil = ApplicationContextProvider.getBean(RedisUtil.class);

}

 

@Override

public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {

//前端在ajax请求前后都加了过滤器，在登录成功后将生成的token放redis，同时返回给前端，前端在每次请求的请求头中都带Authorization，也就是token值

跨域请求分简单请求和非简单请求，非简单请求每个请求都会请求俩次，第一次是option请求，称为预检请求，预检请求是不需要校验token的

String tokenHeader = httpServletRequest.getHeader("Authorization") == null ? "" : httpServletRequest.getHeader("Authorization");

// 如果不是映射到方法直接通过

if (!(object instanceof HandlerMethod)) {

return true;

}

if(tokenHeader == null || ("").equals(tokenHeader)){ //请求没有带token，重新登录

String json = "{\"code\":-1}";

returnJson(httpServletResponse,json);

return false;

}

if(redisUtil.hasKey(tokenHeader)==false){ //token已过期

String json = "{\"code\":-1}";

returnJson(httpServletResponse,json);

return false;

}

//用户会话时间延长30分钟

redisUtil.expire(tokenHeader, 30 * 60);

return true;

}

 

/**

* @param response

* @param json

* @throws Exception

* 虽然每个controller类上加了注解@CrossOrigin，但是加了拦截器后还是有跨域的 问题，所以这儿还得解决一下跨域问题

*/

private void returnJson(HttpServletResponse response, String json) throws Exception{

PrintWriter writer = null;

response.setCharacterEncoding("UTF-8");

response.setContentType("application/json; charset=utf-8");

response.setHeader("Access-Control-Allow-Origin", "*");

response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");

response.setHeader("Access-Control-Max-Age", "3600");

response.setHeader("Access-Control-Allow-Headers", "x-requested-with");

try {

writer = response.getWriter();

writer.print(json);

} catch (IOException e) {

 

} finally {

if (writer != null)

writer.close();

}

}

}

 

从上下文中获取bean

package cn.cnic.xiandao.util;

import org.springframework.beans.BeansException;

import org.springframework.context.ApplicationContext;

import org.springframework.context.ApplicationContextAware;

import org.springframework.stereotype.Component;

 

@Component

public class ApplicationContextProvider implements ApplicationContextAware {

 

private static ApplicationContext applicationContext;

 

@Override

public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {

this.applicationContext = applicationContext;

}

 

public static ApplicationContext getApplicationContext() {

return applicationContext;

}

public static Object getBean(String name) {

return applicationContext.getBean(name);

}

public static T getBean(Class tClass) {

return applicationContext.getBean(tClass);

}

}

如果内容对大家有所帮助，感谢鼓励！实现我小时候一人给我一块钱的美梦，哈哈！