Springboot使用拦截器进行token的登录验证

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
@WebFilter(urlPatterns = { "/*" }, filterName = "tokenAuthorFilter")
public class TokenAuthorFilter implements Filter {

    private static Logger logger = LoggerFactory.getLogger(TokenAuthorFilter.class);

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        
        String token = req.getHeader("token");
        logger.info("token:{}", token);
        if (null == token || token.isEmpty()) {
            throw new ServletException("用户授权认证没有通过!客户端请求参数中无token信息");
        } else {
            if (this.volidateToken(token)) {
            	//通过校验
            	logger.info("token过滤ok!");
                chain.doFilter(request, response);
            } else {
            	throw new ServletException("用户授权认证没有通过!客户端请求参数token信息无效");
            }
        }
        
	}
	public boolean volidateToken(String token) {
		//对token内包含的用户名以及密码进行校验
		if(true) {
			return true;
		}
		return false;
	}
	@Override
	public void destroy() {}
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {}
}

你可能感兴趣的:(工作问题)