注解方式filter过滤器进行header 简单安全验证以及放过静态资源

起因:项目前台代码和后台代码未分离,临时设置一个简单的安全验证,需要对静态资源进行过滤。


import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;

import com.alibaba.druid.util.StringUtils;

@WebFilter(filterName = "loginFilter", value = "/*")
@Component
public class LoginFilter implements Filter {
    private static final String NAME = "x'x'x";  //header名称
    private static final String ERROR = "x'x'x x'x'x";  //错误返回
    private static final String VALUE = "x'x'x"; //header值

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String uri = request.getRequestURI();//取到你访问的资源
        String loginToken = request.getHeader(NAME); //获取到对应名称header 的值
        if (uri.equals("/")) {  //静态资源默认访问路径在/下,所以放过
            filterChain.doFilter(servletRequest, servletResponse);
        }
        if (isStaticResource(uri)) {  //判断是否是静态资源
            filterChain.doFilter(servletRequest, servletResponse);
        }
        if (StringUtils.isEmpty(loginToken)) {  //验证token有没有
            response.sendError(404, ERROR);
            return;
        }
        if (!VALUE.equals(loginToken)) { //验证token是否正确
            response.sendError(404, ERROR);
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);  //放过
    }

    @Override
    public void destroy() {

    }

    private Set staticResourceTypes = new HashSet();

    {
        staticResourceTypes.add(".html");
        staticResourceTypes.add(".css");
        staticResourceTypes.add(".js");
        staticResourceTypes.add(".png");
        staticResourceTypes.add(".jpg");
        staticResourceTypes.add(".otf");
        staticResourceTypes.add(".eot");
        staticResourceTypes.add(".svg");
        staticResourceTypes.add(".ttf");
        staticResourceTypes.add(".woff");
        staticResourceTypes.add(".gif");
        staticResourceTypes.add(".ico");
        staticResourceTypes.add(".txt");
        staticResourceTypes.add(".gzip");
        staticResourceTypes.add(".xz");
        staticResourceTypes.add(".tar.gz");
        staticResourceTypes.add(".tar.bz2");
        staticResourceTypes.add(".jar");
        staticResourceTypes.add(".war");
        staticResourceTypes.add(".7z");
        staticResourceTypes.add(".tgz");
        staticResourceTypes.add(".gz");
        staticResourceTypes.add(".map");

    }

    public final boolean isStaticResource(String url) {

        boolean result = false;
        if (org.apache.commons.lang3.StringUtils.isBlank(url)) {
            return result;
        }
        int start = url.lastIndexOf(".");
        if (start < 0) {
            return result;
        }
        String prex = url.substring(start, url.length());
        return staticResourceTypes.contains(prex);
    }
}

你可能感兴趣的:(注解方式filter过滤器进行header 简单安全验证以及放过静态资源)