SpringBoot 实现token登录验证
具体步骤:
1.登陆拦截器继承HandlerInterception接口,拦截Http请求
2.重写preHandler方法,返回类型为布尔型,true代表放行,false代表不放行,获取Http请求的请求头,验证token是否存在、有效,如果有效则将token放入线程本地变量保管
3.重写afterCompletion方法 清除线程本地变量里的token
4.实现,重写addHandlerInterception方法,将登录拦截器注册到web mvc配置中,指明拦截的URL
实现拦截器
package com.imooc.passbook.passbook.handler;
import com.imooc.passbook.passbook.constant.LoginConstant;
import com.imooc.passbook.passbook.utils.token.TokenUtil;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 登陆拦截器
* 配置拦截器的内容在:com.imooc.passbook.passbook.config.WebLoginConfig 中
* */
@Component
public class LoginHandle extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (request.getServletPath().matches(LoginConstant.NO_FILTER_PATH)) {
//开放地址 不与拦截
return true;
}
if (!StringUtils.isEmpty(request.getHeader(LoginConstant.TOKEN_HEADER))) {
String token = request.getHeader(LoginConstant.TOKEN_HEADER);
//将 token 放入线程本地变量
boolean isExpire=false;
//todo 验证用户token 是否有效
if(isExpire){
TokenUtil.removeToken();
response.setStatus(LoginConstant.TOKEN_NOT_FOUND_STATUS);
throw new RuntimeException("用户身份已过期");
}
TokenUtil.setToken(token);
System.out.println(TokenUtil.getToken()+" ===== already login");
return true;
} else {
response.setStatus(LoginConstant.TOKEN_NOT_FOUND_STATUS);
throw new RuntimeException("用户token 缺失");
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
super.afterCompletion(request, response, handler, ex);
//清除token信息
TokenUtil.removeToken();
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
super.afterConcurrentHandlingStarted(request, response, handler);
}
}
配置拦截器
package com.imooc.passbook.passbook.config;
import com.imooc.passbook.passbook.handler.LoginHandle;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebLoginConfig implements WebMvcConfigurer
{
@Autowired
public LoginHandle loginHandle;
// @Bean
// public LoginHandle getLoginHandler(){
// return new LoginHandle();
// }
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginHandle).addPathPatterns("/**/**");
}
}