SpringBoot中自定义拦截器详解 (Token校验与放行)

首先是拦截类AuthInterceptor.java中的具体逻辑，主要是有继承BaseInterceptor.java 类，而这个BaseInterceptor.java类继承了HandlerInterceptorAdapter类，然后拦截类AuthInterceptor.java实现了其中的preHandle方法

以下是全部代码

拦截器主要逻辑类——AuthInterceptor.java

package com.magnet.movie.rest.interceptor;

import com.alibaba.dubbo.config.annotation.Reference;
import com.magnet.movie.common.entity.User;
import com.magnet.movie.common.vo.MessageKey;
import com.magnet.movie.data.api.UserService;
import com.magnet.movie.rest.annotation.DisableAuth;
import com.magnet.movie.rest.utils.Constants;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Slf4j
@Component
public class AuthInterceptor extends BaseInterceptor {

    @Reference
    private UserService userService;
    
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {

        if (!(handler instanceof HandlerMethod)) {
            return true;
        }
        //放行逻辑
        HandlerMethod method = (HandlerMethod) handler;
        DisableAuth auth = method.getMethod().getAnnotation(DisableAuth.class);
        if (isDisableAuth(auth)) {
            return super.preHandle(request, response, handler);
        }
        //获取token
        String accessToken = getAuthToken(request);
        if (StringUtils.isBlank(accessToken)) {
            setResponse(request, response, MessageKey.ACCESS_TOKEN_IS_NULL_CODE,"Error: token is null");
            return false;
        }
        
         // 3.查询token是否正确
        User account = userService.findAccessTokenIsValid(accessToken);
        if (account == null) {
            setResponse(request, response, MessageKey.ACCESS_TOKEN_IS_INVALID_CODE,"Error: token is invalid");
            return false;
        }

        // 将userId写入到request请求中
        request.setAttribute(Constants.REQUEST_ATTR_USER_ID, account.getId());
        request.setAttribute("UserToken", accessToken);
        request.setAttribute("UserId", account.getId());

        return true;
    }

    private static boolean isDisableAuth(DisableAuth auth) {
        return auth != null;
    }

    /**
     * 获取http请求头部或者参数中的token值
     * 
     * @param request
     *            http请求传递的值
     * @return 返回token
     */
    private String getAuthToken(HttpServletRequest request) {
        String token = request.getHeader("accessToken");

        if (token == null) {
            token = request.getParameter("accessToken");
        }
        return token;
    }
}

父类BaseInterceptor.java 这个类里面的代码其实与我要做的token校验关系不大

package com.magnet.movie.rest.interceptor;

import java.io.IOException;
import java.io.Writer;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import lombok.extern.slf4j.Slf4j;

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.alibaba.fastjson.JSON;

@Slf4j
public abstract class BaseInterceptor extends HandlerInterceptorAdapter {


    public void setResponse(HttpServletRequest request,
                            HttpServletResponse response, String messageKey,String message) {

        response.setContentType("application/json;charset=UTF-8");
        try (Writer writer = response.getWriter()) {
            Map resultMap = new HashMap<>();
            resultMap.put("code", messageKey);
            resultMap.put("message", message);

            logger(request, resultMap);
            JSON.writeJSONString(writer, resultMap);
            writer.flush();
        } catch (IOException e) {
            log.error("respose 设置操作异常：" + e);
        }
    }

    public void setResponse(HttpServletRequest request,
            HttpServletResponse response, String messageKey) {
        setResponse(request,response,messageKey,"OK");

    }


    /**
     * 记录日志
     */
    private void logger(HttpServletRequest request, Map resultMap) {
        StringBuffer msg = new StringBuffer();
        msg.append("异常拦截日志:");
        msg.append("[uri:").append(request.getRequestURI()).append("]");
        Enumeration enumer = request.getParameterNames();
        while (enumer.hasMoreElements()) {
            String name = enumer.nextElement();
            String[] values = request.getParameterValues(name);
            msg.append("[").append(name).append("=");
            if (values != null) {
                int i = 0;
                for (String value : values) {
                    i++;
                    msg.append(value);
                    if (i < values.length) {
                        msg.append("｜");
                    }
                }
            }
            msg.append("]");
        }
        msg.append(JSON.toJSONString(resultMap));

        log.warn(msg.toString());
    }
}

回到拦截器逻辑类中会发现我重写了preHandle方法

重写方法

这个方法的作用：
原文链接 ： https://blog.csdn.net/azhegps/article/details/99342891

适配器HandlerInterceptorAdapter的作用

这样我们所有的请求都会经过拦截器的逻辑，如果请求不符合逻辑就会被拦截到，并不会执行到方法内部。

有的接口需要token校验，有的并不需要，所以还要一个放行的逻辑。
可以直接用自定义注解来实现

自定义注解@DisableAuth 代码

package com.magnet.movie.rest.annotation;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 非鉴权注解，Controller使用此注解，过滤器将不拦截
 * @author hudahua
 *
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Documented
@Inherited
public @interface DisableAuth {

}

上面四个注解就是java的四大元注解，具体的用法如下（出自百度）：
原文链接 ： https://blog.csdn.net/qq_26125865/article/details/82881481

元注解作用

在需要放行的方法上加上自定义注解@DisableAuth

用法

拦截类AuthInterceptor.java中的放行逻辑