javaweb实现拦截器拦截token

javaweb实现拦截器,拦截所有路径,获取token并验证token是否有效(同一认证接口),返回token解析数据。

在web.xml文件里加入监听类

    
        tokenFilter
        com.xxx.xxx.xxx.xxx.common.intercept._setAuth
    
    
        tokenFilter
        /*
        REQUEST
    

监听方法:

public class _setAuth implements Filter
{

    @Override
    public void init(FilterConfig filterConfig) throws ServletException
    {
        System.out.println(" init {"+getClass().getName()+"} but actually do nothing.");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException

    {
        System.out.println("doFilter start ...");
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        String token = httpServletRequest.getHeader("token");
        System.out.println("token is : "+token);
        System.out.println("session is :::" + JSONObject.fromObject(httpServletRequest.getSession()));
        if (StringUtils.isBlank(token))
        {
            System.out.println("访问失败:token参数错误!");
            httpServletResponse.sendRedirect("err.jsp");
        }
        else
        {
            String url = "http://xxx/xxx/xxxx/xxxxx";
            String requestStr = "{\"token\":\""+token+"\"}";
            String responseStr = sendPost(url,requestStr);
            httpServletRequest.getSession().setAttribute("tokenResponse", responseStr);
            if(org.apache.commons.lang3.StringUtils.isNotBlank(responseStr)&&responseStr.contains("\"success\": true")){
                System.out.println("token验证成功:请求跳转!");
                chain.doFilter(httpServletRequest, response);
            }else{
                System.out.println("访问失败:token验证失败!");
                httpServletResponse.sendRedirect("err.jsp");
            }
        }

    }

    @Override
    public void destroy()
    {
        System.out.println(" destroy "+ getClass().getName() +" but actually do nothing.");
    }


    /**
     * 发送请求方法
     * */
    public static String sendPost(String url,String request){
        String responseStr = "";
        URL postURL = null;
        HttpURLConnection httpUrl = null;
        try {
            postURL = new URL(url);
            httpUrl = (HttpURLConnection) postURL.openConnection();
            httpUrl.setDoInput(true);
            httpUrl.setDoOutput(true);
            httpUrl.setUseCaches(false);
            httpUrl.setRequestProperty("Content-Type", "application/json;chartset=UTF-8");
            httpUrl.setRequestProperty("Cache-Control", "");
            httpUrl.setRequestProperty("User-Agent", "");
            httpUrl.setRequestProperty("Accept", "");
            httpUrl.setRequestProperty("Pragma", "");
            httpUrl.setRequestMethod("POST");
            OutputStreamWriter owwriter = new OutputStreamWriter(httpUrl.getOutputStream(),"utf-8");
            owwriter.append(request);
            owwriter.flush();
            owwriter.close();
            if (httpUrl.getResponseCode() == 200) {
                //访问成功,这里获取返回的json串并且转为实体类。具体实体类看返回什么自己去定义
                InputStream inputStr = httpUrl.getInputStream();
                byte[] b = new byte[inputStr.available()];
                inputStr.read(b);
                responseStr = new String(b);
//                JSONObject jsonObject=JSONObject.fromObject(responseStr.replaceAll("\\\\",""));
                //(实体类名) bean = (efftiveBean)JSONObject.toBean(jsonObject, 实体类名.class);
                inputStr.close();
            } else {
                System.out.println("调用服务返回码为"+httpUrl.getResponseCode());
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println(e);
        }
        return responseStr;

    }

}

你可能感兴趣的:(javaweb实现拦截器拦截token)