前言
Java中的拦截器提供了一种可以使开发者在一个Action执行的前后执行一段代码的机制,这里我们用拦截器来承接上一篇文章SpringBoot - 集成Auth0 JWT,在拦截器中进行JWT Token验证。
具体实现
拦截器的实现
- 拦截器
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Description 权限拦截器
* interceptor在SpringBoot中的实现,两种方式:
* implements HandlerInterceptor
* extends HandlerInterceptorAdapter
* @author coisini
* @date Aug 19, 2021
* @Version 1.0
*/
public class PermissionInterceptor implements HandlerInterceptor {
public PermissionInterceptor() {
super();
}
/**
* 请求前
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 获取Token
String bearerToken = request.getHeader("Authorization");
if (StringUtils.isEmpty(bearerToken)) {
throw new UnPermissionException(401);
}
// Bearer
if (!bearerToken.startsWith("Bearer")) {
throw new UnPermissionException(401);
}
String[] tokens = bearerToken.split(" ");
if (tokens.length != 2) {
throw new UnPermissionException(401);
}
String jwtToken = tokens[1];
if (!JwtUtil.verifyToken(jwtToken)) {
throw new UnPermissionException(401);
}
return true;
}
/**
* 请求后
* @param request
* @param response
* @param handler
* @param modelAndView
* @throws Exception
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
/**
* 完成后回调
* @param request
* @param response
* @param handler
* @param ex
* @throws Exception
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
- 拦截器注册
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* @Description 拦截器注册
* @author coisini
* @date Aug 19, 2021
* @Version 1.0
*/
@Configuration
public class InterceptorConfiguration implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new PermissionInterceptor());
}
}
测试
- 测试用例
@RestController
@RequestMapping("/test")
public class TestController {
@GetMapping(value = "/test")
public String test(){
return "Test";
}
}
- 测试结果