在過濾器中驗證接口中的Token

1、web.xml

在web.xml中增長如下代碼

<!--統一驗證token值是否有效-->
<filter> 
    <filter-name>TokenFilter</filter-name>     //過濾器名稱
    <filter-class>com.seven.mp.contentmng.utils.TokenFilter</filter-class>   //實現類路徑
</filter>
<filter-mapping>
    <filter-name>TokenFilter</filter-name>    
    <url-pattern>/conference/*</url-pattern>    //目錄前綴
</filter-mapping>

2、TokenFilter 實現類
1. 過濾器必須實現Filter 接口 ，   即TokenFilter implements Filter

2.代碼部分

package com.seven.mp.contentmng.utils;import com.alibaba.fastjson.JSONObject;import org.apache.commons.lang3.StringUtils;import org.springframework.context.ApplicationContext;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.core.ValueOperations;import org.springframework.util.ObjectUtils;import org.springframework.web.context.support.WebApplicationContextUtils;import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import java.io.*;/** * Created by ZhouMing on 2017/11/28. */public class TokenFilter implements Filter {    private RedisTemplate redisTemplate;    @Override    public void init(FilterConfig filterConfig) throws ServletException {        ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());        redisTemplate = (RedisTemplate) context.getBean("redisTemplate");    }    @Override    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        HttpServletRequest httpServletRequest = (HttpServletRequest) request;        String servletPath = httpServletRequest.getServletPath();        //登陸、登出接口直接放行        if ("/auth/login".equalsIgnoreCase(servletPath)                || "/auth/logout".equalsIgnoreCase(servletPath)                || "/index".equalsIgnoreCase(servletPath)                || "/index.html".equalsIgnoreCase(servletPath)                || "/conference/entries/import_members".equalsIgnoreCase(servletPath)                || "/conference/entries/import_dinner_members".equalsIgnoreCase(servletPath)                || "/conference/picture/upload_file".equalsIgnoreCase(servletPath)                || "/conference/mode/importFile".equalsIgnoreCase(servletPath)                || "/conference/picture/upload".equalsIgnoreCase(servletPath)                || "/conference/attendees/namelist/importList".equalsIgnoreCase(servletPath)                || "/conference/app/attend/member/message".equalsIgnoreCase(servletPath)                || "/conference/app/attend/member/list".equalsIgnoreCase(servletPath)                || "/conference/app/attend/group/list".equalsIgnoreCase(servletPath)                || "/conference/app/discipline/list".equalsIgnoreCase(servletPath)                || "/conference/app/conferenceAgenda/list".equalsIgnoreCase(servletPath)                || "/conference/app/logistics/list".equalsIgnoreCase(servletPath)                || "/conference/app/meetActivity/getInfo".equalsIgnoreCase(servletPath)) {            chain.doFilter(request, response);            return;        }        //get方法直接放行        if ("get".equalsIgnoreCase(httpServletRequest.getMethod())) {            chain.doFilter(request, response);            return;        }        //解析post的json參數        String body = getBody(httpServletRequest);        JSONObject jsonObject = JSONObject.parseObject(body);        if (ObjectUtils.isEmpty(jsonObject)                || ObjectUtils.isEmpty(jsonObject.get("accessToken"))) {            PrintWriter out = response.getWriter();            JSONObject json = new JSONObject();            json.put("code", ResponseCode.PARAM_FAIL.code());            json.put("msg", "accessToken爲空");            out.write(json.toString());            out.flush();        } else {            //2.判斷是否過時            String accessToken = (String) jsonObject.get("accessToken");            ValueOperations<String, String> valueOperations = redisTemplate.opsForValue();            String userStr = valueOperations.get("MEETING_" + accessToken);            if (StringUtils.isEmpty(userStr)) {                PrintWriter out = response.getWriter();                JSONObject json = new JSONObject();                json.put("code", ResponseCode.TOKEN_PASS.code());                json.put("msg", ResponseCode.TOKEN_PASS.msg());                out.write(json.toString());                out.flush();            } else {                //使用解析數據從新生成ServletRequest，供doChain調用                request = getRequest(request, body);                chain.doFilter(request, response);            }        }            }    @Override    public void destroy() {    }    /**     * 解析post的json參數     *     * @param request     * @return     * @throws IOException     */    private String getBody(HttpServletRequest request) throws IOException {        String body = null;        StringBuilder stringBuilder = new StringBuilder();        BufferedReader bufferedReader = null;        try {            InputStream inputStream = request.getInputStream();            if (inputStream != null) {                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));                char[] charBuffer = new char[128];                int bytesRead = -1;                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {                    stringBuilder.append(charBuffer, 0, bytesRead);                }            } else {                stringBuilder.append("");            }        } catch (IOException ex) {            throw ex;        } finally {            if (null != bufferedReader) {                bufferedReader.close();            }        }        body = stringBuilder.toString();        return body;    }    /**     * 將post解析事後的request進行封裝改寫     *     * @param request     * @param body     * @return     */    private ServletRequest getRequest(ServletRequest request, String body) {        String enctype = request.getContentType();        if (StringUtils.isNotEmpty(enctype) && enctype.contains("application/json")) {            return new PostServletRequest((HttpServletRequest) request, body);        }        return request;    }}