業務邏輯,經過filter讀取請求的request,獲取token,並將token傳遞後面流程使用json
BodyReaderHttpServletRequestWrapper:app
public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper { private final byte[] body; public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) throws IOException { super(request); body = HttpHelper.getBodyString(request).getBytes(Charset.forName("UTF-8")); } @Override public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(getInputStream())); } @Override public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body); return new ServletInputStream() { @Override public int read() throws IOException { return byteArrayInputStream.read(); } @Override public boolean isFinished() { return false; } @Override public boolean isReady() { return false; } @Override public void setReadListener(ReadListener readListener) { } }; } }
RepeatReadFilter:ide
/** * 封裝HttpServletRequest爲可重複讀取請求 **/ public class RepeatReadFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; // 防止流讀取一次後就沒有了, 因此須要將流繼續寫出去 ServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(httpServletRequest); //獲取用戶憑證 String token = httpServletRequest.getHeader(Constants.USER_TOKEN); if(StringUtils.isBlank(token)){ token = httpServletRequest.getParameter(Constants.USER_TOKEN); } //=================獲取json格式的token字段========================= String body = HttpHelper.getBodyString(requestWrapper); if (StringUtils.isNotBlank(body)) { JSONObject jsonObject = JSONObject.parseObject(body); Object obj = jsonObject.get("token"); if (null != obj) { token = obj.toString(); } } requestWrapper.setAttribute(Constants.USER_TOKEN,token); chain.doFilter(requestWrapper, response); } @Override public void destroy() { } }
FilterConfig:ui
@Configuration public class FilterConfig { @Bean public FilterRegistrationBean registFilter() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(new RepeatReadFilter()); registration.addUrlPatterns("/app/*"); registration.setName("UrlFilter"); registration.setOrder(1); return registration; } }
AuthorizationInterceptor:spa
@Component public class AuthorizationInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { AuthIgnore annotation; if(handler instanceof HandlerMethod) { annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthIgnore.class); }else{ return true; } //若是有@AuthIgnore註解,則不驗證token if(annotation != null){ return true; } //獲取用戶憑證 String token = request.getHeader(Constants.USER_TOKEN); if(StringUtils.isBlank(token)){ token = request.getParameter(Constants.USER_TOKEN); } if(StringUtils.isBlank(token)){ Object obj = request.getAttribute(Constants.USER_TOKEN); if(null!=obj){ token=obj.toString(); } } //token憑證爲空 if(StringUtils.isBlank(token)){ throw new AuthException(Constants.USER_TOKEN + "不能爲空", HttpStatus.UNAUTHORIZED.value()); } return true; } }
WebMvcConfig:.net
@Configuration public class WebMvcConfig extends WebMvcConfigurerAdapter { @Autowired private AuthorizationInterceptor authorizationInterceptor; // @Autowired // private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authorizationInterceptor).addPathPatterns("/**"); super.addInterceptors(registry); } @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) { //argumentResolvers.add(loginUserHandlerMethodArgumentResolver); } @Override public void configureMessageConverters(List<HttpMessageConverter<?>> converters) { super.configureMessageConverters(converters); } @Override public void extendMessageConverters(List<HttpMessageConverter<?>> converters) { } }
在filter中讀取token,在interceptor中進行讀取判斷使用code
HttpHelper:blog
public class HttpHelper { /** * 獲取請求Body * * @param request * @return */ public static String getBodyString(ServletRequest request) { StringBuilder sb = new StringBuilder(); InputStream inputStream = null; BufferedReader reader = null; try { inputStream = request.getInputStream(); reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8"))); String line = ""; while ((line = reader.readLine()) != null) { sb.append(line); } } catch (IOException e) { e.printStackTrace(); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException e) { e.printStackTrace(); } } if (reader != null) { try { reader.close(); } catch (IOException e) { e.printStackTrace(); } } } return sb.toString(); } }
https://blog.csdn.net/beflyabot/article/details/78053130token