SpringBoot 过滤器和拦截器(三十八)
我喜欢你,可是你却并不知道.
上一章简单介绍了SpringBoot参数验证(三十七) ,如果没有看过,请观看上一章
关于过滤器和拦截器已经讲很多了, 这里老蝴蝶只说一下 SpringBoot 的用法。
可以看之前的文章:
https://blog.csdn.net/yjltx1234csdn/article/details/100667082
https://blog.csdn.net/yjltx1234csdn/article/details/105484464
一.过滤器
一.一 过滤器实现 Filter 接口
@Slf4j
public class LogFilter implements Filter {@Overridepublic void init(FilterConfig filterConfig) throws ServletException {Filter.super.init(filterConfig);}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// 主体方法long start = System.currentTimeMillis();chain.doFilter(request, response);log.info("Execute cost= {}" ,(System.currentTimeMillis() - start));}@Overridepublic void destroy() {Filter.super.destroy();}
}
一.二 配置过滤器
@Configuration
public class WebFilterConfig {@Beanpublic FilterRegistrationBean registFilter() {FilterRegistrationBean registration = new FilterRegistrationBean();registration.setFilter(new LogFilter());registration.addUrlPatterns("/*");registration.setName("LogCostFilter");registration.setOrder(1);return registration;}}
一.三 过滤器代码
@GetMapping("/hello")public String hello() {try {TimeUnit.SECONDS.sleep(2);} catch (InterruptedException e) {e.printStackTrace();}return "你好啊,岳泽霖";}
2023-04-04 17:54:20.769 INFO 29068 --- [nio-8081-exec-4] top.yueshushu.learn.config.LogFilter : Execute cost= 2012
二. 拦截器
设置一个登录拦截器
用户对象
@Data
public class User {private static final long serialVersionUID = 1L;private Integer id;private String account;private String name;private String token;// ... 其他属性信息
}
二.一 @AuthToken 注解
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface AuthToken {}二.二 拦截器 AuthorizationInterceptor
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.configurationprocessor.json.JSONObject;
import org.springframework.http.MediaType;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import top.yueshushu.learn.annotation.AuthToken;
import top.yueshushu.learn.model.User;
import top.yueshushu.learn.util.ThreadLocalUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;@Slf4j
public class AuthorizationInterceptor implements HandlerInterceptor {private String httpHeaderName = "Authorization";public static final String X_REAL_IP = "x-real-ip";public static final String REQUEST_CURRENT_KEY = "REQUEST_CURRENT_KEY";@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {if (!(handler instanceof HandlerMethod)) {return true;}HandlerMethod handlerMethod = (HandlerMethod) handler;Method method = handlerMethod.getMethod();boolean isForAllTimeUser = false;if (method.getAnnotation(AuthToken.class) != null ||handlerMethod.getBeanType().getAnnotation(AuthToken.class) != null) {String token = request.getHeader(httpHeaderName);String ip = request.getHeader(X_REAL_IP);User loginUser = null;if (StringUtils.hasText(token)) {// 根据 token 获取用户 信息// 验证 token 是否 jwt 过期, 过期的话, isFalse}if (!StringUtils.hasText(token) || loginUser == null) {isFalse(request, response);return false;}String userDoAccount = loginUser.getAccount();ThreadLocalUtils.put("userDoAccount", userDoAccount);ThreadLocalUtils.put("ip", ip == null ? request.getRemoteAddr() : ip);ThreadLocalUtils.put("userName", loginUser.getAccount());ThreadLocalUtils.put("user", loginUser);ThreadLocalUtils.put("token", token);ThreadLocalUtils.put("userId", loginUser.getId());// 可以进行续命, 将时间延长.return true;}request.setAttribute(REQUEST_CURRENT_KEY, null);return true;}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {ThreadLocalUtils.release();}private void isFalse(HttpServletRequest httpServletRequest, HttpServletResponse response) {JSONObject jsonObject = new JSONObject();PrintWriter out = null;try {response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);response.setContentType(MediaType.APPLICATION_JSON_VALUE);response.setCharacterEncoding("utf-8");jsonObject.put("code", "10010001");jsonObject.put("message", "登录已过期,请重新登录");//添加其余的两个属性 success和 datajsonObject.put("data", "");jsonObject.put("success", false);out = response.getWriter();out.println(jsonObject);} catch (Exception e) {log.error("发生异常{}", e);} finally {if (out != null) {out.flush();out.close();}}}private void isUnValid(HttpServletRequest httpServletRequest, HttpServletResponse response) {JSONObject jsonObject = new JSONObject();PrintWriter out = null;try {response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);response.setContentType(MediaType.APPLICATION_JSON_VALUE);response.setCharacterEncoding("utf-8");jsonObject.put("code", "10010002");jsonObject.put("message", "您的账号已经在另一处登录了,您被迫下线!");//添加其余的两个属性 success和 data, 解决 PDA端无法翻译 退出的问题。 @zk_yjljsonObject.put("data", "");jsonObject.put("success", false);out = response.getWriter();out.println(jsonObject);} catch (Exception e) {log.error("发生异常", e);} finally {if (out != null) {out.flush();out.close();}}}
}
二.三 线程内工具类
public class ThreadLocalUtils {private static final ThreadLocal<Map<String, Object>> THREAD_LOCAL = new ThreadLocal<>();/*** 存储*/public static void put(String key, Object value) {Map<String, Object> map = THREAD_LOCAL.get();if (map == null) {map = new HashMap<>(1,1);}map.put(key, value);THREAD_LOCAL.set(map);}/*** 取值*/public static <T> T get(String key) {Map<String, Object> map = THREAD_LOCAL.get();if (map != null) {return (T) map.get(key);}return null;}/*** 获取当前用户*/public static User getUser() {Map<String, Object> map = THREAD_LOCAL.get();return (User) map.get("user");}public static void release() {THREAD_LOCAL.remove();}public static String getToken() {return get("token");}
}
二.四 添加拦截器
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import top.yueshushu.learn.interceptor.AuthorizationInterceptor;/*** @ClassName:MvcConfig* @Description Web端配置* @Author zk_yjl* @Date 2021/6/29 16:31* @Version 1.0* @Since 1.0**/
@Configuration
public class MvcConfig implements WebMvcConfigurer {@Beanpublic HandlerInterceptor getAuthInterceptor() {//返回自定义的拦截类return new AuthorizationInterceptor();}@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(getAuthInterceptor())// 拦截所有请求.addPathPatterns("/**")// 静态资源过滤.excludePathPatterns("/usr/login","/static/**","/v2/**", "/swagger-resources/configuration/**","/swagger-resources/**", "/swagger-ui.html#/**", "/webjars/**");}/*** 配置静态的资源信息** @param registry*/@Overridepublic void addResourceHandlers(ResourceHandlerRegistry registry) {registry.addResourceHandler("doc.html").addResourceLocations("classpath:/META-INF/resources/");registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");}
}
二.五 处理数据
@GetMapping("/hello2")@AuthTokenpublic String hello2() {try {TimeUnit.SECONDS.sleep(2);} catch (InterruptedException e) {e.printStackTrace();}// 线程内获取User user = ThreadLocalUtils.getUser();return "你好啊,岳泽霖";}
本章节的代码放置在 github 上:
https://github.com/yuejianli/springboot/tree/develop/SpringBoot_Interceptor
谢谢您的观看,如果喜欢,请关注我,再次感谢 !!!