注冊(cè)攔截器

package com.tanhua.server.config;import com.tanhua.server.interceptor.RedisCacheInterceptor; import com.tanhua.server.interceptor.UserTokenInterceptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;/*** 配置過濾器*/ @Configuration public class WebConfig implements WebMvcConfigurer {/*** redis 緩存檢測(cè)*/@Autowiredprivate RedisCacheInterceptor redisCacheInterceptor;/*** token檢測(cè)*/@Autowiredprivate UserTokenInterceptor userTokenInterceptor;/*** 過濾器鏈 根據(jù)順序攔截** @param registry 注冊(cè)過濾器鏈 根據(jù)順序攔截*/@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(this.userTokenInterceptor).addPathPatterns("/**");registry.addInterceptor(this.redisCacheInterceptor).addPathPatterns("/**");} }

編寫用戶線程工具類

package com.tanhua.common.utils;import com.tanhua.common.pojo.User;/*** 當(dāng)前用戶線程*/ public class UserThreadLocal {private UserThreadLocal() {}private static final ThreadLocal<User> LOCAL = new ThreadLocal<>();/*** 將user放到threadLocal** @param user user*/public static void setUser(User user) {LOCAL.set(user);}/*** 返回當(dāng)前線程中的user對(duì)象** @return 返回當(dāng)前線程中的user對(duì)象*/public static User getUser() {return LOCAL.get();}/*** 刪除當(dāng)前線程中的user對(duì)象*/public static void remove() {LOCAL.remove();} } 定義標(biāo)記不需要驗(yàn)證token 的注解 package com.tanhua.common.utils;import java.lang.annotation.*;/*** 標(biāo)記不需要驗(yàn)證token 的方法*/ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) @Documented //標(biāo)記注解 public @interface NoAuthorization { }

攔截器

package com.tanhua.server.interceptor;import com.tanhua.common.pojo.User; import com.tanhua.common.utils.NoAuthorization; import com.tanhua.common.utils.UserThreadLocal; import com.tanhua.server.service.UserService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** 攔截 效驗(yàn)token*/ @Component public class UserTokenInterceptor implements HandlerInterceptor {@Autowiredprivate UserService userService;//將user對(duì)象放入threadLocal@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {//效驗(yàn)handler 是否為匹配到controller的方法if (!(handler instanceof HandlerMethod)) {return true;}//判斷方法是否包含了NoAuthorization注解， 標(biāo)記不需要驗(yàn)證TOKENif (((HandlerMethod) handler).hasMethodAnnotation(NoAuthorization.class)) {return true;}//獲取請(qǐng)求keyString token = request.getHeader("Authorization");if (StringUtils.isNotEmpty(token)) {//調(diào)用sso 驗(yàn)證 token 的有效性User user = userService.queryUserByToken(token);if (null != user) {UserThreadLocal.setUser(user);return true;}}//token 無效 401無權(quán)限r(nóng)esponse.setStatus(401);return false;}//完成方法：從threadLocal中刪除user對(duì)象@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {UserThreadLocal.remove();} }

定義過濾器。?注冊(cè)獲取器。?攔截到請(qǐng)求。如果命中controller的方法，?判斷該方法@NoAuthorization?有沒有使用自定義注解標(biāo)記。不需要token攔截。如果沒有就攔截。拿到請(qǐng)求token? 驗(yàn)證token 。如果token合法?

UserThreadLocal.setUser(user); 將用戶信息。放到ThreadLocal用戶線程。

在service?中。就那可以拿到user用戶信息了。不用每個(gè)service?方法都校驗(yàn)一次token?

創(chuàng)作挑戰(zhàn)賽新人創(chuàng)作獎(jiǎng)勵(lì)來咯，堅(jiān)持創(chuàng)作打卡瓜分現(xiàn)金大獎(jiǎng)

總結(jié)

以上是生活随笔為你收集整理的UserThreadLocal 用户线程Token拦截验证的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。