SpringBoot自定义注解实现Token校验的方法

网友投稿 764 2023-02-06

SpringBoot自定义注解实现Token校验的方法

SpringBoot自定义注解实现Token校验的方法

1.定义Token的注解,需要Token校验的接口,方法上加上此注解

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)

@Target(ElementType.METHOD)

public @interface Token {

boolean validate() default true;

}

2.定义LoginUser注解,此注解加在参数上,用在需要从token里获取的用户信息的地方

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;

@Target(ElementType.PARAMETER)

@Retention(RetentionPolicy.RUNTIME)

public @interface LoginUser {

}

3.权限的校验-

import com.example.demo.annotation.Token;

import com.example.demo.entity.User;

import lombok.extern.slf4j.Slf4j;

import org.springframework.stereotype.Component;

import org.springframework.web.method.HandlerMethod;

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@Component

@Slf4j

public class AuthorizationInterceptor extends HandlerInterceptorAdapter {

public static final String USER_KEY = "USER_ID";

public static final String USER_INFO = "USER_INFO";

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

Token annotation;

if(handler instanceof HandlerMethod) {

annotation = ((HandlerMethod) handler).getMethodAnnotation(Token.class);

}else{

return true;

}

http:// //没有声明需要权限,或者声明不验证权限

if(annotation == null || annotation.validate() == false){

return true;

}

//从header中获取token

String token = request.getHeader("token");

if(token == null){

log.info("缺少token,拒绝访问");

return false;

}

//查询token信息

// User user = redisUtils.get(USER_INFO+token,User.class);

// if(user == null){

// log.info("token不正确,拒绝访问");

// return false;

// }

//token校验通过,将用户信息放在request中,供需要用user信息的接口里从token取数据

request.setAttribute(USER_KEY, "123456");

User user=new User();

user.setId(10000L);

user.setUserName("2118724165@qq.com");

user.setPhoneNumber("15702911111");

user.setToken(token);

request.setAttribute(USER_INFO, user);

return true;

}

}

4.写参数的解析器,将登陆用户对象注入到接口里

import com.example.demo.annotation.LoginUser;

import com.example.demo.entity.User;

import com.example.demo.interceptor.AuthorizationInterceptor;

import org.springframework.core.MethodParameter;

import org.springframework.stereotype.Component;

import org.springframework.web.bind.support.WebDataBinderFactory;

import org.springframework.web.context.request.NativeWebRequest;

import org.springframework.web.context.request.RequestAttributes;

import org.springframework.web.method.support.HandlerMethodArgumentResolver;

import org.springframework.web.method.support.ModelAndViewContainer;

@Component

public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver

{

@Override

public boolean supportsParameter(MethodParameter methodParameter) {

return methodParameter.getParameterType().isAssignableFrom(User.class)&&methodParameter.hasParameterAnnotation(LoginUser.class);

}

@Override

public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {

//获取登陆用户信息

Object object = nativeWebRequest.getAttribute(AuthorizationInterceptor.USER_INFO, RequestAttributes.SCOPE_REQUEST);

if(object == null){

return null;

}

return (User)object;

}

}

5.配置-和参数解析器

import com.example.demo.interceptor.AuthorizationInterceptor;

import com.example.demo.resolver.LoginUserHandlerMethodArgumentResolver;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.method.support.HandlerMethodArgumentResolver;

import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.List;

@Configuration

public class WebMvcConfig implements WebMvcConfigurer {

@Autowired

private AuthorizationInterceptor authorizationInterceptor;

@Autowired

private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver;

@Override

public void addInterceptors(InterceptorRegistry registry) {

registry.addInterceptor(authorizationInterceptor).addPathPatterns("/api/**");

}

@Override

public void addArgumentResolvers(List argumentResolvers) {

argumentResolvers.add(loginUserHandlerMethodArgumentResolver);

}

}

7.测试类

import com.example.demo.annotation.LoginUser;

import com.example.demo.annotation.Token;

import com.example.demo.entity.User;

import lombok.extern.slf4j.Slf4j;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.RestController;

@RestController

@RequestMapping(value = "/api")

@Slf4j

public class TestController {

@RequestMapping(value="/test",method = RequestMethod.POST)

@Token

public String test(@LoginUser User user){

System.out.println("需要token才可以访问,呵呵……");

log.info("user:"+user.toString());

return "test";

}

@RequestMapping(value="/noToken",method = RequestMethod.POST)

public String noToken(){

System.out.println("不用token就可以访问……");

return "test";

}

}

至此,自定义注解实现token校验就大功告成了。

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:抖音app运营模式(抖音app运营模式分析)
下一篇:微信小程序前端安全(微信小程序的安全性)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~