p7axzmcn9
/
ass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3599f26390'
${ noResults }
ass/src/main/java/com/interceptor/AuthorizationInterceptor.java

100 lines
3.8 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

package com.interceptor;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import com.alibaba.fastjson.JSONObject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import com.annotation.IgnoreAuth;
import com.entity.EIException;
import com.entity.TokenEntity;
import com.service.TokenService;
import com.utils.R;
//权限(Token)验证拦截器
// 实现HandlerInterceptor接口用于在请求到达控制器前进行Token验证
@Component
public class AuthorizationInterceptor implements HandlerInterceptor {
// 定义Token在请求头中的key
public static final String LOGIN_TOKEN_KEY = "Token";
@Autowired
private TokenService tokenService; // 注入Token服务
// 预处理方法,在控制器方法执行前调用
// @param request HTTP请求对象
// @param response HTTP响应对象
// @param handler 目标处理器
// @return 验证通过返回true否则返回false
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 设置跨域请求支持
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,request-source,Token, Origin,imgType, Content-Type, cache-control,postman-token,Cookie, Accept,authorization");
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
// 检查是否有IgnoreAuth注解不需要权限验证的注解
IgnoreAuth annotation;
if (handler instanceof HandlerMethod) {
// 获取方法上的IgnoreAuth注解
annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class);
} else {
return true; // 如果不是Controller方法直接放行
}
// 从请求头中获取Token
String token = request.getHeader(LOGIN_TOKEN_KEY);
// 如果方法上有IgnoreAuth注解直接放行
if(annotation != null) {
return true;
}
// Token验证逻辑
TokenEntity tokenEntity = null;
if(StringUtils.isNotBlank(token)) {
// 通过TokenService获取Token实体
tokenEntity = tokenService.getTokenEntity(token);
}
// 如果Token有效将用户信息存入session
if(tokenEntity != null) {
request.getSession().setAttribute("userId", tokenEntity.getUserid());
request.getSession().setAttribute("role", tokenEntity.getRole());
request.getSession().setAttribute("tableName", tokenEntity.getTablename());
request.getSession().setAttribute("username", tokenEntity.getUsername());
return true; // 验证通过
}
// Token无效时的处理
PrintWriter writer = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
try {
writer = response.getWriter();
// 返回401未授权错误
writer.print(JSONObject.toJSONString(R.error(401, "请先登录")));
} finally {
if(writer != null){
writer.close(); // 关闭输出流
}
}
return false; // 拦截请求
}
}
Reference in new issue View Git Blame Copy Permalink