springboot 统一Token校验 --- AOP 拦截器1、准备实例
- TokenAop 具体拦截规则
- BaseConfig 配置token请求
- Token 、UserToken 操作token对象
1、Token对象
Token.java
package cn.ucmed.privacy.agreement.token;
import com.ucmed.doctorusercenter.bean.retbean.LoginUserInfo;
public interface Token {
/**
* 获取token值
*
* @return the token
*/
String getToken();
/**
* 保存token值
*
* @param token the token
*/
void setToken(String token);
/**
* 获取用户信息
*/
LoginUserInfo getLoginUserInfo();
/**
* 保存用户信息
*/
void setLoginUserInfo(LoginUserInfo loginUserInfo);
}
根据需要添加方法
UserToken.java
package cn.ucmed.privacy.agreement.token;
import com.ucmed.doctorusercenter.bean.retbean.LoginUserInfo;
import org.springframework.beans.factory.annotation.Autowired;
public class UserToken implements Token {
private String token;
private LoginUserInfo loginUserInfo;
@Autowired
public UserToken() {}
@Override
public String getToken() {
return token;
}
@Override
public void setToken(String token) {
this.token = token;
}
@Override
public LoginUserInfo getLoginUserInfo() {
return loginUserInfo;
}
@Override
public void setLoginUserInfo(LoginUserInfo loginUserInfo) {
this.loginUserInfo = loginUserInfo;
}
}
2、配置Token单次请求有效
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd">
<!--用户token转化为bean,单次request有效-->
<bean id="userToken" class="cn.ucmed.privacy.agreement.token.UserToken" scope="request">
<aop:scoped-proxy/>
</bean>
</beans>
3、导入配置类
package cn.ucmed.privacy.agreement.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
/**
* bean配置
*
**/
@Configuration
@ImportResource(locations={"classpath:bean.xml"})
public class BeanConfig {
}
4、配置拦截规则
package cn.ucmed.privacy.agreement.aop;
import cn.ucmed.privacy.agreement.config.PropertiesConfig;
import cn.ucmed.privacy.agreement.token.Token;
import cn.ucmed.privacy.agreement.util.ResponseUtil;
import cn.ucmed.privacy.agreement.util.ReturnCode;
import com.alibaba.fastjson.JSON;
import com.ucmed.doctorusercenter.bean.WebReturnData;
import com.ucmed.doctorusercenter.bean.entbean.GetUserInfoParam;
import com.ucmed.doctorusercenter.bean.retbean.LoginUserInfo;
import com.ucmed.doctorusercenter.httpservice.HttpDjUserService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
/**
* 过滤token转化为对象
*
* @author HJH
* @since 2017-08-17
**/
@Aspect
@Component
//@Order()
public class TokenAop {
private static final Logger LOG = LoggerFactory.getLogger(TokenAop.class);
private Token userToken;
@Autowired
private PropertiesConfig propertiesConfig;
@Autowired
public TokenAop(Token userToken){
this.userToken = userToken;
}
@Around("execution(* cn.ucmed.privacy.agreement.controller..*(..)) && "+
"@annotation(org.springframework.web.bind.annotation.PostMapping)")
public Object interceptor(ProceedingJoinPoint joinPoint) throws Throwable {
Object res;
try {
HttpServletRequest request = getRequest();
//从请求获取token参数
String token = request.getParameter("token");
userToken.setToken(token);
// token phone 校验
GetUserInfoParam getUserInfoParam = new GetUserInfoParam();
getUserInfoParam.setToken(token);
WebReturnData<LoginUserInfo> webReturnData = HttpDjUserService
.GetUserInfo(getUserInfoParam);
if(webReturnData == null) {
LOG.info("webReturnData == null");
return ResponseUtil.returnError(ReturnCode.STATE_1002);
}
if(webReturnData.getRet_code() != 0
&& webReturnData.getRet_data() == null) {
LOG.info("webReturnData :{}",
JSON.toJSONString(webReturnData));
return ResponseUtil.returnError(ReturnCode.STATE_1002);
}
LoginUserInfo loginUserInfo = webReturnData.getRet_data();
userToken.setLoginUserInfo(loginUserInfo);
if(!propertiesConfig.editPhoneList
.contains(loginUserInfo.getLoginname())) {
return ResponseUtil.returnError(ReturnCode.STATE_409);
}
} catch (Throwable e) {
LOG.error("token转化为对象失败,错误信息如下:", e);
}
res = joinPoint.proceed();
return res;
}
private HttpServletRequest getRequest() {
ServletRequestAttributes sra = (ServletRequestAttributes) RequestContextHolder
.getRequestAttributes();
return sra.getRequest();
}
}
(以下例子需要,可忽略)
@Autowired
private PropertiesConfig propertiesConfig;
重点:获取token参数方法
//从请求获取token参数
String token = request.getParameter("token");
重点:拦截规则
try {
...token验证规则....
}
恭喜注册成功,快来登录吧!