拦截器常用的场景
权限验证,判断用户是否登录,防重复提交等等
自定义拦截器
1. 实现HandlerInterceptor接口
HandlerInterceptor接口
public interface HandlerInterceptor {
//在业务处理器处理请求之前被调用;预处理,可以进行编码、安全控制、权限校验等处理
default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
return true;
}
//在业务处理器处理请求执行完成后,生成视图之前执行。
default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
}
//在DispatcherServlet完全处理完请求后被调用
default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
}
}
实现类
在本篇文章的用法,是对token校验
public class JwtInterceptor implements HandlerInterceptor {
@Autowired
private JwtUtil jwtUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String header = request.getHeader("Authorization");
if (StringUtils.isNotEmpty(header)){
if (header.startsWith("Bearer ")){
// 得到token
final String token = header.substring(7);
// 对令牌进行验证
try {
Claims claims = jwtUtil.parseJWT(token);
String roles = (String) claims.get("roles");
if ("admin".equals(roles)) {
request.setAttribute("claims_admin", token);
}
if ("user".equals(roles)) {
request.setAttribute("claims_user", token);
}
} catch (Exception e) {
throw new RuntimeException("令牌有误!");
}
}
}
return true;
}
}
2. 继承WebMvcConfigurationSupport
WebMvcConfigurationSupport
@Configuration
public class InterceptorConfig extends WebMvcConfigurationSupport {
@Autowired
private JwtInterceptor jwtInterceptor;
// 添加拦截器
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor)
.addPathPatterns("/**")
.excludePathPatterns("/**/login/**");
}
}