1.需求
请求接口要认证token,认证成功正常调用接口
2.使用 HttpServletRequestWrapper重写
public class WrappedRequest extends HttpServletRequestWrapper {
private static final Logger log = LoggerFactory.getLogger(WrappedRequest.class);
private String mBody;
public WrappedRequest(HttpServletRequest request) throws IOException {
super(request);
this.mBody = this.getBody(request);
}
public static String convertStreamToString(InputStream is) {
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
StringBuilder sb = new StringBuilder();
try {
String line;
try {
while((line = reader.readLine()) != null) {
sb.append(line + "n");
}
} catch (IOException var13) {
log.error("IOException", var13);
}
} finally {
try {
is.close();
} catch (IOException var12) {
log.error("IOException", var12);
}
}
return sb.toString();
}
private String getBody(HttpServletRequest request) throws IOException{
return convertStreamToString(request.getInputStream());
}
public String getBody() {
return this.mBody;
}
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream()));
}
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(this.mBody.getBytes(Charset.defaultCharset()));
return new ServletInputStream() {
public boolean isFinished() {
return false;
}
public boolean isReady() {
return false;
}
public void setReadListener(ReadListener readListener) {
}
public int read() throws IOException {
return bais.read();
}
};
}
3.新增Filter
@Component
public class LoginFilter implements Filter {
@Resource
private RedisService redisService;
private static final String[] anon_uris = new String[]{
"/unified/login",
"/unified/logout"
};
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//忽略掉匿名的路径
if(ServletUtils.requestUriMatch(anon_uris, request)){
filterChain.doFilter(request, response);
return;
}
WrappedRequest myRequestWrapper = new WrappedRequest(request);
//校验 token
if(!validToken(myRequestWrapper, response))
return;
//继续往下执行
if (myRequestWrapper == null) {
filterChain.doFilter(servletRequest, servletResponse);
}else{
filterChain.doFilter(myRequestWrapper, servletResponse);
}
}
private boolean validToken(WrappedRequest myRequestWrapper, HttpServletResponse response) throws IOException {
String param = myRequestWrapper.getBody();
System.out.println(param);
HashMap hashMap = JSON.parseObject(param, HashMap.class);
//获取 token
String token = EmptyUtil.isNotEmpty(hashMap.get("token")) ? hashMap.get("token").toString() : null;
//获取 userId
String userId = EmptyUtil.isNotEmpty(hashMap.get("userId")) ? hashMap.get("userId").toString() : null;
//校验token参数
if(EmptyUtil.isEmpty(token)) {
ret(response, R.noToken().toJson());
return false;
}
if(EmptyUtil.isEmpty(userId)) {
ret(response, R.noUserId().toJson());
return false;
}
//校验userId对应token
String userLoginKey = "umpsLogin:" + userId;
String userRedisToken = EmptyUtil.isEmpty(redisService.get(userLoginKey)) ? null : redisService.get(userLoginKey).toString();
if(EmptyUtil.isEmpty(userRedisToken)){
ret(response, R.noLogin().toJson());
return false;
}
if(!userRedisToken.equals(token)){
ret(response, R.noPerm().toJson());
return false;
}
//从 Redis 中获取用户信息
String userJson = redisService.get(token).toString();
if(userJson == null){
ret(response, R.noLogin().toJson());
return false;
}
//获取过期时间,与 token 过期时间保持一致
Long timeout = 21600l;
//重置过期时间,单位为 “秒”
redisService.expire(userId.toString(), timeout); //刷新 userId 的缓存时间
redisService.expire(token, timeout); //刷新 token 的缓存时间
return true;
}
public void ret(HttpServletResponse response, String body) throws IOException {
response.setContentType("application/json; charset=utf-8");
response.getWriter().println(body);
}
}
