解决token拦截问题
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.dubbo.common.utils.StringUtils;
import org.apache.dubbo.config.annotation.DubboReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import mellson.common.ContantSession;
import mellson.common.PasRight;
import mellson.p1corp.domain.accesstoken.Accesstoken;
import mellson.p1corp.domain.app.App;
import mellson.p1corp.domain.estore.Estore;
import mellson.p1corp.domain.token.Token;
import mellson.p1corp.rest.accesstoken.AccesstokenRESTService;
import mellson.p1corp.rest.app.AppRESTService;
import mellson.p1corp.rest.companyLoginInfo.CompanyLoginInfoRESTService;
import mellson.p1corp.rest.estore.EstoreRESTService;
import mellson.p1corp.rest.login.LoginRESTService;
import mellson.p1corp.rest.memberrightmanagement.MemberRightManagementRESTService;
import mellson.p1tools.common.GlobalConstant;
import mellson.p1tools.common.RedisConstant;
import mellson.p1tools.domain.token.Admintoken;
import mellson.p1tools.domain.token.Custoken;
import mellson.p1tools.domain.token.Thetoken;
import mellson.p1tools.util.MyException;
import mellson.r5crm.rest.login.CusLoginRESTService;
import mellson.redis.rest.RedisRESTService;
@Component
public class AuthInterceptor implements HandlerInterceptor {
private static Logger logger = LoggerFactory.getLogger(AuthInterceptor.class);
@DubboReference
private AccesstokenRESTService accesstokenRESTService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
String requestPath = request.getRequestURI();
logger.debug("Method: " + method.getName() + ", IgnoreSecurity: "
+ method.isAnnotationPresent(IgnoreSecurity.class));
logger.debug("requestPath: " + requestPath);
if (null != ContantSession.getIgnoreRequestPath()) {
for(String tmp : ContantSession.getIgnoreRequestPath()) {
if(requestPath.startsWith(tmp)) {
return true;
}
}
}
/*if (requestPath.contains("/error")) {
return true;
}*/
if (method.isAnnotationPresent(IgnoreSecurity.class)) {
return true;
}
if(isAllTokenNull(request)) {
if(appInterceptor(request, response)) {
return true;
}
if(estoreInterceptor(request, response)) {
return true;
}
}
thetoken.setTokentype(GlobalConstant.custoken);
thetoken.setTokenvalue(custoken);
} else {
throw new MyException("token-isnull");
}
}
}
}
拦截注解
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Auth {
}
参数拦截转换
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import org.springframework.web.multipart.support.MissingServletRequestPartException;
import mellson.p1tools.domain.token.Thetoken;
public class ThetokenMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.getParameterType().isAssignableFrom(Thetoken.class)
&& parameter.hasParameterAnnotation(Auth.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
WebDataBinderFactory binderFactory) throws Exception {
Thetoken thetoken = (Thetoken) webRequest.getAttribute(“thetoken”, RequestAttributes.SCOPE_REQUEST);
if (thetoken != null) {
return thetoken;
}
throw new MissingServletRequestPartException(“thetoken”);
}
}
安全过滤注解
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface IgnoreSecurity {
}