攔截器 · CRMEB 單商戶Java版幫助文檔

# **攔截器** 作用：攔截用戶登錄認證以及權限 > 1. AdminAuthInterceptor 后臺用戶權限驗證 > 2. AdminTokenInterceptor 后臺用戶登錄token驗證 > 3. FrontTokenInterceptor 移動端用戶登錄token驗證 > 4. SwaggerInterceptor Swagger登錄驗證 1. PC后臺訪問除過一下接口，其余必須驗證登錄操作 ``` 1、登錄 2、驗證碼 3、后臺登錄頁面輪播圖、LOGO ``` 2. 移動端會有三種情況 ``` 1、必須登錄；用戶中心、下單等接口 2、不需要登錄；商品列表，首頁接口等； 3、如果登錄則取用戶信息，否則不取，根據用戶信息給出的數據不相同；優惠券接口 ``` 3. 如何配置以上三種情況，請仔細閱讀以下代碼 ``` package com.zbkj.crmeb.config; import com.filter.ResponseFilter; import com.interceptor.AdminAuthInterceptor; import com.interceptor.AdminTokenInterceptor; import com.interceptor.FrontTokenInterceptor; import com.interceptor.SwaggerInterceptor; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.handler.MappedInterceptor; //token驗證攔截器 @Configuration public class WebConfig implements WebMvcConfigurer { // 這里使用一個Bean為的是可以在攔截器中自由注入，也可以在攔截器中使用SpringUtil.getBean 獲取 // 但是覺得這樣更優雅 //后臺用戶權限 @Bean public HandlerInterceptor adminAuthInterceptor(){ return new AdminAuthInterceptor(); } //后臺用戶登錄 @Bean public HandlerInterceptor adminTokenInterceptor(){ return new AdminTokenInterceptor(); } //移動端用戶登錄 @Bean public HandlerInterceptor frontTokenInterceptor(){ return new FrontTokenInterceptor(); } @Bean public ResponseFilter responseFilter(){ return new ResponseFilter(); } @Value("${swagger.basic.username}") private String username; @Value("${swagger.basic.password}") private String password; @Value("${swagger.basic.check}") private Boolean check; @Override public void addInterceptors(InterceptorRegistry registry) { //添加token攔截器 //addPathPatterns添加需要攔截的命名空間； //excludePathPatterns添加排除攔截命名空間 //后臺token攔截 registry.addInterceptor(adminTokenInterceptor()). addPathPatterns("/api/admin/**"). excludePathPatterns("/api/admin/validate/**"); //后臺權限規則 registry.addInterceptor(adminAuthInterceptor()). addPathPatterns("/api/admin/**"). excludePathPatterns("/api/admin/validate/**"); //前端用戶登錄token registry.addInterceptor(frontTokenInterceptor()). addPathPatterns("/api/front/**"). excludePathPatterns("/api/front/qrcode/**"); } public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/**") .addResourceLocations("classpath:/static/"); registry.addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); } @Bean public FilterRegistrationBean filterRegister() { //注冊過濾器 FilterRegistrationBean registration = new FilterRegistrationBean(responseFilter()); registration.addUrlPatterns("/*"); return registration; } /* 必須在此處配置攔截器,要不然攔不到swagger的靜態資源 */ @Bean @ConditionalOnProperty(name = "swagger.basic.enable", havingValue = "true") public MappedInterceptor getMappedInterceptor() { return new MappedInterceptor(new String[]{"/swagger-ui.html", "/webjars/**"}, new SwaggerInterceptor(username, password, check)); } } ``` 4. 針對2.3如何處理？ ``` 1、不做任何配置，讓FrontTokenInterceptor來攔截 2、在FrontTokenInterceptor做部分路由判斷；判斷路由，部分路由不管用戶是否登錄都可以訪問 3、看下面核心代碼；在CheckFrontToken.checkRouter里配置路由即可 ``` ``` package com.interceptor; import com.alibaba.fastjson.JSONObject; import com.common.CheckFrontToken; import com.common.CommonResult; import com.utils.RequestUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //token驗證攔截器 public class FrontTokenInterceptor implements HandlerInterceptor { @Autowired private CheckFrontToken checkFrontToken; //程序處理之前需要處理的業務 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setCharacterEncoding("UTF-8"); String token = checkFrontToken.getTokenFormRequest(request); if(token == null || token.isEmpty()){ //判斷路由，部分路由不管用戶是否登錄都可以訪問 boolean result = checkFrontToken.checkRouter(RequestUtil.getUri(request)); if(result){ return true; } response.getWriter().write(JSONObject.toJSONString(CommonResult.unauthorized())); return false; } Boolean result = checkFrontToken.check(token, request); if(!result){ response.getWriter().write(JSONObject.toJSONString(CommonResult.unauthorized())); return false; } return true; } public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {} public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex){} } ``` ``` package com.common; import com.constants.Constants; import com.utils.RedisUtil; import com.utils.RequestUtil; import com.utils.ThreadLocalUtil; import org.apache.commons.lang3.ArrayUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; /** * 檢測token是否過期 * Created on 2019/11/23 * @author zhangle */ @Component public class CheckFrontToken { @Autowired protected RedisUtil redisUtil; public Boolean check(String token, HttpServletRequest request){ try { boolean exists = redisUtil.exists(Constants.USER_TOKEN_REDIS_KEY_PREFIX + token); if(exists){ Object value = redisUtil.get(Constants.USER_TOKEN_REDIS_KEY_PREFIX + token); Map<String, Object> hashedMap = new HashMap<>(); hashedMap.put("id", value); ThreadLocalUtil.set(hashedMap); redisUtil.set(Constants.USER_TOKEN_REDIS_KEY_PREFIX +token, value, Constants.TOKEN_EXPRESS_MINUTES, TimeUnit.MINUTES); }else{ //判斷路由，部分路由不管用戶是否登錄/token過期都可以訪問 exists = checkRouter(RequestUtil.getUri(request)); } return exists; }catch (Exception e){ return false; } } //路由在此處，則返回true，無論用戶是否登錄都可以訪問 public boolean checkRouter(String uri) { String[] routerList = { "api/front/product/detail", "api/front/coupons", "api/front/index" }; return ArrayUtils.contains(routerList, uri); } public String getTokenFormRequest(HttpServletRequest request){ return request.getHeader(Constants.HEADER_AUTHORIZATION_KEY); } } ```