1 public class TokenInterceptor extends HandlerInterceptorAdapter { 2 @Autowired 3 private Memory memory; 4 5 private List<String> allowList; // 放行的URL列表 6 7 private static final PathMatcher PATH_MATCHER = new AntPathMatcher(); 8 9 @Override 10 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { 11 // 判断请求的URI是否运行放行,如果不允许则校验请求的token信息 12 if (!checkAllowAccess(request.getRequestURI())) { 13 // 检查请求的token值是否为空 14 String token = getTokenFromRequest(request); 15 response.setContentType(MediaType.APPLICATION_JSON_VALUE); 16 response.setCharacterEncoding("UTF-8"); 17 response.setHeader("Cache-Control", "no-cache, must-revalidate"); 18 if (StringUtils.isEmpty(token)) { 19 response.getWriter().write("Token不能为空"); 20 response.getWriter().close(); 21 return false; 22 } 23 if (!memory.checkLoginInfo(token)) { 24 response.getWriter().write("Session已过���,请重新登录"); 25 response.getWriter().close(); 26 return false; 27 } 28 ThreadTokenHolder.setToken(token); // 保存当前token,用于Controller层获取登录用户信息 29 } 30 return super.preHandle(request, response, handler); 31 } 32 33 /** 34 * 检查URI是否放行 35 * 36 * @param URI 37 * @return 返回检查结果 38 */ 39 private boolean checkAllowAccess(String URI) { 40 if (!URI.startsWith("/")) { 41 URI = "/" + URI; 42 } 43 for (String allow : allowList) { 44 if (PATH_MATCHER.match(allow, URI)) { 45 return true; 46 } 47 } 48 return false; 49 } 50 51 /** 52 * 从请求信息中获取token值 53 * 54 * @param request 55 * @return token值 56 */ 57 private String getTokenFromRequest(HttpServletRequest request) { 58 // 默认从header里获取token值 59 String token = request.getHeader(Constants.TOKEN); 60 if (StringUtils.isEmpty(token)) { 61 // 从请求信息中获取token值 62 token = request.getParameter(Constants.TOKEN); 63 } 64 return token; 65 } 66 67 public List<String> getAllowList() { 68 return allowList; 69 } 70 71 public void setAllowList(List<String> allowList) { 72 this.allowList = allowList; 73 } 74 }