/**
* Copyright 2018-2020 stylefeng & fengshuonan (https://gitee.com/stylefeng)
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hanhan.interceptor;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.hanhan.Cnst.JwtConstants;
import com.hanhan.utils.JwtTokenUtil;
import com.hanhan.utils.RenderUtil;
import hanhan.Msg;
import hanhan.p;
import io.jsonwebtoken.JwtException;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
/**
* Rest Api接口鉴权
*HandlerInterceptorAdapter
* @author stylefeng
* @Date 2018/7/20 23:11
*/
public class RestApiInteceptor implements HandlerInterceptor {
private org.slf4j.Logger log= org.slf4j.LoggerFactory.getLogger(this.getClass());
//handler,是指controller的@Controller注解下的整个方法名
//ResourceHttpRequestHandler是静态资源
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//跨域,一定要放在最前面
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST,OPTIONS,GET");
//20天有效
response.setHeader("Access-Control-Max-Age", "1728000");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setCharacterEncoding("UTF-8");
// System.out.println("¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥《"+JSON.toJSONString(handler)+"》¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥44");
p.p("request.getHeader(JwtConstants.AUTH_HEADER) "+request.getHeader(JwtConstants.AUTH_HEADER));
// response.setCharacterEncoding("UTF-8");
// response.setHeader("Content-type", "text/html;charset=UTF-8");
// response.setHeader("Access-Control-Allow-Origin", "*");
// response.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
// response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
// 这个可以用过滤器统一处理
// CORS "pre-flight" request
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
return true;
}
// try {
// handlerMethod = (HandlerMethod) handler;
// } catch (Exception e) {
// e.printStackTrace();
// }
return check(request, response, handler);
}
private boolean check(HttpServletRequest request, HttpServletResponse response, Object handler) {
log.info("======通过jwt拦截器=开始=====");
// if (request.getServletPath().contains(JwtConstants.AUTH_PATH)) {
// return true;
// }
final String requestHeader = request.getHeader(JwtConstants.AUTH_HEADER);
System.out.println("================2=="+requestHeader+"======="+JSON.toJSONString(request.getHeaderNames())+"========");
Msg msg=new Msg().setStatus("0");
String authToken;
if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
authToken = requestHeader.substring(7);
//验证token是否过期,包含了验证jwt是否正确
try {
boolean flag = JwtTokenUtil.isTokenExpired(authToken);
if (flag) {
msg.setMsg("jwt错误或者token过期");
RenderUtil.renderJson(response,msg);
return false;
}
} catch (JwtException e) {
msg.setMsg("jwt token解析失败");
//有异常就是token解析失败
RenderUtil.renderJson(response,msg);
return false;
}
} else {
msg.setMsg("header开头没有带上Bearer以及一个空格");
//header没有带Bearer字段
RenderUtil.renderJson(response,msg);
return false;
}
System.out.println("sdlkfjaslkfdj111111111111111111111lasfjdadslfkj");
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
// System.out.println(">>>MyInterceptor1>>>>>>>请求处理之后进行调用,但是在视图被渲染之前(Controller方法调用之后)");
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse res, Object o, Exception e) throws Exception {
// System.out.println(">>>MyInterceptor1>>>>>>>在整个请求结束之后被调用,也就是在DispatcherServlet 渲染了对应的视图之后执行(主要是用于进行资源清理工作)");
}
}
package com.hanhan.config;
//import com.alibaba.druid.pool.DruidDataSource;
//import com.alibaba.druid.support.http.StatViewServlet;
//import com.alibaba.druid.support.http.WebStatFilter;
//import com.alibaba.druid.support.spring.stat.BeanTypeAutoProxyCreator;
//import com.alibaba.druid.support.spring.stat.DruidStatInterceptor;
//import org.springframework.aop.Advisor;
//import org.springframework.aop.support.DefaultPointcutAdvisor;
//import org.springframework.aop.support.JdkRegexpMethodPointcut;
import com.hanhan.interceptor.RestApiInteceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
//import org.springframework.boot.web.servlet.FilterRegistrationBean;
//import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
//import org.springframework.boot.web.servlet.ServletRegistrationBean;
//import org.springframework.context.annotation.Bean;
//import org.springframework.web.context.request.RequestContextListener;
//import java.util.Arrays;
//import java.util.Properties;
/**
* web 配置类
*
* @author fengshuonan
* @date 2016年11月12日 下午5:03:32
*
*
*
* WebMvcConfigurer
*/
@Configuration
public class WebConfig implements WebMvcConfigurer {
/* @Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedHeaders("*")
.allowedOrigins("*")
.allowedMethods("GET", "HEAD", "POST","PUT", "DELETE", "OPTIONS")
.allowCredentials(true).maxAge(3600*3600);
}*/
/**
* 增加对rest api鉴权的spring mvc拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new RestApiInteceptor())
.addPathPatterns("/jwt/**")
.addPathPatterns("/jwt")
.addPathPatterns("/jwt/*")
// .addPathPatterns("/apilogin")
;
}
/*
@Autowired
private GunsProperties gunsProperties;
*/
/**
* 增加swagger的支持
*/
/* @Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
if (gunsProperties.getSwaggerOpen()) {
registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
}
}*/
/**
* 默认错误页面,返回json
*/
/* @Bean("error")
public GunsErrorView error() {
return new GunsErrorView();
}
*/
/**
* druidServlet注册
*/
/* @Bean
public ServletRegistrationBean druidServletRegistration() {
ServletRegistrationBean registration = new ServletRegistrationBean(new StatViewServlet());
registration.addUrlMappings("/druid/*");
return registration;
}*/
/**
* druid监控 配置URI拦截策略
*/
/* @Bean
public FilterRegistrationBean druidStatFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter());
//添加过滤规则.
filterRegistrationBean.addUrlPatterns("/*");
//添加不需要忽略的格式信息.
filterRegistrationBean.addInitParameter(
"exclusions", "/static/*,*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid,/druid/*");
//用于session监控页面的用户名显示 需要登录后主动将username注入到session里
filterRegistrationBean.addInitParameter("principalSessionName", "username");
return filterRegistrationBean;
}*/
/**
* druid数据库连接池监控
*/
/* @Bean
public DruidStatInterceptor druidStatInterceptor() {
return new DruidStatInterceptor();
}
@Bean
public JdkRegexpMethodPointcut druidStatPointcut() {
JdkRegexpMethodPointcut druidStatPointcut = new JdkRegexpMethodPointcut();
String patterns = "cn.stylefeng.guns.modular.*.service.*";
//可以set多个
druidStatPointcut.setPatterns(patterns);
return druidStatPointcut;
}*/
/**
* druid数据库连接池监控
*/
/* @Bean
public BeanTypeAutoProxyCreator beanTypeAutoProxyCreator() {
BeanTypeAutoProxyCreator beanTypeAutoProxyCreator = new BeanTypeAutoProxyCreator();
beanTypeAutoProxyCreator.setTargetBeanType(DruidDataSource.class);
beanTypeAutoProxyCreator.setInterceptorNames("druidStatInterceptor");
return beanTypeAutoProxyCreator;
}
*/
/**
* druid 为druidStatPointcut添加拦截
*
* @return
*/
/* @Bean
public Advisor druidStatAdvisor() {
return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
}*/
/**
* xssFilter注册
*/
/*@Bean
public FilterRegistrationBean xssFilterRegistration() {
XssFilter xssFilter = new XssFilter();
xssFilter.setUrlExclusion(Arrays.asList("/notice/update", "/notice/add"));
FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
registration.addUrlPatterns("/*");
return registration;
}*/
/**
* RequestContextListener注册
*/
/*@Bean
public ServletListenerRegistrationBean<RequestContextListener> requestContextListenerRegistration() {
return new ServletListenerRegistrationBean<>(new RequestContextListener());
}*/
/**
* ConfigListener注册
*/
/* @Bean
public ServletListenerRegistrationBean<ConfigListener> configListenerRegistration() {
return new ServletListenerRegistrationBean<>(new ConfigListener());
}
*/
/**
* 验证码生成相关
*/
/* @Bean
public DefaultKaptcha kaptcha() {
Properties properties = new Properties();
properties.put("kaptcha.border", "no");
properties.put("kaptcha.border.color", "105,179,90");
properties.put("kaptcha.textproducer.font.color", "blue");
properties.put("kaptcha.image.width", "125");
properties.put("kaptcha.image.height", "45");
properties.put("kaptcha.textproducer.font.size", "45");
properties.put("kaptcha.session.key", "code");
properties.put("kaptcha.textproducer.char.length", "4");
properties.put("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");
Config config = new Config(properties);
DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
defaultKaptcha.setConfig(config);
return defaultKaptcha;
}*/
}
package com.hanhan.utils;
import com.alibaba.fastjson.JSON;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class RenderUtil {
public RenderUtil() {
}
public static void renderJson(HttpServletResponse response, Object jsonObject) {
try {
// response.addHeader("Access-Control-Allow-Origin", "*");
// response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
// response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
// response.addHeader("Access-Control-Max-Age", "1800");//30 min
// response.setContentType("application/json");
// response.setCharacterEncoding("UTF-8");
PrintWriter writer = response.getWriter();
writer.write(JSON.toJSONString(jsonObject));
} catch (IOException var3) {
throw new RuntimeException("拦截器返回信息异常");
}
}
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="./jquery-3.2.1.min.js"></script>
</head>
<body>
<button id="A1" style="height: 100px;width: 100px" >
</button>
<script type="text/javascript">
$("#A1").click(function () {//点击按钮后先alert,再发送ajax
// alert("年后");
// var saveData={"name":"测试菜单003","url":"/test003","code":"test002","pcode":"test002","num":"100","ismenu":"1"}
var saveData={"pageNum":"1","pageSize":"10","createTimeStart":"2018-11-12","createTimeEnd":"2018-11-13 16:17:27","login":"admin"}
$.ajax({
// url : "http://127.0.0.1:8081/testAjaxPost",
// url : "/msgPageSysUserCondition",
url : "http://47.96.69.164:803/jwt/returnUser",
// url : "http://10.0.3.107:803/jwt/returnUser",
type : "GET",
// data : '{"pageSize":"1","pageNum":"1"}',//可用
// data:JSON.stringify(saveData),//和上面一行都可用
contentType:"application/json",
async: true,
// datatype: "JSONP",
// jsonpCallback: "jsonpcallback",
headers:{
"Authorization":"Bearer yJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ7XCJhZ2VcIjozMyxcImJpcnRoZGF5XCI6NTM1OTEwNDAwMDAwLFwiaWRcIjpcIjFcIixcImludGVyZXN0XCI6XCLniLHlpb1cIixcImxhc3RMb2dpblRpbWVcIjoxNTUzNjU5NDY0MDAwLFwibmFtZVwiOlwi6Z-p5pyL6JmOXCIsXCJwYXNzd29yZFwiOlwiMTIzNDU2XCIsXCJyZWdpc3RUaW1lXCI6MTU1MzY1OTQ2NDAwMCxcInJlbVwiOlwi5aSH5rOoXCIsXCJzYWx0XCI6XCIxXCIsXCJ1c2VybmFtZVwiOlwiMTMwOTU0NTMxMTZcIn0iLCJleHAiOjE1NTY1Mzg0MjUsImlhdCI6MTU1Mzk0NjQyNX0.msitxxmZGyYPQD0efJQXRpXZn2Mzi5nv9wJq5o8KPQvAatFJUOzBCbfxtoujtvpjNKRkSIOSWe4Mfk6Jlk0kjQ"
},
success:function(d){
alert("是大立科技按数量奋达科技昂克赛拉发")
alert(JSON.stringify(d))
// console.log(d)
//注意得到的d其实是一个js格式JSON对象
// document.write( "Data Saved: " + JSON.stringify(d));//讲json对象序列化(字符串)输出
// alert( "Data Saved: " + d[0]["name"]);//拿到js的json对象的数组中的第0个对象的key是osDd的value
// alert( "Data Saved: " + d["name"]);//拿到js的json对象的数组中的第0个对象的key是osDd的value
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
alert("====XMLHttpRequest========="+XMLHttpRequest+"============")
console.log("====JSON.stringify(XMLHttpRequest).lastIndexOf========="+JSON.stringify(XMLHttpRequest).lastIndexOf("登录")+"============")
console.log("=======textStatus======"+textStatus+"============")
alert("========errorThrown====="+errorThrown+"============")
if(JSON.stringify(XMLHttpRequest).lastIndexOf("登录")>-1){
top.location.href=location.href;
}
}
});
})
</script>
</body>
</html>