拦截器判断
拦截器截取到请求先进行判断,如果是OPTIONS请求的话,则放行
import com.alibaba.fastjson.JSON; import com.zp.demo.util.JwtHelperUtil; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.AuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; import java.util.Map; //需要认证的API被调用前执行的拦截器也叫过滤器 public class TokenFilter extends AuthenticationFilter { private final Logger logger = LoggerFactory.getLogger(TokenFilter.class); @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; try {
//这几句代码是关键 if ("OPTIONS".equals(request.getMethod())){ response.setStatus(org.apache.http.HttpStatus.SC_NO_CONTENT);; logger.info("OPTIONS 放行"); return true; } String token = getToken(servletRequest); //判断token 是否为空 if (StringUtils.isEmpty(token)) { this.printUnauthorized("401", (HttpServletResponse) servletResponse); return false; } else {//不为空判断是否过期 Map maps = (Map) JSON.parse(JwtHelperUtil.validateLogin(token)); if (maps == null) { logger.info("token过期返回403"); response.setStatus(403);//可以用response.getWriter()返回json或你想要的格式,同时设置header: Content-Type:text/json return false; } } } catch (Exception e) { logger.error("空指针异常", e); } logger.info("token有效放行"); return true; } private String getToken(ServletRequest servletRequest) { HttpServletRequest request = (HttpServletRequest) servletRequest; String authorizationHeader = request.getHeader("Authorization");//获取请求头中的Authorization属性 //System.out.println(authorizationHeader); if (!StringUtils.isEmpty(authorizationHeader)) { return authorizationHeader.replace(" ", ""); } return null; } private void printUnauthorized(String messageCode, HttpServletResponse response) { String content = String.format("{\"code\":\"%s\",\"msg\":\"%s\"}", messageCode, HttpStatus.UNAUTHORIZED.getReasonPhrase()); response.setContentType("application/json;charset=UTF-8"); response.setContentLength(content.length()); response.setStatus(HttpStatus.UNAUTHORIZED.value()); try { PrintWriter writer = response.getWriter(); writer.write(content); } catch (IOException var5) { var5.printStackTrace(); } } }
配置跨越:
import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /* 配置跨越访问 */ @Component public class AllowOriginFilter implements Filter { @SuppressWarnings("unused") public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin", "*"); // 设置允许所有跨域访问 response.setHeader("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) { } public void destroy() { } }