Interceptor judgment
Interceptor intercepts a request for the first determination, if the OPTIONS request, then released
import com.alibaba.fastjson.JSON; import com.zp.demo.util.JwtHelperUtil; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.AuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; importjavax.servlet.http.HttpServletRequest; Import javax.servlet.http.HttpServletResponse; Import java.io.IOException; Import java.io.PrintWriter; Import java.util.Map; // intercept API requires authentication before being executed and also called filter public class TokenFilter the extends AuthenticationFilter { Private Final Logger Logger = LoggerFactory.getLogger (TokenFilter. class ); @Override protected Boolean onAccessDenied (the servletRequest servletRequest, the ServletResponse ServletResponse) { the HttpServletRequest Request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; try {
//这几句代码是关键 if ("OPTIONS".equals(request.getMethod())){ response.setStatus(org.apache.http.HttpStatus.SC_NO_CONTENT);; logger.info("OPTIONS 放行"); return true; } String token = getToken(servletRequest); //判断token 是否为空 if (StringUtils.isEmpty(token)) { this.printUnauthorized("401", (The HttpServletResponse) ServletResponse); return to false ; } the else { // not expired air determined whether the Map Maps = (the Map) the JSON.parse (JwtHelperUtil.validateLogin (token)); IF (Maps == null ) { logger.info ( "token expired return 403" ); response.setStatus ( 403); // can response.getWriter () returns json or format you want, and set the header: Content-Type: text / json return false ; } } } the catch (Exception E) { logger.error ( "null pointer exception" , E); } logger.info ( "valid token release" ); return to true ; } Private String getToken to (the ServletRequest servletRequest) { the HttpServletRequest Request = (the HttpServletRequest) servletRequest; String authorizationHeader = Request. getHeader ( "Authorization"); // Get Authorization request header attribute // System.out.println (authorizationHeader); IF (! {StringUtils.isEmpty (authorizationHeader)) return authorizationHeader.replace ( "", ""); } return null; } private void printUnauthorized(String messageCode, HttpServletResponse response) { String content = String.format("{\"code\":\"%s\",\"msg\":\"%s\"}", messageCode, HttpStatus.UNAUTHORIZED.getReasonPhrase()); response.setContentType("application/json;charset=UTF-8"); response.setContentLength(content.length()); response.setStatus(HttpStatus.UNAUTHORIZED.value()); try { PrintWriter writer = response.getWriter(); writer.write(content); } catch (IOException var5) { var5.printStackTrace(); } } }
Configuration crossing:
import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /* 配置跨越访问 */ @Component public class AllowOriginFilter implements Filter { @SuppressWarnings("unused") public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin", "*"); // 设置允许所有跨域访问 response.setHeader("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) { } public void destroy() { } }