SpringBoot通过自定义注解实现Token校验

た入场券 2022-10-12 01:56 43阅读 0赞

![793bd2e016f87b98d2a5e35cc5edc770.png][]

*来源：**blog.csdn.net/qq\_33556185/article/details/105420205*

1.定义Token的注解，需要Token校验的接口，方法上加上此注解

import java.lang.annotation.ElementType;
    import java.lang.annotation.Retention;
    import java.lang.annotation.RetentionPolicy;
    import java.lang.annotation.Target;
    @Retention(RetentionPolicy.RUNTIME)
    @Target(ElementType.METHOD)
    public @interface Token {
        boolean validate() default true;
    }

2.定义LoginUser注解，此注解加在参数上，用在需要从token里获取的用户信息的地方

import java.lang.annotation.ElementType;
    import java.lang.annotation.Retention;
    import java.lang.annotation.RetentionPolicy;
    import java.lang.annotation.Target;
    @Target(ElementType.PARAMETER)
    @Retention(RetentionPolicy.RUNTIME)
    public @interface LoginUser {
    }

3.权限的校验拦截器

mport com.example.demo.annotation.Token;
    import com.example.demo.entity.User;
    import lombok.extern.slf4j.Slf4j;
    import org.springframework.stereotype.Component;
    import org.springframework.web.method.HandlerMethod;
    import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    @Component
    @Slf4j
    public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
        public static final String USER_KEY = "USER_ID";
        public static final String USER_INFO = "USER_INFO";
        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
            Token annotation;
            if(handler instanceof HandlerMethod) {
                annotation = ((HandlerMethod) handler).getMethodAnnotation(Token.class);
            }else{
                return true;
            }
            //没有声明需要权限,或者声明不验证权限
            if(annotation == null || annotation.validate() == false){
                return true;
            }
            //从header中获取token
            String token = request.getHeader("token");
            if(token == null){
                log.info("缺少token，拒绝访问");
                return false;
            }
            //查询token信息
    //        User user = redisUtils.get(USER_INFO+token,User.class);
    //        if(user == null){
    //            log.info("token不正确，拒绝访问");
    //            return false;
    //        }
            //token校验通过，将用户信息放在request中，供需要用user信息的接口里从token取数据
            request.setAttribute(USER_KEY, "123456");
            User user=new User();
            user.setId(10000L);
            user.setUserName("2118724165@qq.com");
            user.setPhoneNumber("15702911111");
            user.setToken(token);
            request.setAttribute(USER_INFO, user);
            return true;
        }
    }

4.写参数的解析器，将登陆用户对象注入到接口里

import com.example.demo.annotation.LoginUser;
    import com.example.demo.entity.User;
    import com.example.demo.interceptor.AuthorizationInterceptor;
    import org.springframework.core.MethodParameter;
    import org.springframework.stereotype.Component;
    import org.springframework.web.bind.support.WebDataBinderFactory;
    import org.springframework.web.context.request.NativeWebRequest;
    import org.springframework.web.context.request.RequestAttributes;
    import org.springframework.web.method.support.HandlerMethodArgumentResolver;
    import org.springframework.web.method.support.ModelAndViewContainer;
    @Component
    public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver
    {
        @Override
        public boolean supportsParameter(MethodParameter methodParameter) {
            return methodParameter.getParameterType().isAssignableFrom(User.class)&&methodParameter.hasParameterAnnotation(LoginUser.class);
        }
        @Override
        public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
            //获取登陆用户信息
            Object object = nativeWebRequest.getAttribute(AuthorizationInterceptor.USER_INFO, RequestAttributes.SCOPE_REQUEST);
            if(object == null){
                return null;
            }
            return (User)object;
        }
    }

5.配置拦截器和参数解析器

import com.example.demo.interceptor.AuthorizationInterceptor;
    import com.example.demo.resolver.LoginUserHandlerMethodArgumentResolver;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.web.method.support.HandlerMethodArgumentResolver;
    import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
    import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
    import java.util.List;
     
    @Configuration
    public class WebMvcConfig implements WebMvcConfigurer {
        @Autowired
        private AuthorizationInterceptor authorizationInterceptor;
        @Autowired
        private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver;
     
        @Override
        public void addInterceptors(InterceptorRegistry registry) {
            registry.addInterceptor(authorizationInterceptor).addPathPatterns("/api/**");
        }
     
        @Override
        public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
            argumentResolvers.add(loginUserHandlerMethodArgumentResolver);
        }
    }

6.测试类

import com.example.demo.annotation.LoginUser;
    import com.example.demo.annotation.Token;
    import com.example.demo.entity.User;
    import lombok.extern.slf4j.Slf4j;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.bind.annotation.RestController;
     
    @RestController
    @RequestMapping(value = "/api")
    @Slf4j
    public class TestController {
        @RequestMapping(value="/test",method = RequestMethod.POST)
        @Token
        public String test(@LoginUser User user){
            System.out.println("需要token才可以访问，呵呵……");
            log.info("user："+user.toString());
            return "test";
        }
        @RequestMapping(value="/noToken",method = RequestMethod.POST)
        public String noToken(){
            System.out.println("不用token就可以访问……");
            return "test";
        }
    }

至此，自定义注解实现token校验就大功告成了。

往期推荐

[（附源码）Spring Boot 框架整合 OAuth2 实现单点登录 SSO 详细完整源码教程！][Spring Boot _ OAuth2 _ SSO]

[SpringBoot+webSocket实现扫码登录功能][SpringBoot_webSocket]

[如何利用JVM在线调试工具排查线上问题][JVM]

[\[合集\]JVM内存溢出问题的定位方法][JVM 1]

[4种方式让你定义的Method在Spring Boot 启动时自动执行][4_Method_Spring Boot]

[脚本达人总结的Linux Shell脚本编写经验，看完不踩坑][Linux Shell]

[这份Redis6.0集群搭建教程，项目肯定用得上][Redis6.0]

[设计微服务架构，相关设计模式如何运用？][Link 1]

[4种SpringBoot 接口幂等性的实现方案！最后一个80%以上的开发会踩坑][4_SpringBoot _80]

[掌握Git命令的本质，开发时才会得心应手][Git]

[Shell 脚本进阶，经典用法及其案例][Shell]

**若觉得文章对你有帮助，****随手转发分享，也是侠梦继续更新的动力。**

![1b48b54ec03fbfea002f5445f8341d50.gif][]

[793bd2e016f87b98d2a5e35cc5edc770.png]: /images/20221005/fd32a71554744523b759eec262dd2d68.png
[Spring Boot _ OAuth2 _ SSO]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44ed9bcb33648d5db6e6b67b033b925ae1fa984862d5597165b6f2d1aec42cd43407643fbd&idx=1&mid=2247489698&scene=21&sn=6327e66c203469a62b72206eb2702eb5#wechat_redirect
[SpringBoot_webSocket]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44eda8cb3364bebc3e9d969e5b5c74b1cb9ef43c362b82c6470dabacfa92d6e9a694f73268&idx=1&mid=2247489681&scene=21&sn=2a7c8d1f97eb11ec25f569d24163b10f#wechat_redirect
[JVM]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44edbccb3364aae93355b0445703ead739611134f0f5449edf03c22d21a3a67e6762733e76&idx=1&mid=2247489669&scene=21&sn=4e213d3e10a8edad02f07a7b618b1005#wechat_redirect
[JVM 1]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44ed52cb33644452780f971a408393907f84c04567f36ea1512cc6d43436632d81e6eeebf4&idx=1&mid=2247489643&scene=21&sn=5cdd93ec3e700b6ed042afb3c63a3dbe#wechat_redirect
[4_Method_Spring Boot]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44ed6fcb33647997f382be1a734b1214ed9721c16ea40f6756fb18f849aa1796a55bd48b46&idx=1&mid=2247489622&scene=21&sn=a9b326de2c458993a3359359c4480424#wechat_redirect
[Linux Shell]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44ed72cb3364644fdcfd443d0c341ca83a54a142e5b04f3b1fd9a3da7e340ebca975ab84cd&idx=1&mid=2247489611&scene=21&sn=3467f030f469011b8da3233d51f952a8#wechat_redirect
[Redis6.0]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44e286cb336b9019559254e2e2c6742603f94acbace76e3709b693258c64d4286d8e47beb5&idx=1&mid=2247489471&scene=21&sn=6107931e6e39331b2a1fd7b2951b865b#wechat_redirect
[Link 1]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44e288cb336b9eca3ccbaa6ce20ef0a2baae306b3d83953d7d292bda2a1a46052a556fe1ba&idx=1&mid=2247489457&scene=21&sn=28d2cca81052ce5c4618e73469343f42#wechat_redirect
[4_SpringBoot _80]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44e2adcb336bbb0e3ae396e56ad2b85c3eca812ea6ca96b0e615b029e7b61e960dccfb4f18&idx=1&mid=2247489428&scene=21&sn=2dcd64b6ef51b4082509805940f899ac#wechat_redirect
[Git]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44e2bccb336baa68dbfc520df82f75b8edab064a25413360e92e17ab17bb90642004d2a469&idx=1&mid=2247489413&scene=21&sn=bf22fdb5fbdbfbeeaea2c8a8ba0bcb14#wechat_redirect
[Shell]: http://mp.weixin.qq.com/s?__biz=MzU2NDc4MjE2Ng%3D%3D&chksm=fc44e262cb336b7473252b2fcd998e60bd457e98bd348e325493acd82a69e3de8133d1685d0f&idx=1&mid=2247489371&scene=21&sn=f5d677e7370d286c1c0f89d95689d334#wechat_redirect
[1b48b54ec03fbfea002f5445f8341d50.gif]: /images/20221005/19daf4a895f6435b99347b94ff3e5c9f.png