JwtTokenUserInterceptor.java 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. package com.om.interceptor;
  2. import com.alibaba.fastjson.JSON;
  3. import com.om.constant.RedisConstant;
  4. import com.om.exception.CustomerAuthenticationException;
  5. import com.om.utils.*;
  6. import lombok.extern.slf4j.Slf4j;
  7. import org.springframework.data.redis.core.RedisTemplate;
  8. import org.springframework.stereotype.Component;
  9. import org.springframework.util.StringUtils;
  10. import org.springframework.web.method.HandlerMethod;
  11. import org.springframework.web.servlet.HandlerInterceptor;
  12. import javax.annotation.Resource;
  13. import javax.servlet.http.HttpServletRequest;
  14. import javax.servlet.http.HttpServletResponse;
  15. /**
  16. * jwt令牌校验的拦截器
  17. */
  18. @Component
  19. @Slf4j
  20. public class JwtTokenUserInterceptor implements HandlerInterceptor {
  21. @Resource
  22. private JwtUtils jwtUtils;
  23. @Resource
  24. private RedisTemplate redisTemplate;
  25. /**
  26. * 校验jwt
  27. *
  28. * @param request
  29. * @param response
  30. * @param handler
  31. * @return
  32. * @throws Exception
  33. */
  34. public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
  35. //判断当前拦截到的是Controller的方法还是其他资源
  36. if (!(handler instanceof HandlerMethod)) {
  37. //当前拦截到的不是动态方法,直接放行
  38. return true;
  39. }
  40. //2、校验令牌
  41. try {
  42. this.validateToken(request);
  43. } catch (CustomerAuthenticationException ex) {
  44. response.setContentType("application/json;charset=UTF-8"); // 设置字符集为 UTF-8
  45. String message = ex.getMessage();
  46. response.setStatus(ResultCode.NO_AUTH);
  47. response.getWriter().write(JSON.toJSONString(Result.error().message(message).result(ResultCode.NO_AUTH)));
  48. return false;
  49. }
  50. return true;
  51. }
  52. /**
  53. * 验证token信息
  54. */
  55. private void validateToken(HttpServletRequest request) {
  56. //从headers头部获取token信息
  57. String token = request.getHeader("token");
  58. //如果请求头部中没有携带token 则从请求的参数中中获取token
  59. if (StringUtils.isEmpty(token)) {
  60. token = request.getParameter("token"); //从参数中获取
  61. }
  62. //如果请求参数中也没有携带token信息 则抛出异常
  63. if (StringUtils.isEmpty(token)) {
  64. throw new CustomerAuthenticationException("token不存在");
  65. }
  66. //从token中获取用户id
  67. Integer uId = jwtUtils.getUserIdFromToken(token);
  68. //判断 用户id 是否为空
  69. if (StringUtils.isEmpty(uId)) {
  70. throw new CustomerAuthenticationException("token解析失败");
  71. }
  72. //判断redis中是否存在token信息
  73. String tokenKey = RedisConstant.USER_TOKEN_PREFIX + uId;
  74. String redisToken = (String) redisTemplate.opsForValue().get(tokenKey);
  75. //判断redis中是否存在token信息 如果为空 则表示token已经失效、
  76. if (StringUtils.isEmpty(redisToken)) {
  77. throw new CustomerAuthenticationException("token已过期");
  78. }
  79. //如果token和redis中的token不一致 则验证失败
  80. if (!token.equals(redisToken)) {
  81. throw new CustomerAuthenticationException("token验证失败");
  82. }
  83. //设置 用户id
  84. UserContext.setUserId(uId);
  85. }
  86. }