因为springboot项目想使用jwt,每个restful接口都需要验证token的有效性,所以决定使用springboot+aop拦截所有请求进行token校验。
项目结构如下图:
1.pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.dingkai</groupId>
<artifactId>account</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<name>account</name>
<description></description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.9.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<druid.version>1.0.18</druid.version>
<fastjson.version>1.2.8</fastjson.version>
<mybatis.version>1.3.1</mybatis.version>
<pagehelper.version>5.1.2</pagehelper.version>
<jwt.version>0.9.0</jwt.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>${druid.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
<dependency> <!-- exclude掉spring-boot的默认log配置 -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- 引入log4j2依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<!-- Mybatis依赖 -->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>${mybatis.version}</version>
</dependency>
<!-- MySQL启动依赖 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!-- 分页查询插件 -->
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper</artifactId>
<version>${pagehelper.version}</version>
</dependency>
<!-- JWT -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${jwt.version}</version>
</dependency>
<!-- aop -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
</build>
</project>2.ControllerInterceptor.java
package com.dingkai.account.Interceptor;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
@Aspect
@Component
public class ControllerInterceptor {
private final Logger logger = LogManager.getLogger(this.getClass());
@Pointcut("execution(public * com.dingkai.account.controller..*(..))")
public void controllerMethodPointcut(){}
@Before("controllerMethodPointcut()") //指定拦截器规则
public Object interceptor(JoinPoint jp){
MethodSignature signature = (MethodSignature) jp.getSignature();
Method method = signature.getMethod(); //获取被拦截的方法
String methodName = method.getName(); //获取被拦截的方法名
logger.info("interceptor ***************************");
logger.info("methodName: "+methodName);
return null;
}
}
3.LoginController.java
package com.dingkai.account.controller;
import com.alibaba.fastjson.JSONObject;
import com.dingkai.account.model.User;
import com.dingkai.account.service.LoginService;
import com.dingkai.account.util.HttpCode;
import com.dingkai.account.util.MD5Util;
import com.dingkai.account.util.ResponseUtil;
import com.dingkai.account.util.UuidUtil;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@CrossOrigin(origins = "*")
@Controller
public class LoginController {
@Autowired
private LoginService loginService;
private final Logger logger = LogManager.getLogger(this.getClass());
@GetMapping(value = "test")
@ResponseBody
public void test(){
System.out.println();
}
@PostMapping(value = "login")
@ResponseBody
public void login(@RequestBody String jsonStr,HttpServletRequest request, HttpServletResponse response){
String uuid=UuidUtil.getUUID();
JSONObject jsonObject=JSONObject.parseObject(jsonStr);
User user=loginService.login(
jsonObject.getString("username"),
MD5Util.MD5(jsonObject.getString("password"))
);
logger.info(uuid+" login ************************************");
logger.info("user: "+user);
//登陆失败
if(user==null){
ResponseUtil.RESPONSE(request,response,"104",uuid,"用户不存在",null);
}
//登陆成功
else{
String token = Jwts.builder()
.setSubject(user.getUsername())
.setExpiration(new Date(System.currentTimeMillis() + 60 * 60 * 24 * 1000))
.signWith(SignatureAlgorithm.HS512, "account")
.compact();
response.addHeader("Authorization", token);
ResponseUtil.RESPONSE(request,response,"0",uuid,"success",user);
}
}
}
运行项目并请求test接口
查看日志如下,说明springboot+aop已经成功,接下来只要在里面添加自己的token验证逻辑即可
[03:50:42:639] [INFO] - com.dingkai.account.Interceptor.ControllerInterceptor.interceptor(ControllerInterceptor.java:29) - interceptor ***************************
[03:50:42:639] [INFO] - com.dingkai.account.Interceptor.ControllerInterceptor.interceptor(ControllerInterceptor.java:30) - methodName: test
扫一扫
1474
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
