springboot 自定义filter

本文介绍了一个基于Spring框架的自定义过滤器实现,用于处理HTTP请求中的Token验证。该过滤器继承了OncePerRequestFilter,并利用LoginService进行Token有效性检查,确保每次请求的合法性。同时,它还实现了资源路径保护,避免未授权访问。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.Map;

@Configuration
public class TokenFilter extends OncePerRequestFilter {

    @Resource
    LoginService loginService;
    @Autowired
    ResourceProtectedPath resourceProtectedPath;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        Boolean isMatch = UrlPatternUtil.matches("/wx/**", request.getServletPath());
        if (!isMatch) {
            chain.doFilter(request, response);
            return;
        }

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        final String accessToken = getAccessToken(httpRequest);
        Map token = loginService.getToken(accessToken);
        if (BaseUtil.isEmpty(token)) {
            ResponseDto responseDto = new ResponseDto();
            responseDto.fail(1018, "无效的token=" + accessToken);
            WebUtils.writeJSON(response, responseDto);
        }
        if (BaseUtil.isNotEmpty(token)) {
            Date invalidTime = (Date) token.get("invalidTime");
            Date now = DateUtil.now();
            if (now.getTime() > invalidTime.getTime()) {
                ResponseDto responseDto = new ResponseDto();
                responseDto.fail(1015, "token已失效,请重新登录");
                WebUtils.writeJSON(response, responseDto);
                return;
            }
        }
        TokenHolder.set(token);
        chain.doFilter(request, response);
        TokenHolder.remove();
    }


    public static String getAccessToken(HttpServletRequest httpRequest) {
        Cookie cookie = CookieUtil.getCookie(httpRequest, "token");
        if (cookie != null) {
            return cookie.getValue();
        }
        final String authorization = httpRequest.getHeader("token");
        if (authorization != null) {
            return authorization.trim();
        }
        return httpRequest.getParameter("token");
    }
}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值