package com.example.filter;
import java.io.IOException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.example.constant.AuthConst;
import com.example.util.JedisUtil;
import com.example.util.JwtUtil;
import com.example.util.RSAUtil;
import redis.clients.jedis.Jedis;
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter {
public static final String SESSION_KEY="name";
@Bean
public SecurityInterceptor getSecurityInterceptor(){
return new SecurityInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry){
InterceptorRegistration addInterceptor = registry.addInterceptor(getSecurityInterceptor());
//排除配置
addInterceptor.excludePathPatterns("/error");
addInterceptor.excludePathPatterns("/login/**");
addInterceptor.excludePathPatterns("/tologin");
addInterceptor.excludePathPatterns("/index");
addInterceptor.excludePathPatterns("/captcha");//排除验证码
addInterceptor.excludePathPatterns("/css/**");
addInterceptor.excludePathPatterns("/fonts/**");
addInterceptor.excludePathPatterns("/img/**");
addInterceptor.excludePathPatterns("/js/**");
//拦截配置
addInterceptor.addPathPatterns("/**/**");
}
private class SecurityInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws IOException{
HttpSession session = request.getSession();
Cookie[] cookies = request.getCookies(); //获取cookie数组
for(Cookie cookie:cookies){//遍历cookie数组
if ("tokenId".equals(cookie.getName())) {
System.out.println("获取cookie的名字: " + cookie.getName());//获取cookie的名字
System.out.println("获取cookie的值: " + cookie.getValue()); //获取cookie的值
// 从认证中心回跳的带有token的请求,有效则放行
//String token = request.getParameter(AuthConst.TOKEN);
String token = cookie.getValue();
if (token != null) {
//解密jwt并验证是否正确
boolean freeJwt = new JwtUtil(null,token).freeJwt();
if(freeJwt) {
//为了防止cookie被劫持、有效时间被篡改,对比一下redis
//有效返回新的token 更新cookie、redis cookie存的tokenId、redis存的tokenId、user
//Jedis jedis = JedisUtil.getJedis();
//String string = jedis.get(token);
//
Cookie cookie1 = new Cookie("tokenId", token);//将登录信息加入cookie中
cookie1.setMaxAge(10*6); //设置cookie最大失效时间 10S
response.addCookie(cookie1);//将cookie返回加入
return true;
}
}
}
}
//跳转到登录页
String url = "/login";
response.sendRedirect(url);
return false;
}
}
}