如果你编写了JWT令牌的话,在后续请求中都需要编写Authorization
写成这种格式就行
把token存放到业务数据当中
添加try catch
如果try catch就意味着未登录
return true,就意味放行
要搭配拦截器使用,拦截器,使用前先放拦截器
package worldtolingyidianke.file.interceptors; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import worldtolingyidianke.file.util.JwtUtil; import worldtolingyidianke.file.util.ThreadLocalUtil; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Map; @Component public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("Authorization"); //验证token try { Map<String,Object> claims = JwtUtil.parseToken(token); ThreadLocalUtil.set(claims); return true; } catch (Exception e){ response.setStatus(401); return false; } } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { //清空ThreadLocal中的数据 ThreadLocalUtil.remove(); } }
WebConfig中也可以定义,WebConfig中注入,同时排除接口路径:
后添加配置注解
如果你已经配置好了WebConfig和Inter 就不用配了,里面只加上是(@Request)后面这句话就可以了,是一定要加的
WebConfig的配置:
package worldtolingyidianke.file.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Configurable; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import worldtolingyidianke.file.interceptors.LoginInterceptor; @Configuration public class WebConfig implements WebMvcConfigurer { @Autowired private LoginInterceptor loginInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(loginInterceptor).excludePathPatterns("/user/login","/user/register"); } }
intercepters的相关配置
package worldtolingyidianke.file.interceptors; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import worldtolingyidianke.file.util.JwtUtil; import worldtolingyidianke.file.util.ThreadLocalUtil; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Map; @Component public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("Authorization"); //验证token try { Map<String,Object> claims = JwtUtil.parseToken(token); ThreadLocalUtil.set(claims); return true; } catch (Exception e){ response.setStatus(401); return false; } } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { //清空ThreadLocal中的数据 ThreadLocalUtil.remove(); } }
头部的写法:
public Request的固定写法:添加了拦截器之后,Request里就不用写header了
