Meh*_*hat 5 java rest spring spring-security spring-boot
我为休息控制器配置了弹簧启动.我创建了很多api,但我需要在每个api中验证我的令牌信息,用户是否被授权或不基于提供的令牌.
在登录期间,我正在生成每个api中所需的令牌,用于访问信息.如果令牌无效,那么我需要返回消息Sorry, your provided token information has been expired or not exists.
下面是我的api.
@RequestMapping(value="/delete", method= RequestMethod.DELETE)
public Map<String, Object> delete(@RequestBody String reqData,HttpServletRequest request) {
Map<String, Object> m1 = new HashMap<String,Object>();
JSONObject jsonData = new JSONObject(reqData);
Token token= tokenDao.getByTokenCode(jsonData.getString("token"));
if(token==null){
m1.put("status", "error");
m1.put("message", "Sorry, your provided token information expired or not exists.");
return m1;
}
//here my logic to remove user from database.
}
有没有办法在服务方法或使用注释中检查令牌功能,所以我需要在每个api中删除相同的代码,并需要使用一个通用功能.
你可以使用HandlerInterceptor来处理你的令牌.
HandlerInterceptor.preHandle(HttpServletRequest的请求,响应HttpServletResponse的,对象处理器)任何RequestMapping之前将被执行.
在preHandle中验证你的令牌.如果令牌有效则继续,否则抛出异常,控制器建议将处理其余的.
暴露MappedInterceptor的bean类,spring将自动加载HandlerInterceptor bean包含.
ControllerAdvice和ExceptionHandler可以捕获异常并返回错误消息
完整的例子
@RestController
@EnableAutoConfiguration
public class App {
@RequestMapping("/")
public String index() {
return "hello world";
}
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
public static class MyException extends RuntimeException {
}
@Bean
@Autowired
public MappedInterceptor getMappedInterceptor(MyHandlerInterceptor myHandlerInterceptor) {
return new MappedInterceptor(new String[] { "/" }, myHandlerInterceptor);
}
@Component
public static class TestBean {
public boolean judgeToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
throw new MyException();
}
return true;
}
}
@Component
public static class MyHandlerInterceptor implements HandlerInterceptor {
@Autowired
TestBean testBean;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
return testBean.judgeToken(request);
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
Exception ex) throws Exception {
}
}
@ControllerAdvice
public static class MyExceptionHandler {
@ExceptionHandler(MyException.class)
@ResponseBody
public Map<String, Object> handelr() {
Map<String, Object> m1 = new HashMap<String, Object>();
m1.put("status", "error");
m1.put("message", "Sorry, your provided token information expired or not exists.");
return m1;
}
}
}
| 归档时间: |
|
| 查看次数: |
5590 次 |
| 最近记录: |