SpirngBoot设置自定义注解@NoToken去除部分接口的token验证
Posted 洛阳泰山
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpirngBoot设置自定义注解@NoToken去除部分接口的token验证相关的知识,希望对你有一定的参考价值。
前言
项目开发中,有部分对外提供的接口需要无token调用,毕竟每次都需要先调用登录接口获取token,再去调用功能接口,还要不停的更新token,防止token过期,别的项目调用实在有点麻烦,于是开发一个notoken 的注解在不需要传token的接口controller里加上@NoToken注解,即可实现,非常方便,下面就附上代码教程,仅供参考.
代码教程
第一步,创建创建注解,代码如下
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Inherited
@Documented
@Target(ElementType.TYPE, ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface NoToken
第二步,配置token预处理拦截器
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springblade.core.secure.annotation.NoToken;
import org.springblade.core.secure.provider.ResponseProvider;
import org.springblade.core.secure.utils.AuthUtil;
import org.springblade.core.tool.jackson.JsonUtil;
import org.springblade.core.tool.utils.WebUtil;
import org.springframework.lang.NonNull;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class TokenInterceptor extends HandlerInterceptorAdapter
private static final Logger log = LoggerFactory.getLogger(TokenInterceptor.class);
public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler)
HandlerMethod method = (HandlerMethod)handler;
boolean methodAnno = method.getMethod().isAnnotationPresent(NoToken.class);
boolean classAnno = method.getMethod().getDeclaringClass().isAnnotationPresent(NoToken.class);
if (null == AuthUtil.getUser() && !methodAnno && !classAnno)
log.warn("签名认证失败,请求接口:,请求IP:,请求参数:", new Object[]request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap()));
ResponseProvider.write(response);
return false;
else
return true;
public TokenInterceptor()
附加代码中使用的部分类的代码
代码中的 AuthUtil.getUser()方法是从token解析出用户信息的方法,代码不在展示
ResponseProvider 类代码如下
import java.io.IOException;
import java.util.Objects;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.api.ResultCode;
import org.springblade.core.tool.jackson.JsonUtil;
public class ResponseProvider
private static final Logger log = LoggerFactory.getLogger(ResponseProvider.class);
public ResponseProvider()
public static void write(HttpServletResponse response)
R result = R.fail(ResultCode.UN_AUTHORIZED);
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-type", "application/json;charset=UTF-8");
response.setStatus(200);
try
response.getWriter().write((String)Objects.requireNonNull(JsonUtil.toJson(result)));
catch (IOException var3)
log.error(var3.getMessage());
ResultCode枚举类
public enum ResultCode implements IResultCode
SUCCESS(200, "操作成功"),
FAILURE(400, "业务异常"),
UN_AUTHORIZED(401, "请求未授权"),
CLIENT_UN_AUTHORIZED(401, "客户端请求未授权"),
NOT_FOUND(404, "404 没找到请求"),
MSG_NOT_READABLE(400, "消息不能读取"),
METHOD_NOT_SUPPORTED(405, "不支持当前请求方法"),
MEDIA_TYPE_NOT_SUPPORTED(415, "不支持当前媒体类型"),
REQ_REJECT(403, "请求被拒绝"),
INTERNAL_SERVER_ERROR(500, "服务器异常"),
PARAM_MISS(400, "缺少必要的请求参数"),
PARAM_TYPE_ERROR(400, "请求参数类型错误"),
PARAM_BIND_ERROR(400, "请求参数绑定错误"),
PARAM_VALID_ERROR(400, "参数校验失败");
final int code;
final String message;
public int getCode()
return this.code;
public String getMessage()
return this.message;
private ResultCode(final int code, final String message)
this.code = code;
this.message = message;
第三步,使用方法
@Notekn注解放在类上,则该类下的所有接口方法,都生效;只把@Notekn放在某个方法上,则只有该方法接口生效
/**
* @author liuya
*/
@Api(tags = "对外提供接口")
@RestController
@NoToken
public class ForeignController
@ApiOperation("测试1")
@PostMapping("test1")
@NoToken
public R<Boolean> test1()
return R.success();
@ApiOperation("测试2")
@PostMapping("test2")
public R<Boolean> test2()
return R.success();
创作不易,觉得不错,请点赞,评论支持一下啦!!!
以上是关于SpirngBoot设置自定义注解@NoToken去除部分接口的token验证的主要内容,如果未能解决你的问题,请参考以下文章
SpringBoot:如何书写一个自定义的Enable*注解
SpringBoot RedisCacheConfig自定义设置
SpringBoot RedisCacheConfig自定义设置