JAVA SSM拦截器是啥?
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了JAVA SSM拦截器是啥?相关的知识,希望对你有一定的参考价值。
struts2有拦截器,可以实现进入action之前进行拦截 参考技术A 【SSM】拦截器的原理、实现拦截器执行原理(流程):
1、拦截请求的url;
2、从cookie中获取token;
3、如果没有token,则直接拦截,打回登录页面;
4、获取到token,调用sso(单点登录)系统的服务查询用户信息,返回session(用户信息);
5、对获取到的session进行处理。如果session已经过期,直接打回系统登录页面;如果session有效,则直 接放行,达到用户的请求页面
Java基于ssm框架的restful应用开发
Java基于ssm框架的restful应用开发
好几年都没写过java的应用了,这里记录下使用java ssm框架、jwt如何进行rest应用开发,文中会涉及到全局异常拦截处理、jwt校验、token拦截器等内容。
1、jwt工具类
直接贴代码了,主要包括jwt的sign、verify、decode三个方法,具体实现如下:
package com.isoft.util;
import java.util.Date;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
public class JwtUtil {
private static final String SECRET = "xxxxx";
private static final String USERID = "userId";
private static final String ISSUER = "xxxx.com";
// 过期时间7天
private static final long EXPIRE_TIME = 7 * 24 * 60 * 60 * 1000;
// jwt sign
public static String sign(Integer userId) {
try {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
Algorithm algorithmHS = Algorithm.HMAC256(SECRET);
return JWT.create().withClaim(USERID, userId).withExpiresAt(date).withIssuer(ISSUER).sign(algorithmHS);
} catch (Exception e) {
return null;
}
}
// jwt verify
public static boolean verify(String token, Integer userId) {
try {
Algorithm algorithmHS = Algorithm.HMAC256(SECRET);
JWTVerifier verifier = JWT.require(algorithmHS).withClaim(USERID, userId).withIssuer(ISSUER).build();
verifier.verify(token);
return true;
} catch (Exception e) {
System.out.println(e);
return false;
}
}
// 返回token中的用户名
public static Integer getUserId(String token) {
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim(USERID).asInt();
} catch (Exception e) {
return null;
}
}
}
2、全局异常处理类
ssm中进行rest全局异常拦截处理主要用到RestControllerAdvice型注解类,直接贴代码:
package com.isoft.exception;
import org.springframework.http.HttpStatus;
import org.springframework.http.converter.HttpMessageNotReadableException;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import com.isoft.po.Response;
@RestControllerAdvice
public class ExceptionAdvice {
/**
* 400 - Bad Request
*/
@ResponseStatus(HttpStatus.BAD_REQUEST)
@ExceptionHandler(HttpMessageNotReadableException.class)
public Response handleHttpMessageNotReadableException(HttpMessageNotReadableException e) {
return new Response().failure("could not read json");
}
/**
* 405 - Method Not Allowed
*
* @param e
* @return
*/
@ResponseStatus(HttpStatus.METHOD_NOT_ALLOWED)
@ExceptionHandler(HttpRequestMethodNotSupportedException.class)
public Response handleHttpRequestMethodNotSupportedException(HttpRequestMethodNotSupportedException e) {
return new Response().failure("request method not supported");
}
/**
* 500 - Internal Server Error
*
* @param e
* @return
*/
@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
@ExceptionHandler(Exception.class)
public Response handleException(Exception e) {
System.err.println(e);
return new Response().failure(e.getMessage());
}
}
这里主要拦截了405、400、500的n行yi‘chang异常情况,可根据具体情况拓展。
3、自定义Response返回类
我们自定义的Response返回类格式如下:
{
"meta": {
"success": true,
"message": "ok"
},
data: Array or Object
}
代码如下:
package com.isoft.po;
public class Response {
private static final String OK = "ok";
private static final String ERROR = "error";
private Meta meta;
private Object data;
public Response success() {
this.meta = new Meta(true, OK);
return this;
}
public Response success(Object data) {
this.meta = new Meta(true, OK);
this.data = data;
return this;
}
public Response success(Object data, String msg){
this.meta = new Meta(true, msg);
this.data = data;
return this;
}
public Response failure() {
this.meta = new Meta(false, ERROR);
return this;
}
public Response failure(String message) {
this.meta = new Meta(false, message);
return this;
}
public Meta getMeta() {
return meta;
}
public Object getData() {
return data;
}
public class Meta {
private boolean success;
private String message;
public Meta(boolean success) {
this.success = success;
}
public Meta(boolean success, String message) {
this.success = success;
this.message = message;
}
public boolean isSuccess() {
return success;
}
public String getMessage() {
return message;
}
}
}
4、jwt的token拦截器Interceptor
spring mvc的Interceptor实现类一般是继承HandlerInterceptor接口并重写preHandle、postHandle、afterCompletion的方法来实现的,这里我们直接进行token的verify返回即可,具体代码如下:
package com.isoft.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.isoft.util.JwtUtil;
import com.isoft.util.StringUtil;
/**
* jwt token拦截
* @author sd
*
*/
public class TokenInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) throws Exception {
String token = req.getHeader("Authorization");
if (StringUtil.isEmpty(token)) {
return false;
}
token = token.replace("Bearer ", "");
boolean isPass = JwtUtil.verify(token, JwtUtil.getUserId(token));
if (isPass) {
return true;
}
res.setStatus(401);
return false;
}
}
写完这些还不行,需要将拦截器注册到spring-mvc的config中:
<!-- mvc拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/users/login"/>
<bean class="com.isoft.interceptor.TokenInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
这里使用mvc:exclude-mapping可以直接排除某个接口的拦截,比较方便。
5、mysql插入中文乱码解决
使用ssm框架mybatis进行数据插入时,发现插入中文进去后数据有乱码情况,除了设置数据库编码之外还解决不了问题的话,不妨看下mybatis的链接编码设置,如果是db.properties的话,使用如下设置:
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://ip:port/dbname?useUnicode=true&characterEncoding=utf-8
jdbc.username=username
jdbc.password=password
6、一个简单的rest controller实例
package com.isoft.web.controller;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import com.isoft.po.PageBean;
import com.isoft.po.Response;
import com.isoft.po.User;
import com.isoft.service.UserService;
import com.isoft.util.JwtUtil;
import com.isoft.util.StringUtil;
/**
* 用户控制器类
*/
@RequestMapping("/users")
@RestController
public class UserController {
@Resource
private UserService userService;
/**
* 用户注册
*
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "/", method = RequestMethod.POST)
@ResponseStatus(value = HttpStatus.CREATED)
public Response save(@RequestBody User user, HttpServletResponse res) throws Exception {
userService.add(user);
return new Response().success(user);
}
/**
* 用户登录
*
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "login", method = RequestMethod.POST)
@ResponseStatus(value = HttpStatus.OK)
public Response login(@RequestBody User user, HttpServletResponse res) throws Exception {
System.out.println(user);
User u = userService.login(user);
if (u != null) {
String token = JwtUtil.sign(u.getId());
u.setToken(token);
u.setHashedPassword("");
return new Response().success(u, "login success");
}
return new Response().failure("username or password wrong");
}
/**
* 用户查询带分页
*
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "/", method = RequestMethod.GET)
@ResponseStatus(value = HttpStatus.OK)
public Response list(@RequestParam(value = "page", required = false, defaultValue = "1") String page,
@RequestParam(value = "rows", required = false, defaultValue = "10") String rows, User s_user, HttpServletResponse res)
throws Exception {
System.out.println(s_user);
PageBean pageBean = new PageBean(Integer.parseInt(page), Integer.parseInt(rows));
Map<String, Object> map = new HashMap<String, Object>();
map.put("userName", StringUtil.formatLike(s_user.getUserName()));
map.put("email", s_user.getemail());
map.put("start", pageBean.getStart());
map.put("size", pageBean.getPageSize());
List<User> userList = userService.find(map);
return new Response().success(userList);
}
/**
* 用户更新
*
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "/{id}", method = RequestMethod.PUT)
@ResponseStatus(value = HttpStatus.OK)
public Response update(@PathVariable Integer id, @RequestBody User user, HttpServletResponse res) throws Exception {
user.setId(id);
System.out.println(user);
Integer count = userService.update(user);
if (count != 0) {
return new Response().success();
}
return new Response().failure();
}
/**
* 用户删除,支持批量
* @param id
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "/{ids}", method = RequestMethod.DELETE)
@ResponseStatus(value = HttpStatus.OK)
public Response delete(@PathVariable String ids, HttpServletResponse res) throws Exception {
String[] idsStrings = ids.split(",");
for (String id : idsStrings) {
userService.delete(Integer.parseInt(id));
}
return new Response().success();
}
/**
* 用户详情
* @param id
* @param user
* @param res
* @return
* @throws Exception
*/
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseStatus(value = HttpStatus.OK)
public Response getUser(@PathVariable Integer id, HttpServletResponse res) throws Exception {
Map<String, Object> map = new HashMap<String, Object>();
map.put("id", id);
List<User> users = userService.find(map);
return new Response().success(users);
}
}
以上是关于JAVA SSM拦截器是啥?的主要内容,如果未能解决你的问题,请参考以下文章