springboot拦截器过滤token,并返回结果及异常处理操作
1.springboot 拦截器处理过滤token,并且返回结果
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
@Component
public class ECInterceptor implements HandlerInterceptor {
/**
* @Description 在业务处理器处理请求之前被调用。预处理,可以进行编码、安全控制等处理;
* @Date 2019/5/14 16:04
* @Version 1.0
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println(request.getRequestURL()+"===========preHandle===========");
String token = request.getParameter("token");
if(StringUtils.isNotEmpty(token)){
Subject subject = ShiroUtil.getSubject(token);
if(subject != null && subject.isAuthenticated()){
return true;
} else{
//返回校验token结果
returnJson(response);
// return false; //我做的时候返回数据后忘记return false了,所以导致异常
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
System.out.println(request.getContextPath()+"============postHandle==========");
}
/**
* @Description 在DispatcherServlet完全处理完请求后被调用,也就是说视图渲染已经完毕或者调用者已经拿到结果
* @Date 2019/5/14 16:05
* @Version 1.0
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
System.out.println(request.getContextPath()+"============afterCompletion==========");
}
private void returnJson(HttpServletResponse response){
PrintWriter writer = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
try {
writer = response.getWriter();
Map<String, Object> result = PackageReturnResult.returnJson(400, "用户令牌token无效");
result.put("data", null);
writer.print(result);
} catch (IOException e){
LoggerUtil.logError(ECInterceptor.class, "拦截器输出流异常"+e);
} finally {
if(writer != null){
writer.close();
}
}
}
}
2.java.lang.IllegalStateException: getWriter() has already been called for this response异常
我再做拦截器处理response数据后忘记return false返回,导致拦截器被调用两次,报java.lang.IllegalStateException: getWriter() has already been called for this response异常,犯这样低级错误花了很长时间才解决,谨记!!!
[2019-05-27 09:27:17.690] [http-nio-8080-exec-1 ] [ERROR] [o.a.c.c.C.[.[.[.[dispatcherServlet] :175 ] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: getWriter() has already been called for this response] with root cause java.lang.IllegalStateException: getWriter() has already been called for this response at org.apache.catalina.connector.Response.getOutputStream(Response.java:548) at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:210) at javax.servlet.ServletResponseWrapper.getOutputStream(ServletResponseWrapper.java:105) at org.springframework.http.server.ServletServerHttpResponse.getBody(ServletServerHttpResponse.java:83) at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.writeInternal(AbstractJackson2HttpMessageConverter.java:255) at org.springframework.http.converter.AbstractGenericHttpMessageConverter.write(AbstractGenericHttpMessageConverter.java:103) at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:290) at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.handleReturnValue(RequestResponseBodyMethodProcessor.java:180) at com.uufund.ecapi.config.returnvalue.HandlerMethodReturnValueHandlerProxy.handleReturnValue(HandlerMethodReturnValueHandlerProxy.java:40) at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:82) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:119) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.uufund.ecapi.config.filter.ECWebFilter.doFilter(ECWebFilter.java:24) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
补充知识:springboot 拦截器过滤权限和错误处理
先说异常处理,增加一个异常处理的类MyControllerAdvice就可以了,不需要其他地方使用,注意使用注解@ControllerAdvice
@ControllerAdvice
public class MyControllerAdvice {
@Resource
GetRootPath getRootPath;
private static final Logger logger = LoggerFactory.getLogger(MyControllerAdvice.class);
public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
/***
* 404处理
* @param e
* @return
*/
@ExceptionHandler(NoHandlerFoundException.class)
public void notFountHandler(HttpServletRequest request, HttpServletResponse response, Model model, NoHandlerFoundException e) throws IOException, JSONException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", "未找到路径:"+request.getServletPath());
output(json,request,response);
}
/**
* 运行时异常
*
* @param exception
* @return
*/
@ExceptionHandler({RuntimeException.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request, HttpServletResponse response, Model model, RuntimeException exception) throws JSONException, IOException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", exception.getMessage());
output(json,request,response);
}
/**
* Excepiton异常
*
* @param exception
* @return
*/
@ExceptionHandler({Exception.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request, HttpServletResponse response, Model model, Exception exception) throws JSONException, IOException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", exception.getMessage());
output(json,request,response);
}
}
再来权限验证的,接手的项目框架中只有验证是否登录的,没有验收权限的,增加一个类WebMvcConfig,注意使用注解@Configuration, 不需要在其他地方引用即可起作用,并注意使用excludePathPatterns去掉不需要拦截的部分,否则会拦截掉静态资源。
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 添加拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//静态资源不拦截
registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/static/**");
}
}
增加拦截器类LoginInterceptor
public class LoginInterceptor extends HandlerInterceptorAdapter {
/**
* 检查是否已经登录
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object username = request.getSession().getAttribute(Constants.LOGIN_USER);
String servletPath = request.getServletPath();
String type = request.getHeader("X-Requested-With") == null ? "" : request.getHeader("X-Requested-With");
if (username != null) {
//检查页面访问的权限
if (!"XMLHttpRequest".equals(type)) {
int userId = Integer.valueOf(request.getSession().getAttribute(Constants.LOGIN_USERID).toString());
List<ModuleEntity> moduleList = (List<ModuleEntity>) request.getSession().getAttribute(Constants.USER_MODULE);
boolean chkResult = methodPermissionLimit(moduleList, servletPath);
if(!chkResult){
JSONObject outputMSg = new JSONObject();
outputMSg.put("code", 500);
outputMSg.put("content", "");
outputMSg.put("msg", "没有权限");
output(outputMSg, request, response);
return false;
}else{
return true;
}
} else {
//如果是json访问,则不做检查
return true;
}
} else {
//检查是否登录允许
if (methodLoginLimit(handler)) {
return true;
} else {
if ("XMLHttpRequest".equals(type)) {
JSONObject outputMSg = new JSONObject();
outputMSg.put("code", 500);
outputMSg.put("content", "");
outputMSg.put("msg", "登录过期,请重新登陆");
output(outputMSg, request, response);
return false;
} else {
String redirectUrl = request.getContextPath() + "/login";
response.sendRedirect(redirectUrl);
return false;
}
}
}
}
public boolean methodLoginLimit(Object handler) {
HandlerMethod method = (HandlerMethod) handler;
//获取当前方法PermessionLimit
LoginLimit loginLimit = method.getMethodAnnotation(LoginLimit.class);
if (loginLimit == null) {
//获取控制器的PermessionLimit
loginLimit = method.getMethod().getDeclaringClass().getAnnotation(LoginLimit.class);
}
if (loginLimit != null && !loginLimit.limit()) {
return true;
} else {
return false;
}
}
/**
* 检查权限
*
* @param moduleList
* @param path
* @return
*/
public boolean methodPermissionLimit(List<ModuleEntity> moduleList, String path) {
boolean havePermission = moduleList.stream().anyMatch(f->f.getPath().toLowerCase().equals(path.toLowerCase()));
return havePermission;
}
public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
}
这样的拦截器只对页面地址进行拦截,对ajax提交的数据不做处理,做普通项目的权限过滤是可以了。
以上这篇springboot拦截器过滤token,并返回结果及异常处理操作就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持我们。
相关推荐
-
SpringBoot实现拦截器、过滤器、监听器过程解析
这篇文章主要介绍了SpringBoot实现拦截器.过滤器.监听器过程解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下 过滤器 过滤器简介 过滤器的英文名称为 Filter, 是 Servlet 技术中最实用的技术.如同它的名字一样,过滤器是处于客户端和服务器资源文件之间的一道过滤网,帮助我们过滤掉一些不符合要求的请求,通常用作 Session 校验,判断用户权限,如果不符合设定条件,则会被拦截到特殊的地址或者基于特殊的响应. 过滤器的使用 首
-
Springboot引入拦截器并放行swagger代码实例
这篇文章主要介绍了Springboot引入拦截器并放行swagger代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下 Springboot引入拦截器 自定义的拦截器类 Interceptor package cn.zytao.taosir.auth.config; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import j
-
SpringBoot拦截器Filter的使用方法详解
前言: 最新Servlet 3.0拦截器的使用 1.pom.xml添加需要使用的依赖 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/x
-
springboot创建拦截器过程图解
这篇文章主要介绍了springboot创建拦截器过程图解,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下 一.创建一个MyIntercepor实现HandlerInterceptor接口的类 二.创建一个WebMvcConfig实现WebMvcConfigurer的类 三.创建Controller以供访问 四.效果图 以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持我们.
-
SpringBoot拦截器如何获取http请求参数
1.1.获取http请求参数是一种刚需 我想有的小伙伴肯定有过获取http请求的需要,比如想 前置获取参数,统计请求数据 做服务的接口签名校验 敏感接口监控日志 敏感接口防重复提交 等等各式各样的场景,这时你就需要获取 HTTP 请求的参数或者请求body,一般思路有两种,一种就是自定义个AOP去拦截目标方法,第二种就是使用拦截器.整体比较来说,使用拦截器更灵活些,因为每个接口的请求参数定义不同,使用AOP很难细粒度的获取到变量参数,本文主线是采用拦截器来获取HTTP请求. 1.2.定义拦截器获
-
SpringBoot配置拦截器方式实例代码
步骤: 1.实现WebMvcConfigurer配置类 2.实现拦截器 3 . 把拦截器添加到配置中 4.添加需要拦截的请求 5.添加需要排除的请求 package com.zp.springbootdemo.interceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springfr
-
SpringBoot拦截器原理解析及使用方法
拦截器简介 拦截器通常通过动态代理的方式来执行. 拦截器的生命周期由IoC容器管理,可以通过注入等方式来获取其他Bean的实例,使用更方便. 拦截器配置使用方式 实现拦截器接口: import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.servlet.
-
springboot拦截器过滤token,并返回结果及异常处理操作
1.springboot 拦截器处理过滤token,并且返回结果 import org.apache.commons.lang3.StringUtils; import org.apache.shiro.subject.Subject; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import org.springframework.web.servlet.H
-
SpringBoot 拦截器返回false显示跨域问题
项目最近添加了一个ip黑白名单的功能, 发现如果ip过滤的拦截器返回 false 后前端会显示跨域, 尝试修改MVC配置类后发现还是不行, 最后在拦截器加了个判断就可以了 ↓↓↓ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException { // ----------- 加上这个就好了 ------
-
关于SpringBoot拦截器中Bean无法注入的问题
问题 这两天遇到SpringBoot拦截器中Bean无法注入问题.下面介绍我的思考过程和解决过程: 1.由于其他bean在service,controller层注入一点问题也没有,开始根本没意识到Bean无法注入是在拦截器中无效的问题,一直在查找注解指定的包在哪里配置的,然而却找不到配置,Springboot是用java类的形式加载配置的.在网络的某个角落看到这样的说法: SpringBoot项目的Bean装配默认规则是根据Application类所在的包位置从上往下扫描! "Applicati
-
Vue-resource拦截器判断token失效跳转的实例
在拦截器中设置全局的token判断,意味着每次http请求都会校验token,与后台约定好的token过期返回码可以自定义跳转路径: var token = window.localStorage.getItem("token"); Vue.http.interceptors.push(function(request, next) { request.headers.set('token', token); //setting request.headers next(functio
-
SpringBoot拦截器的使用小结
总结一下SpringBoot下拦截器的使用,步骤很简单: 1.自定义自己的拦截类,拦截类需要继承HandlerInterceptor接口并实现这个接口的方法. @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception { //方法调用前执行 return true;//返回
-
Vue 拦截器对token过期处理方法
最近在做的一个项目,需要每个http请求下 都要添加token,这样无疑是增加了工作量.而vue 拦截器interceptors正好可以解决我们的需求. Vue.http.interceptors.push(function (request, next) {//拦截器设置请求token // sessionStorage.getItem("tokenUrl"); request.headers.set('token', sessionStorage.getItem("tok
-
SpringBoot 拦截器和自定义注解判断请求是否合法
应用场景举例: 当不同身份的用户请求一个接口时,用来校验用户某些身份,这样可以对单个字段数据进行精确权限控制,具体看代码注释 自定义注解 /** * 对比请求的用户身份是否符合 * @author liuyalong * @date 2020/9/25 16:03 */ @Target(ElementType.PARAMETER) @Retention(RetentionPolicy.RUNTIME) public @interface CompareUser { /** * The name
-
springboot拦截器无法注入redisTemplate的解决方法
在工作中我们经常需要做登录拦截验证或者其他拦截认证功能,基于springboot项目下我们很容易想到结合redis做的分布式拦截,把用户登录或者需要验证的信息放到redis里面.但是在写拦截器的时候发现redisTemplate一直无法注入进来,最后查资料才发现springboot拦截器是在Bean实例化之前执行的,所以Bean实例无法注入. 先看下问题,新建一个拦截器,然后注入redisTemplate /** * @author: lockie * @Date: 2019/8/13 16:1
-
SpringBoot 拦截器妙用你真的了解吗
HandlerInterceptor 详解 HandlerInterceptor 允许定制 handler 处理器执行链的工作流接口.我们可以自定义拦截器用于拦截 handlers 处理器(你可以理解为 controller 层的接口),从而可以添加一些共同的重复性的处理行为(例如接口鉴权,接口日志记录,性能监控等),而不用修改每一个 handler 的实现. 注意,此基于 SpringBoot 2.3.12.RELEASE 版本讲解. HandlerInterceptor 接口只有三个默认空实
-
SpringBoot拦截器以及源码详析
目录 1.拦截器是什么 2.自定义拦截器 2.1 编写拦截器 2.2 注册和配置拦截器 3.拦截器原理 3.1 找到可以处理请求的handler以及handler的所有拦截器 3.2 执行拦截器的preHandle方法 3.3 执行目标方法 3.4 执行拦截器的postHandle方法 3.5 执行拦截器的afterCompletion方法 3.6 异常处理 4.总结 1.拦截器是什么 java里的拦截器(Interceptor)是动态拦截Action调用的对象,它提供了一种机制可以使开发者在一