写好一个内部的接口放到服务器上面又不想被别人调用,所以加了拦截器校验。需要在请求头里面携带正确的Authorization才能响应正确结果,否则返回提示信息。
1.创建PropertiesUtil:
顾名思义,此工具类用于从Properties文件中获取内容,这里用于解析配置中的密钥。
PropertiesUtil
package com.demo.utils;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
/**
* @Author zf
* @ClassName PropertiesUtil.java
* @ProjectName demo
*/
public class PropertiesUtil {
private static Properties properties;
/**
* @Description 加载资源文件
* @param fileName 文件名称
* @return
*/
public static Properties loadResource(String fileName) {
properties = getInstance();
try {
InputStream inputStream = PropertiesUtil.class.getClassLoader().getResourceAsStream(fileName);
if (properties != null) {
properties.load(inputStream);
}
} catch (IOException e) {
e.printStackTrace();
}
return properties;
}
public static Properties getInstance() {
if (null == properties) {
properties = new Properties();
}
return properties;
}
}2.准备存放密钥的文件:
在resources目录下新建一个auth.properties,内容如下:
#MD5加密内容
demo.auth = 2A67A3E221C63EB882879A7332A0902A3.自定义拦截器:
AuthInterceptor
package com.demo.interceptor;
import com.demo.utils.PropertiesUtil;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Properties;
/**
* @Author zf
* @ClassName AuthInterceptor.java
* @ProjectName demo
*/
public class AuthInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws IOException {
String tokenName = "demo-auth";
//尝试从header中取token
String token = request.getHeader(tokenName);
//从指定配置文件中获取内容
Properties properties = PropertiesUtil.loadResource("auth.properties");
String property = properties.getProperty("demo.auth");
//校验token是否正确,返回json数据。
if (!property.equals(token)) {
HttpServletResponse rsp = response;
rsp.setStatus(HttpServletResponse.SC_OK);
rsp.setCharacterEncoding(StandardCharsets.UTF_8.name());
rsp.setContentType("text/html;charset=utf-8");
rsp.getWriter().write("你的IP已经被记录,请勿非法操作!");
return false;
}
return true;
}
}4.将自定义拦截器添加到系统拦截器:
WebConfig
package com.demo.config;
import com.demo.interceptor.AuthInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* @Author zf
* @ClassName WebConfig.java
* @ProjectName demo
*/
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Bean
public AuthInterceptor authInterceptor() {
return new AuthInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authInterceptor())
//拦截路径
.addPathPatterns("/**")
//白名单路径
.excludePathPatterns(
"/swagger-resources/**",
"/webjars/**",
"/v2/**",
"/swagger-ui.html/**",
"/doc.html/**");
}
}
上面的工作完成以后,一个简单的拦截器配置就已经生效了。你只需要访问接口的时候在请求头加上(key = demo-auth,value = 2A67A3E221C63EB882879A7332A0902A)即可正常获取接口响应,否则提示:
你的IP已经被记录,请勿非法操作!。
