springboot攔截器過濾token,並返回結果及異常處理操作
阿新 • • 發佈:2020-09-27
1.springboot 攔截器處理過濾token,並且返回結果
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
@Component
public class ECInterceptor implements HandlerInterceptor {
/**
* @Description 在業務處理器處理請求之前被呼叫。預處理,可以進行編碼、安全控制等處理;
* @Date 2019/5/14 16:04
* @Version 1.0
*/
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response,Object handler) throws Exception {
System.out.println(request.getRequestURL()+"===========preHandle===========");
String token = request.getParameter("token");
if(StringUtils.isNotEmpty(token)){
Subject subject = ShiroUtil.getSubject(token);
if(subject != null && subject.isAuthenticated()){
return true;
} else{
//返回校驗token結果
returnJson(response);
// return false; //我做的時候返回資料後忘記return false了,所以導致異常
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request,Object handler,@Nullable ModelAndView modelAndView) throws Exception {
System.out.println(request.getContextPath()+"============postHandle==========");
}
/**
* @Description 在DispatcherServlet完全處理完請求後被呼叫,也就是說檢視渲染已經完畢或者呼叫者已經拿到結果
* @Date 2019/5/14 16:05
* @Version 1.0
*/
@Override
public void afterCompletion(HttpServletRequest request,@Nullable Exception ex) throws Exception {
System.out.println(request.getContextPath()+"============afterCompletion==========");
}
private void returnJson(HttpServletResponse response){
PrintWriter writer = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
try {
writer = response.getWriter();
Map<String,Object> result = PackageReturnResult.returnJson(400,"使用者令牌token無效");
result.put("data",null);
writer.print(result);
} catch (IOException e){
LoggerUtil.logError(ECInterceptor.class,"攔截器輸出流異常"+e);
} finally {
if(writer != null){
writer.close();
}
}
}
}
2.java.lang.IllegalStateException: getWriter() has already been called for this response異常
我再做攔截器處理response資料後忘記return false返回,導致攔截器被呼叫兩次,報java.lang.IllegalStateException: getWriter() has already been called for this response異常,犯這樣低階錯誤花了很長時間才解決,謹記!!!
[2019-05-27 09:27:17.690] [http-nio-8080-exec-1 ] [ERROR] [o.a.c.c.C.[.[.[.[dispatcherServlet] :175 ] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: getWriter() has already been called for this response] with root cause java.lang.IllegalStateException: getWriter() has already been called for this response at org.apache.catalina.connector.Response.getOutputStream(Response.java:548) at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:210) at javax.servlet.ServletResponseWrapper.getOutputStream(ServletResponseWrapper.java:105) at org.springframework.http.server.ServletServerHttpResponse.getBody(ServletServerHttpResponse.java:83) at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.writeInternal(AbstractJackson2HttpMessageConverter.java:255) at org.springframework.http.converter.AbstractGenericHttpMessageConverter.write(AbstractGenericHttpMessageConverter.java:103) at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:290) at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.handleReturnValue(RequestResponseBodyMethodProcessor.java:180) at com.uufund.ecapi.config.returnvalue.HandlerMethodReturnValueHandlerProxy.handleReturnValue(HandlerMethodReturnValueHandlerProxy.java:40) at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:82) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:119) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.uufund.ecapi.config.filter.ECWebFilter.doFilter(ECWebFilter.java:24) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
補充知識:springboot 攔截器過濾許可權和錯誤處理
先說異常處理,增加一個異常處理的類MyControllerAdvice就可以了,不需要其他地方使用,注意使用註解@ControllerAdvice
@ControllerAdvice
public class MyControllerAdvice {
@Resource
GetRootPath getRootPath;
private static final Logger logger = LoggerFactory.getLogger(MyControllerAdvice.class);
public void output(Object json,HttpServletRequest request,HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
/***
* 404處理
* @param e
* @return
*/
@ExceptionHandler(NoHandlerFoundException.class)
public void notFountHandler(HttpServletRequest request,Model model,NoHandlerFoundException e) throws IOException,JSONException {
JSONObject json = new JSONObject();
json.put("code",500);
json.put("content",null);
json.put("msg","未找到路徑:"+request.getServletPath());
output(json,request,response);
}
/**
* 執行時異常
*
* @param exception
* @return
*/
@ExceptionHandler({RuntimeException.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request,RuntimeException exception) throws JSONException,IOException {
JSONObject json = new JSONObject();
json.put("code",exception.getMessage());
output(json,response);
}
/**
* Excepiton異常
*
* @param exception
* @return
*/
@ExceptionHandler({Exception.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request,Exception exception) throws JSONException,response);
}
}
再來許可權驗證的,接手的專案框架中只有驗證是否登入的,沒有驗收許可權的,增加一個類WebMvcConfig,注意使用註解@Configuration, 不需要在其他地方引用即可起作用,並注意使用excludePathPatterns去掉不需要攔截的部分,否則會攔截掉靜態資源。
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 新增攔截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//靜態資源不攔截
registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/static/**");
}
}
增加攔截器類LoginInterceptor
public class LoginInterceptor extends HandlerInterceptorAdapter {
/**
* 檢查是否已經登入
*/
@Override
public boolean preHandle(HttpServletRequest request,Object handler) throws Exception {
Object username = request.getSession().getAttribute(Constants.LOGIN_USER);
String servletPath = request.getServletPath();
String type = request.getHeader("X-Requested-With") == null ? "" : request.getHeader("X-Requested-With");
if (username != null) {
//檢查頁面訪問的許可權
if (!"XMLHttpRequest".equals(type)) {
int userId = Integer.valueOf(request.getSession().getAttribute(Constants.LOGIN_USERID).toString());
List<ModuleEntity> moduleList = (List<ModuleEntity>) request.getSession().getAttribute(Constants.USER_MODULE);
boolean chkResult = methodPermissionLimit(moduleList,servletPath);
if(!chkResult){
JSONObject outputMSg = new JSONObject();
outputMSg.put("code",500);
outputMSg.put("content","");
outputMSg.put("msg","沒有許可權");
output(outputMSg,response);
return false;
}else{
return true;
}
} else {
//如果是json訪問,則不做檢查
return true;
}
} else {
//檢查是否登入允許
if (methodLoginLimit(handler)) {
return true;
} else {
if ("XMLHttpRequest".equals(type)) {
JSONObject outputMSg = new JSONObject();
outputMSg.put("code","登入過期,請重新登陸");
output(outputMSg,response);
return false;
} else {
String redirectUrl = request.getContextPath() + "/login";
response.sendRedirect(redirectUrl);
return false;
}
}
}
}
public boolean methodLoginLimit(Object handler) {
HandlerMethod method = (HandlerMethod) handler;
//獲取當前方法PermessionLimit
LoginLimit loginLimit = method.getMethodAnnotation(LoginLimit.class);
if (loginLimit == null) {
//獲取控制器的PermessionLimit
loginLimit = method.getMethod().getDeclaringClass().getAnnotation(LoginLimit.class);
}
if (loginLimit != null && !loginLimit.limit()) {
return true;
} else {
return false;
}
}
/**
* 檢查許可權
*
* @param moduleList
* @param path
* @return
*/
public boolean methodPermissionLimit(List<ModuleEntity> moduleList,String path) {
boolean havePermission = moduleList.stream().anyMatch(f->f.getPath().toLowerCase().equals(path.toLowerCase()));
return havePermission;
}
public void output(Object json,HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
}
這樣的攔截器只對頁面地址進行攔截,對ajax提交的資料不做處理,做普通專案的許可權過濾是可以了。
以上這篇springboot攔截器過濾token,並返回結果及異常處理操作就是小編分享給大家的全部內容了,希望能給大家一個參考,也希望大家多多支援我們。