Spring Boot 請求頭token攔截 Swagger 支援請求頭
阿新 • • 發佈:2020-07-03
適用介面需授權token才能呼叫的場景
@Configuration public class WebMvcConfigurer extends WebMvcConfigurationSupport { //新增攔截器 @Override public void addInterceptors(InterceptorRegistry registry) { //介面簽名認證攔截器 registry.addInterceptor(new HandlerInterceptorAdapter() { @Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Result result = new Result(); String token = request.getHeader("token"); //token 校驗 if (null == token) { result.setCode(ResultCode.UNAUTHORIZED).setMessage("請求 head 缺少 token"); responseResult(response, result); return false; } //TODO 進一步校驗 //endregion return true; } }).excludePathPatterns("/oauth/**"); } }
其中,excludePathPatterns 為不必校驗的路由,如 申請token介面
如果你用了 Swagger ui,會導致swagger頁面也被攔截,再排除
.excludePathPatterns("/oauth/**")
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");
這樣,swagger就能正常訪問了。但預設是不支援請求頭的,開發還是不方便,改配置如下
1 @Configuration 2 @EnableSwagger2 3 public class Swagger2Configurer { 4 5 @Bean 6 public Docket createRestApi(){ 7 ParameterBuilder ticketPar = new ParameterBuilder(); 8 List<Parameter> pars = new ArrayList<>(); 9 ticketPar.name("token").description("user ticket") 10 .modelRef(new ModelRef("string")).parameterType("header") 11 .required(false).build(); //header中的token引數非必填,傳空也可以 12 pars.add(ticketPar.build()); //根據每個方法名也知道當前方法在設定什麼引數 13 14 return new Docket(DocumentationType.SWAGGER_2) 15 .apiInfo(apiInfo()) 16 .select() 17 .apis(RequestHandlerSelectors.basePackage("com.***.pub")) 18 .paths(PathSelectors.any()) 19 .build() 20 .globalOperationParameters(pars); 21 } 22 23 private ApiInfo apiInfo() { 24 return new ApiInfoBuilder() 25 .title("*********開放介面") 26 .version("1.0.0") 27 .build(); 28 } 29 }
如下圖