Swagger添加全局token 验证
1.过滤器代码实现
package com.pab.data.datasource.filter; import com.pab.data.datasource.common.BaseContext; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Slf4j @Component public class LoginCheckFilter implements Filter { // 路径匹配器,支持通配符 public static final AntPathMatcher PATH_MATCHER = new AntPathMatcher(); @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String requestURI = request.getRequestURI(); // 定义不需要处理的请求的路径 String[] urls = { "/employee/login", "/employee/logout", "/backend/**", "/front/**", "/common/**", "/user/sendMsg", "/user/login", "/wabjars/**", "/swagger-resources/**", "/v3/api-docs", "/doc.html", "/webjars/**", "/swagger-ui/**", }; boolean check = check(urls, requestURI); // 如果不需要处理,放行 if (check) { log.info("本次请求{}, 不需要处理", request.getRequestURI()); filterChain.doFilter(request, response); return; } //获取token if (request.getHeader("tk") != null){ String token = request.getHeader("tk"); BaseContext.setToken(token); log.info("用户登录,token: {}", token); filterChain.doFilter(request, response); return; } // 4-1.后台判断登录状态,如果已登录,放行 if (request.getSession().getAttribute("employee") != null) { Long empId = (Long) request.getSession().getAttribute("employee"); BaseContext.setCurrentId(empId); log.info("用户已登录, id: {}", empId); filterChain.doFilter(request, response); return; } // 4-2.移动端判断登录状态,如果已登录,放行 if (request.getSession().getAttribute("user") != null) { Long userId = (Long) request.getSession().getAttribute("user"); BaseContext.setCurrentId(userId); log.info("移动端用户已登录, id: {}", userId); filterChain.doFilter(request, response); return; } // 未登录 log.info("本次请求{} 用户未登录", request.getRequestURI()); response.getWriter().write("NOTLOGIN"); } /** * 路径匹配,检查本次请求是否需要放行 * * @param urls * @param requestURI * @return */ public boolean check(String[] urls, String requestURI) { for (String url : urls) { boolean match = PATH_MATCHER.match(url, requestURI); if (match) { return true; } } return false; } }
2. swagger配置代码
package com.pab.data.datasource.config; import com.google.common.collect.Lists; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import springfox.documentation.builders.ApiInfoBuilder; import springfox.documentation.builders.PathSelectors; import springfox.documentation.builders.RequestHandlerSelectors; import springfox.documentation.oas.annotations.EnableOpenApi; import springfox.documentation.schema.ScalarType; import springfox.documentation.service.*; import springfox.documentation.spi.DocumentationType; import springfox.documentation.spi.service.contexts.SecurityContext; import springfox.documentation.spring.web.plugins.Docket; import java.util.Collections; import java.util.List; /** * 注释掉swagger2,升级为swagger3 */ @Configuration @EnableOpenApi public class SwaggerConfig { @Bean public Docket createRestApi() { return new Docket(DocumentationType.OAS_30) .apiInfo(apiInfo()) .select() .apis(RequestHandlerSelectors.basePackage("com.pab.data.datasource")) .paths(PathSelectors.any()) .build() //添加全局token认证 .globalRequestParameters(Collections.singletonList(new springfox.documentation.builders.RequestParameterBuilder() .name("tk") .description("token") .in(ParameterType.HEADER) .required(true) .query(q -> q.model(m -> m.scalarModel(ScalarType.STRING))) .build())) .securitySchemes(securitySchemes()) .securityContexts(securityContexts()); } /** * 配置认证模式 * @return */ private List<SecurityScheme> securitySchemes() { return Lists.newArrayList(new ApiKey("Authorization", "Authorization", "header")); } /** * 配置认证上下文 */ private List<SecurityContext> securityContexts() { return Lists.newArrayList(SecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(PathSelectors.any()) .build()); } private List<SecurityReference> defaultAuth() { AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; authorizationScopes[0] = authorizationScope; return Lists.newArrayList(new SecurityReference("Authorization", authorizationScopes)); } /** * 项目信息 */ private ApiInfo apiInfo() { return new ApiInfoBuilder() .title("数据源管理项目 RESTful APIs") .version("1.0") .build(); } }
