springboot过滤器登录校验
过滤器
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
//@WebFilter(filterName = "loginFilter",urlPatterns = "/*")
//@WebFilter注解用于声明当前类是一个过滤器类,对应的参数为过滤器名称和过滤路径,/*意味着全局过滤。
//当添加@Component注解时,会对全局进行过滤
@Component
public class LoginFilter implements Filter {
//放行登录登出接口
private final String exceptStart = "/login,/logout,/favicon";
//放行资源文件
private final String exceptEnd = ".css,.html,.js,.map,.png,.jpg,.gif,.ico,.ttf,.woff,.woff2,.cgi,.asmx";
public static final String SESSION_KEY = "SESSION_KEY";
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//获取Http请求和响应对象
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//获取当前请求路径信息
String requestURI = request.getRequestURI();
//过滤路径,设置不过滤的请求
boolean check = check(requestURI);
//白名单请求则放行
if (check) {
log.debug("过滤通过" + requestURI);
filterChain.doFilter(request, response);
return;
}
//验证登录状态,已登录则放行
if (request.getSession().getAttribute(SESSION_KEY) != null) {
log.debug("过滤通过" + requestURI);
filterChain.doFilter(request, response);
return;
}
log.info("过滤拦截" + requestURI);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("未登录");
}
public boolean check(String uri) {
String[] starts = exceptStart.split(",");
String[] ends = exceptEnd.split(",");
for (String start: starts) {
if (uri.startsWith(start)) {
//匹配到前缀,放行
return true;
}
}
for (String end: ends) {
if (uri.endsWith(end)) {
//匹配到后缀,放行
return true;
}
}
return false;
}
}
登入登出接口
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@RestController
@Slf4j
public class LoginController {
public final String dbUsername = "jack";
public final String dbPassword = "abc";
/**
* 登录接口
* 方便测试就直接用GET了
*/
@RequestMapping(value = {"/login"}, method = RequestMethod.GET)
public String login(String username, String password, HttpServletRequest request) {
if (dbUsername.equals(username) && dbPassword.equals(password)) {
request.getSession().setAttribute(LoginFilter.SESSION_KEY, username);
log.info("login: " + username);
return "login success";
} else {
return "login fail";
}
}
/**
* 登出接口
*/
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request) {
HttpSession session = request.getSession();
Object username = session.getAttribute(LoginFilter.SESSION_KEY);
log.info("logout: " + username);
session.invalidate();
return "logout success";
}
/**
* 测试是否登录接口
*/
@RequestMapping(value = "/ping", method = RequestMethod.GET)
public String ping() {
return "pong";
}
}
测试
- 浏览器访问
http://localhost:8080/ping返回未登录 - 请求
http://localhost:8080/login?username=jack&password=abc返回login success - 请求
http://localhost:8080/ping返回pong - 请求
http://localhost:8080/logout返回logout success - 请求
http://localhost:8080/ping返回未登录
参考
springBoot过滤器验证登录
https://blog.csdn.net/raintempest/article/details/126939886
