123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 |
- package com.zkh360.api.user.filter;
- import com.zkh360.core.util.redis.RedisService;
- import org.apache.commons.lang3.StringUtils;
- import org.springframework.beans.factory.annotation.Autowired;
- import javax.servlet.*;
- import javax.servlet.annotation.WebFilter;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import java.io.IOException;
- @WebFilter(filterName = "SessionFilter",urlPatterns = {"/*"})
- public class SessionFilter implements Filter {
- @Autowired
- private RedisService redisService;
- //标示符:表示当前用户未登录(可根据自己项目需要改为json样式)
- String LOGIN_EXPIRED = "{\"stateCode\":\"1002\",\"message\":\"用户信息失效\"}";
- //必须要登陆后才可以访问的接口
- String[] includeUrls = new String[]{
- "/h5/shoppingCart",
- "/h5/order",
- "/h5/shoppingCart/add",
- "/h5/shoppingCart/delete",
- "/h5/shoppingCart/update",
- "/h5/shoppingCart/inquiry",
- "/h5/inquiry",
- "h5/list",
- "/h5/invoice",
- "/h5/ReceiveAddress",
- "/h5/logistics",
- "/h5/password/update",
- "/h5/userinfo",
- "token"
- };
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
- HttpSession session = request.getSession(false);
- ServletContext servletContext = request.getServletContext();
- //获取请求的token
- String requestAuthorization = request.getHeader("Authorization");
- String method = request.getMethod();
- String uri = request.getRequestURI();
- if(isNeedAuthorization(uri) && !"options".equalsIgnoreCase(request.getMethod())){
- if(StringUtils.isBlank(requestAuthorization)){
- // Authorization不存在,返回登陆过期
- setResponseParam(response);
- return;
- }
- }
- if(StringUtils.isBlank(requestAuthorization)){
- // 未登录过 发票ID为null
- filterChain.doFilter(servletRequest, servletResponse);
- return;
- }
- //获取与token绑定的invoiceId
- if (!redisService.exists(requestAuthorization)){
- // Authorization不存在,返回登陆过期
- setResponseParam(response);
- return;
- }
- String invoiceIdValue = redisService.get(requestAuthorization).toString();
- //验证invoceId是否可用
- if(StringUtils.isNotBlank(invoiceIdValue)){
- // 已登陆 给发票ID赋值
- servletContext.setAttribute(requestAuthorization,invoiceIdValue);
- filterChain.doFilter(servletRequest, servletResponse);
- return;
- }else{
- // 登陆过期,重新登陆
- setResponseParam(response);
- return;
- }
- }
- private void setResponseParam(HttpServletResponse response)throws IOException{
- response.setCharacterEncoding("UTF-8");
- response.setContentType("application/json");
- response.setHeader("Access-Control-Allow-Origin","*");
- response.getWriter().write(this.LOGIN_EXPIRED);
- }
- /**
- * @Description: 是否必须要登陆
- * @param uri
- */
- public boolean isNeedAuthorization(String uri) {
- for (String includeUrl : includeUrls) {
- if(uri.contains(includeUrl)) {
- return true;
- }
- }
- return false;
- }
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- }
- @Override
- public void destroy() {
- }
- }
|