util/filter/SessionFilter.java

package com.zkh360.api.user.filter;

import com.zkh360.core.util.redis.RedisService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@WebFilter(filterName = "SessionFilter",urlPatterns = {"/*"})
public class SessionFilter implements Filter {

    @Autowired
    private RedisService redisService;

    //标示符：表示当前用户未登录(可根据自己项目需要改为json样式)
    String LOGIN_EXPIRED = "{\"stateCode\":\"1002\",\"message\":\"用户信息失效\"}";

    //必须要登陆后才可以访问的接口
    String[] includeUrls = new String[]{
            "/h5/shoppingCart",
            "/h5/order",
            "/h5/shoppingCart/add",
            "/h5/shoppingCart/delete",
            "/h5/shoppingCart/update",
            "/h5/shoppingCart/inquiry",
            "/h5/inquiry",
            "h5/list",
            "/h5/invoice",
            "/h5/ReceiveAddress",
            "/h5/logistics",
            "/h5/password/update",
            "/h5/userinfo",
            "token"
    };


    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpSession session = request.getSession(false);
        ServletContext servletContext = request.getServletContext();
        //获取请求的token
        String requestAuthorization = request.getHeader("Authorization");
        String method = request.getMethod();

        String uri = request.getRequestURI();
        if(isNeedAuthorization(uri) && !"options".equalsIgnoreCase(request.getMethod())){
            if(StringUtils.isBlank(requestAuthorization)){
                // Authorization不存在，返回登陆过期
                setResponseParam(response);
                return;
            }
        }

        if(StringUtils.isBlank(requestAuthorization)){
            // 未登录过 发票ID为null
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        //获取与token绑定的invoiceId
        if (!redisService.exists(requestAuthorization)){
            // Authorization不存在，返回登陆过期
            setResponseParam(response);
            return;
        }
        String invoiceIdValue = redisService.get(requestAuthorization).toString();
        //验证invoceId是否可用
        if(StringUtils.isNotBlank(invoiceIdValue)){
            // 已登陆 给发票ID赋值
            servletContext.setAttribute(requestAuthorization,invoiceIdValue);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }else{
            // 登陆过期，重新登陆
            setResponseParam(response);
            return;
        }
    }

    private void setResponseParam(HttpServletResponse response)throws IOException{
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");
        response.setHeader("Access-Control-Allow-Origin","*");
        response.getWriter().write(this.LOGIN_EXPIRED);
    }

    /**
     * @Description: 是否必须要登陆
     * @param uri
     */
    public boolean isNeedAuthorization(String uri) {

        for (String includeUrl : includeUrls) {
            if(uri.contains(includeUrl)) {
                return true;
            }
        }
        return false;
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void destroy() {

    }
}