springboot攔截器過(guò)濾token,并返回結(jié)果及異常處理操作
1.springboot 攔截器處理過(guò)濾token,并且返回結(jié)果
import org.apache.commons.lang3.StringUtils;import org.apache.shiro.subject.Subject;import org.springframework.lang.Nullable;import org.springframework.stereotype.Component;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.io.PrintWriter;import java.util.Map;@Componentpublic class ECInterceptor implements HandlerInterceptor { /** * @Description 在業(yè)務(wù)處理器處理請(qǐng)求之前被調(diào)用。預(yù)處理,可以進(jìn)行編碼、安全控制等處理; * @Date 2019/5/14 16:04 * @Version 1.0 */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println(request.getRequestURL()+'===========preHandle==========='); String token = request.getParameter('token'); if(StringUtils.isNotEmpty(token)){ Subject subject = ShiroUtil.getSubject(token); if(subject != null && subject.isAuthenticated()){return true; } else{//返回校驗(yàn)token結(jié)果returnJson(response);// return false; //我做的時(shí)候返回?cái)?shù)據(jù)后忘記return false了,所以導(dǎo)致異常 } } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception { System.out.println(request.getContextPath()+'============postHandle=========='); } /** * @Description 在DispatcherServlet完全處理完請(qǐng)求后被調(diào)用,也就是說(shuō)視圖渲染已經(jīng)完畢或者調(diào)用者已經(jīng)拿到結(jié)果 * @Date 2019/5/14 16:05 * @Version 1.0 */ @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception { System.out.println(request.getContextPath()+'============afterCompletion=========='); } private void returnJson(HttpServletResponse response){ PrintWriter writer = null; response.setCharacterEncoding('UTF-8'); response.setContentType('application/json; charset=utf-8'); try { writer = response.getWriter(); Map<String, Object> result = PackageReturnResult.returnJson(400, '用戶令牌token無(wú)效'); result.put('data', null); writer.print(result); } catch (IOException e){ LoggerUtil.logError(ECInterceptor.class, '攔截器輸出流異常'+e); } finally { if(writer != null){writer.close(); } } }}
2.java.lang.IllegalStateException: getWriter() has already been called for this response異常
我再做攔截器處理response數(shù)據(jù)后忘記return false返回,導(dǎo)致攔截器被調(diào)用兩次,報(bào)java.lang.IllegalStateException: getWriter() has already been called for this response異常,犯這樣低級(jí)錯(cuò)誤花了很長(zhǎng)時(shí)間才解決,謹(jǐn)記!!!
[2019-05-27 09:27:17.690] [http-nio-8080-exec-1] [ERROR] [o.a.c.c.C.[.[.[.[dispatcherServlet] :175 ] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: getWriter() has already been called for this response] with root causejava.lang.IllegalStateException: getWriter() has already been called for this responseat org.apache.catalina.connector.Response.getOutputStream(Response.java:548)at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:210)at javax.servlet.ServletResponseWrapper.getOutputStream(ServletResponseWrapper.java:105)at org.springframework.http.server.ServletServerHttpResponse.getBody(ServletServerHttpResponse.java:83)at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.writeInternal(AbstractJackson2HttpMessageConverter.java:255)at org.springframework.http.converter.AbstractGenericHttpMessageConverter.write(AbstractGenericHttpMessageConverter.java:103)at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:290)at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.handleReturnValue(RequestResponseBodyMethodProcessor.java:180)at com.uufund.ecapi.config.returnvalue.HandlerMethodReturnValueHandlerProxy.handleReturnValue(HandlerMethodReturnValueHandlerProxy.java:40)at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:82)at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:119)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at com.uufund.ecapi.config.filter.ECWebFilter.doFilter(ECWebFilter.java:24)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)at java.lang.Thread.run(Thread.java:748)
補(bǔ)充知識(shí):springboot 攔截器過(guò)濾權(quán)限和錯(cuò)誤處理
先說(shuō)異常處理,增加一個(gè)異常處理的類MyControllerAdvice就可以了,不需要其他地方使用,注意使用注解@ControllerAdvice
@ControllerAdvicepublic class MyControllerAdvice { @Resource GetRootPath getRootPath; private static final Logger logger = LoggerFactory.getLogger(MyControllerAdvice.class); public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException { String header = request.getHeader('Origin'); response.setContentType('application/json;charset=UTF-8;'); PrintWriter out = response.getWriter(); out.println(json); out.flush(); out.close(); } /*** * 404處理 * @param e * @return */ @ExceptionHandler(NoHandlerFoundException.class) public void notFountHandler(HttpServletRequest request, HttpServletResponse response, Model model, NoHandlerFoundException e) throws IOException, JSONException { JSONObject json = new JSONObject(); json.put('code', 500); json.put('content', null); json.put('msg', '未找到路徑:'+request.getServletPath()); output(json,request,response); } /** * 運(yùn)行時(shí)異常 * * @param exception * @return */ @ExceptionHandler({RuntimeException.class}) @ResponseStatus(HttpStatus.OK) public void processException(HttpServletRequest request, HttpServletResponse response, Model model, RuntimeException exception) throws JSONException, IOException { JSONObject json = new JSONObject(); json.put('code', 500); json.put('content', null); json.put('msg', exception.getMessage()); output(json,request,response); } /** * Excepiton異常 * * @param exception * @return */ @ExceptionHandler({Exception.class}) @ResponseStatus(HttpStatus.OK) public void processException(HttpServletRequest request, HttpServletResponse response, Model model, Exception exception) throws JSONException, IOException { JSONObject json = new JSONObject(); json.put('code', 500); json.put('content', null); json.put('msg', exception.getMessage()); output(json,request,response); }}
再來(lái)權(quán)限驗(yàn)證的,接手的項(xiàng)目框架中只有驗(yàn)證是否登錄的,沒(méi)有驗(yàn)收權(quán)限的,增加一個(gè)類WebMvcConfig,注意使用注解@Configuration, 不需要在其他地方引用即可起作用,并注意使用excludePathPatterns去掉不需要攔截的部分,否則會(huì)攔截掉靜態(tài)資源。
@Configurationpublic class WebMvcConfig implements WebMvcConfigurer { /** * 添加攔截器 */ @Override public void addInterceptors(InterceptorRegistry registry) { //靜態(tài)資源不攔截 registry.addInterceptor(new LoginInterceptor()).addPathPatterns('/**').excludePathPatterns('/static/**'); }}
增加攔截器類LoginInterceptor
public class LoginInterceptor extends HandlerInterceptorAdapter { /** * 檢查是否已經(jīng)登錄 */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Object username = request.getSession().getAttribute(Constants.LOGIN_USER); String servletPath = request.getServletPath(); String type = request.getHeader('X-Requested-With') == null ? '' : request.getHeader('X-Requested-With'); if (username != null) { //檢查頁(yè)面訪問(wèn)的權(quán)限 if (!'XMLHttpRequest'.equals(type)) {int userId = Integer.valueOf(request.getSession().getAttribute(Constants.LOGIN_USERID).toString());List<ModuleEntity> moduleList = (List<ModuleEntity>) request.getSession().getAttribute(Constants.USER_MODULE);boolean chkResult = methodPermissionLimit(moduleList, servletPath);if(!chkResult){ JSONObject outputMSg = new JSONObject(); outputMSg.put('code', 500); outputMSg.put('content', ''); outputMSg.put('msg', '沒(méi)有權(quán)限'); output(outputMSg, request, response); return false;}else{ return true;} } else {//如果是json訪問(wèn),則不做檢查return true; } } else { //檢查是否登錄允許 if (methodLoginLimit(handler)) {return true; } else {if ('XMLHttpRequest'.equals(type)) { JSONObject outputMSg = new JSONObject(); outputMSg.put('code', 500); outputMSg.put('content', ''); outputMSg.put('msg', '登錄過(guò)期,請(qǐng)重新登陸'); output(outputMSg, request, response); return false;} else { String redirectUrl = request.getContextPath() + '/login'; response.sendRedirect(redirectUrl); return false;} } } } public boolean methodLoginLimit(Object handler) { HandlerMethod method = (HandlerMethod) handler; //獲取當(dāng)前方法PermessionLimit LoginLimit loginLimit = method.getMethodAnnotation(LoginLimit.class); if (loginLimit == null) { //獲取控制器的PermessionLimit loginLimit = method.getMethod().getDeclaringClass().getAnnotation(LoginLimit.class); } if (loginLimit != null && !loginLimit.limit()) { return true; } else { return false; } } /** * 檢查權(quán)限 * * @param moduleList * @param path * @return */ public boolean methodPermissionLimit(List<ModuleEntity> moduleList, String path) { boolean havePermission = moduleList.stream().anyMatch(f->f.getPath().toLowerCase().equals(path.toLowerCase())); return havePermission; } public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException { String header = request.getHeader('Origin'); response.setContentType('application/json;charset=UTF-8;'); PrintWriter out = response.getWriter(); out.println(json); out.flush(); out.close(); }}
這樣的攔截器只對(duì)頁(yè)面地址進(jìn)行攔截,對(duì)ajax提交的數(shù)據(jù)不做處理,做普通項(xiàng)目的權(quán)限過(guò)濾是可以了。
以上這篇springboot攔截器過(guò)濾token,并返回結(jié)果及異常處理操作就是小編分享給大家的全部?jī)?nèi)容了,希望能給大家一個(gè)參考,也希望大家多多支持好吧啦網(wǎng)。
網(wǎng)公網(wǎng)安備