拦截器+ThreadLocal验证用户

ThreadLocal 类定义

public class UserContext {
   	public static final ThreadLocal<String> USER_NAME = new ThreadLocal<>();
}

拦截器编写

@Component
public class UserSecurityInterceptor implements HandlerInterceptor {

    public static final Logger logger = LoggerFactory.getLogger(UserSecurityInterceptor.class);

    @Autowired
    private UserInfoCacheManager userInfoCacheManager;
    
    // 方法处理之前执行
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
        response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, If-None-Match, Access-Control-Allow-Headers, Content-Type,Powered-By");
        response.setHeader("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Content-Type", "application/json;charset=utf-8");
        logger.info("getRequestURL:{}",request.getRequestURL());
        logger.info("getMethod:{}",request.getMethod());
        if("options".equals(request.getMethod().toLowerCase())){

            response.setStatus(200);
            return true;
        }

        try {
            String userToken = "";
            Cookie[] cookies = request.getCookies();
            if (cookies != null) {
                for (Cookie c : cookies) {
                    if ("TICKET".equals(c.getName())) {
                        userToken = c.getValue();
                        break;
                    }
                }
            }

            if (!"".equals(userToken)) {
                User user = userInfoCacheManager.getUser(userToken);
                if (user != null) {
                    UserUtil.USER_NAME.set(user.getName());
                    return true;
                }
            }
        } catch (Exception e) {
            logger.info("access is err,err is",e);
            response.setStatus(500);
            return false;
        }

        response.setStatus(401);
        return false;
    }

    // 方法处理时候执行
    @Override
    public void postHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler,
            ModelAndView modelAndView) throws Exception {
    }

    // 该方法将在整个请求完成之后，也就是DispatcherServlet渲染了视图执行
    @Override
    public void afterCompletion(HttpServletRequest request,
            HttpServletResponse response, Object handler, Exception ex)
            throws Exception {

        //将ThreadLocal数据清空,防止内存泄漏
        UserUtil.USER_NAME.remove();
    }
}

xml中配置拦截器

实际应用

@RequestMapping("/item")
@RestController
public class ItemController {
    public static final Logger logger = LoggerFactory.getLogger(ItemController.class);
    
    @Autowired
    private ItemService itemService;

    @RequestMapping(value="/update",method = RequestMethod.POST)
    public HttpResult update(@RequestBody Item item) {
        // 获得操作人
        ThreadLocal<String> operator = UserUtil.USER_NAME; 
        itemService.update(item);
        // xxxx
    }
}