API请求添加Token验证机制

第一步：添加拦截器

@Configuration
public class MyWebConfig implements WebMvcConfigurer {

    //添加拦截器，配置哪些请求需要经过拦截，哪些请求直接放行
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        //将自定义拦截器注册到webmvc中，同时设置哪些请求进行拦截 哪些请求进行放行
        registry.addInterceptor(new MyInterceptor())
                .addPathPatterns("/api/**")//拦截的
                .excludePathPatterns("/api/system/user/login/**")//放行的
                .excludePathPatterns("/api/system/user/get/token/**");//放行的
    }

}

第二步：生成Token工具

public class TokenUtils {

    private static final String SECRET_KEY = "my_secret_key";
    private static final long EXPIRATION_TIME = 900000;

    public static String generateToken(String username) {
        Date now = new Date();
        Date expiration = new Date(now.getTime() + EXPIRATION_TIME);
        return Jwts.builder()
                .setSubject(username)
                .setIssuedAt(now)
                .setExpiration(expiration)
                .signWith(SignatureAlgorithm.HS256, SECRET_KEY)
                .compact();
    }

    public static boolean validateToken(String token) {
        try {
            Claims claims = Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
            return claims.getExpiration().after(new Date());
        } catch (Exception e) {
            return false;
        }
    }

}

第三步：请求获取Token

    @GetMapping("/get/token")
    @Operation(summary = "获取token", description = "获取token")
    public Response getToken(String account) {
        return SingleResponse.of(TokenUtils.generateToken(account));
    }

第四步：发起请求时拦截比对验证Token

public class MyInterceptor implements HandlerInterceptor {

    //方法执行前进行拦截
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //从请求头部中中获取到token
        String token = request.getHeader("Token");
        if (ObjectUtils.isEmpty(token)||!TokenUtils.validateToken(token)) {
            throw new BizException(BasicErrorCode.TOKEN_INVALID_REQUEST_FAILED, BasicErrorCode.TOKEN_INVALID_REQUEST_FAILED.getErrDesc());
        }
        return true;
    }

}