springboot * 过滤token,并返回结果及异常处理操作
作者:随风yy 发布时间:2023-02-19 11:45:50
标签:springboot, , ,过滤,token
1.springboot * 处理过滤token,并且返回结果
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
@Component
public class ECInterceptor implements HandlerInterceptor {
/**
* @Description 在业务处理器处理请求之前被调用。预处理,可以进行编码、安全控制等处理;
* @Date 2019/5/14 16:04
* @Version 1.0
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println(request.getRequestURL()+"===========preHandle===========");
String token = request.getParameter("token");
if(StringUtils.isNotEmpty(token)){
Subject subject = ShiroUtil.getSubject(token);
if(subject != null && subject.isAuthenticated()){
return true;
} else{
//返回校验token结果
returnJson(response);
// return false; //我做的时候返回数据后忘记return false了,所以导致异常
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
System.out.println(request.getContextPath()+"============postHandle==========");
}
/**
* @Description 在DispatcherServlet完全处理完请求后被调用,也就是说视图渲染已经完毕或者调用者已经拿到结果
* @Date 2019/5/14 16:05
* @Version 1.0
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
System.out.println(request.getContextPath()+"============afterCompletion==========");
}
private void returnJson(HttpServletResponse response){
PrintWriter writer = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
try {
writer = response.getWriter();
Map<String, Object> result = PackageReturnResult.returnJson(400, "用户令牌token无效");
result.put("data", null);
writer.print(result);
} catch (IOException e){
LoggerUtil.logError(ECInterceptor.class, " * 输出流异常"+e);
} finally {
if(writer != null){
writer.close();
}
}
}
}
2.java.lang.IllegalStateException: getWriter() has already been called for this response异常
我再做 * 处理response数据后忘记return false返回,导致 * 被调用两次,报java.lang.IllegalStateException: getWriter() has already been called for this response异常,犯这样低级错误花了很长时间才解决,谨记!!!
[2019-05-27 09:27:17.690] [http-nio-8080-exec-1 ] [ERROR] [o.a.c.c.C.[.[.[.[dispatcherServlet] :175 ] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: getWriter() has already been called for this response] with root cause
java.lang.IllegalStateException: getWriter() has already been called for this response
at org.apache.catalina.connector.Response.getOutputStream(Response.java:548)
at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:210)
at javax.servlet.ServletResponseWrapper.getOutputStream(ServletResponseWrapper.java:105)
at org.springframework.http.server.ServletServerHttpResponse.getBody(ServletServerHttpResponse.java:83)
at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.writeInternal(AbstractJackson2HttpMessageConverter.java:255)
at org.springframework.http.converter.AbstractGenericHttpMessageConverter.write(AbstractGenericHttpMessageConverter.java:103)
at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:290)
at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.handleReturnValue(RequestResponseBodyMethodProcessor.java:180)
at com.uufund.ecapi.config.returnvalue.HandlerMethodReturnValueHandlerProxy.handleReturnValue(HandlerMethodReturnValueHandlerProxy.java:40)
at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:82)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:119)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.uufund.ecapi.config.filter.ECWebFilter.doFilter(ECWebFilter.java:24)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
补充知识:springboot * 过滤权限和错误处理
先说异常处理,增加一个异常处理的类MyControllerAdvice就可以了,不需要其他地方使用,注意使用注解@ControllerAdvice
@ControllerAdvice
public class MyControllerAdvice {
@Resource
GetRootPath getRootPath;
private static final Logger logger = LoggerFactory.getLogger(MyControllerAdvice.class);
public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
/***
* 404处理
* @param e
* @return
*/
@ExceptionHandler(NoHandlerFoundException.class)
public void notFountHandler(HttpServletRequest request, HttpServletResponse response, Model model, NoHandlerFoundException e) throws IOException, JSONException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", "未找到路径:"+request.getServletPath());
output(json,request,response);
}
/**
* 运行时异常
*
* @param exception
* @return
*/
@ExceptionHandler({RuntimeException.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request, HttpServletResponse response, Model model, RuntimeException exception) throws JSONException, IOException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", exception.getMessage());
output(json,request,response);
}
/**
* Excepiton异常
*
* @param exception
* @return
*/
@ExceptionHandler({Exception.class})
@ResponseStatus(HttpStatus.OK)
public void processException(HttpServletRequest request, HttpServletResponse response, Model model, Exception exception) throws JSONException, IOException {
JSONObject json = new JSONObject();
json.put("code", 500);
json.put("content", null);
json.put("msg", exception.getMessage());
output(json,request,response);
}
}
再来权限验证的,接手的项目框架中只有验证是否登录的,没有验收权限的,增加一个类WebMvcConfig,注意使用注解@Configuration, 不需要在其他地方引用即可起作用,并注意使用excludePathPatterns去掉不需要拦截的部分,否则会拦截掉静态资源。
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 添加 *
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//静态资源不拦截
registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/static/**");
}
}
增加 * 类LoginInterceptor
public class LoginInterceptor extends HandlerInterceptorAdapter {
/**
* 检查是否已经登录
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object username = request.getSession().getAttribute(Constants.LOGIN_USER);
String servletPath = request.getServletPath();
String type = request.getHeader("X-Requested-With") == null ? "" : request.getHeader("X-Requested-With");
if (username != null) {
//检查页面访问的权限
if (!"XMLHttpRequest".equals(type)) {
int userId = Integer.valueOf(request.getSession().getAttribute(Constants.LOGIN_USERID).toString());
List<ModuleEntity> moduleList = (List<ModuleEntity>) request.getSession().getAttribute(Constants.USER_MODULE);
boolean chkResult = methodPermissionLimit(moduleList, servletPath);
if(!chkResult){
JSONObject outputMSg = new JSONObject();
outputMSg.put("code", 500);
outputMSg.put("content", "");
outputMSg.put("msg", "没有权限");
output(outputMSg, request, response);
return false;
}else{
return true;
}
} else {
//如果是json访问,则不做检查
return true;
}
} else {
//检查是否登录允许
if (methodLoginLimit(handler)) {
return true;
} else {
if ("XMLHttpRequest".equals(type)) {
JSONObject outputMSg = new JSONObject();
outputMSg.put("code", 500);
outputMSg.put("content", "");
outputMSg.put("msg", "登录过期,请重新登陆");
output(outputMSg, request, response);
return false;
} else {
String redirectUrl = request.getContextPath() + "/login";
response.sendRedirect(redirectUrl);
return false;
}
}
}
}
public boolean methodLoginLimit(Object handler) {
HandlerMethod method = (HandlerMethod) handler;
//获取当前方法PermessionLimit
LoginLimit loginLimit = method.getMethodAnnotation(LoginLimit.class);
if (loginLimit == null) {
//获取控制器的PermessionLimit
loginLimit = method.getMethod().getDeclaringClass().getAnnotation(LoginLimit.class);
}
if (loginLimit != null && !loginLimit.limit()) {
return true;
} else {
return false;
}
}
/**
* 检查权限
*
* @param moduleList
* @param path
* @return
*/
public boolean methodPermissionLimit(List<ModuleEntity> moduleList, String path) {
boolean havePermission = moduleList.stream().anyMatch(f->f.getPath().toLowerCase().equals(path.toLowerCase()));
return havePermission;
}
public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
String header = request.getHeader("Origin");
response.setContentType("application/json;charset=UTF-8;");
PrintWriter out = response.getWriter();
out.println(json);
out.flush();
out.close();
}
}
这样的 * 只对页面地址进行拦截,对ajax提交的数据不做处理,做普通项目的权限过滤是可以了。
来源:https://blog.csdn.net/yaomingyang/article/details/90597659
0
投稿猜你喜欢
1. 算法分析根据概率将奖品划分区间,每个区间代表一个奖品,然后抽取 随机数,反查落在那个区间上,即为所抽取的奖品。2. 代码核心- 相信大家都经常使用String 的split方法,但是大家有没有遇到下面的这种情况:大家想想下面的代码执行结果是什么public stati
- 1、启动新Activty1.1、功能分析App功能在第一个Activity输入消息点击第一个Activity的发送按钮发送消息到第二个Act
- Collections工具类Java里关于聚合的工具类,包含有各种有关集合操作的静态多态方法,不能实例化(把构造函数私有化)public c
- Android UI 实现 * 详解listview 的使用步骤简单的listview * 实现1.实现效果图2.需要掌握的知识listvi
- 背景介绍你刚从学校毕业后,到新公司实习,试用期又被毕业,然后你又不得不出来面试,好在面试的时候碰到个美女面试官!面试官: 小伙子,
- 简单介绍华为鸿蒙系统应用开发工具 DevEco Studio的安装和使用据说12月份鸿蒙系统会推出手机的SDK哦,作为一名普通的开发者,表示
- 视频演示:springboot+vue音乐网站摘要网络技术以及计算机的发展,网友们对网络的要求也日益长高,平常在网上听话用一大堆下载软件下载
- 对象是对类的实例化。对象具有状态和行为,变量用来表明对象的状态,方法表明对象所具有的行为。Java 对象的生命周期包括创建、使用和清除。一、
- 在项目中有一个需求是需要在局域网内跨PC远程调用一个程序,并且要求有界面显示,调查了一些资料,能实现远程调用的.Net技术大概有PsExec
- Feign的作用是将Http请求抽象化为一个Interface客户端,可以调用接口的形式来执行Http请求,以达到简化Http调用的目的。F
- 顺序结构我们之前写的大多代码都是顺序结构的,即按照代码的顺序一行一行的执行代码1 System.out.println("you&
- 有时候,我们在同一个activity里面有很多fragment,在横竖屏的时候,有些fragment要求重新加载数据,有些不需要,如何简单控
- 目录MultipartFile转FileFile转MultipartFile PS:file转base64字符串Multipart
- 本文主要介绍了Android 获取屏幕的多种宽高信息的示例代码,分享给大家,具体如下:包含的宽高信息如下图所示:在模拟器上获取到的数据:08
- public static String getCharset(File file) { &n
- java8的stream流能完美解对象集合去重问题. List<UserCar> list1 = new ArrayList()
- 1.pom文件导入依赖<!-- kafka --><dependency> <groupId>
- 实例如下:#region 自定义变量 int currentCol = -1; bool sort; #
- 本文较为详细的分析了C#中sleep和wait的区别。分享给大家供大家参考。具体分析如下:sleep和wait都是使线程暂时停止执行的方法,
