• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• agile-wroking-backend-master
  • src
    • main
      • resources
        • logback.xml
        • application-dev.properties
        • application-prd.properties
        • application.properties
      • java
        • org
          • catframework
            • agileworking
              • vo
                • ScheduleVO.java
                • NotifyMessageTemplate.java
              • utils
                • JsonUtils.java
                • DateUtils.java
              • web
                • WechatController.java
                • support
                  • DefaultResult.java
                  • Result.java
                  • GlobalExceptionHandler.java
                  • WebTokenHandlerInterceptor.java
                • TeamController.java
                • package-info.java
                • ParticipantController.java
                • ScheduleController.java
                • MeetingRoomController.java
              • common
                • ResponseCodes.java
              • service
                • impl
                  • SimpleJJWTWebTokenServiceImpl.java
                  • ScheduleServiceImpl.java
                • ScheduleService.java
                • package-info.java
                • WebTokenService.java
              • scheduling
                • SendNotifyMessageJob.java
              • BusinessException.java
              • domain
                • ScheduleRepositoryImpl.java
                • ParticipantRepository.java
                • Team.java
                • ScheduleRepositoryCustom.java
                • MeetingRoom.java
                • package-info.java
                • Participant.java
                • MeetingRoomRepository.java
                • ScheduleRepository.java
                • User.java
                • UserRepository.java
                • TeamRepository.java
                • Schedule.java
              • Application.java
    • test
      • resources
        • logback-test.xml
      • java
        • org
          • catframework
            • agileworking
              • vo
                • NotifyMessageTemplateTest.java
              • utils
                • JsonUtilsTest.java
                • DateUtilsTest.java
              • web
                • WechatControllerIntegrationTest.java
                • MeetingRoomControllerTest.java
                • TeamControllerTest.java
                • ScheduleControllerTest.java
                • MeetingRoomControllerIntegrationTest.java
              • service
                • impl
                  • ScheduleServiceImplTest.java
                  • WeChatApiIntegrationTest.java
                  • SimpleJJWTWebTokenServiceImplTest.java
              • scheduling
                • SendNotifyMessageJobTest.java
              • package-info.java
              • domain
                • UserFactory.java
                • MeetingRoomFactory.java
                • ScheduleTest.java
                • TeamFactory.java
                • ScheduleFactory.java
                • ScheduleRepositoryTest.java
  • db
    • init.sql
  • pom.xml
  • LICENSE
  • README.md
  • .gitignore
  • docs
    • demo.gif

package org.catframework.agileworking.web.support;

import java.util.Arrays;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.catframework.agileworking.service.WebTokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;
import org.springframework.util.PathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/**
 * 自定义拦截器实现了 WebToken 的校验.
 * 
 * @author devzzm
 */
public class WebTokenHandlerInterceptor implements HandlerInterceptor {

	@Autowired
	private WebTokenService webTokenService;

	private String[] ignoreUriPatterns;

	private PathMatcher pathMatcher = new AntPathMatcher();

	private String tokenKey = "Authorization";

	private String subjectKey = "Subject";

	@Override
	public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
		if (isIgnoreUri(req.getRequestURI())) {
			return true;
		} else {
			String token = req.getHeader(tokenKey);
			Assert.notNull(token, "Authorization 不可为空.");
			String subject = req.getHeader(subjectKey);
			Assert.notNull(subject, "Subject 不可为空.");
			Assert.isTrue(webTokenService.verify(subject, token), "Web Token 校验失败.");
			return true;
		}
	}

	private boolean isIgnoreUri(String uri) {
		if (null == ignoreUriPatterns)
			return false;
		return Arrays.asList(ignoreUriPatterns).stream().anyMatch(p -> pathMatcher.match(p, uri));
	}

	@Override
	public void afterCompletion(HttpServletRequest req, HttpServletResponse resp, Object handler, Exception e)
			throws Exception {
		// do nothing
	}

	@Override
	public void postHandle(HttpServletRequest req, HttpServletResponse resp, Object handler, ModelAndView m)
			throws Exception {
		// do nothing
	}

	public void setWebTokenService(WebTokenService webTokenService) {
		this.webTokenService = webTokenService;
	}

	@Value("${web.token.ignore.uri.pattern}")
	public void setIgnoreUripattern(String ignoreUripattern) {
		if (!StringUtils.isEmpty(ignoreUripattern))
			ignoreUriPatterns = StringUtils.tokenizeToStringArray(ignoreUripattern, ",");
	}
}