1、验证过滤器进行权限验证的原理。
![](https://img-blog.csdnimg.cn/direct/a03cb90fbf8b4824ab47a0f167a4d2e3.png)
![](https://img-blog.csdnimg.cn/direct/fe6453a842ea4ebbb74b1554747642c8.png)
![](https://img-blog.csdnimg.cn/direct/e4ed2babe0134b299763d353998c4657.png)
代码展示:
@Slf4j
@WebFilter(urlPatterns = "/*")
public class LoginCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String url = req.getRequestURL().toString();
log.info("请求的url: {}",url);
if(url.contains("login")){
log.info("登录操作, 放行...");
chain.doFilter(request,response);
return;
}
String jwt = req.getHeader("token");
if(!StringUtils.hasLength(jwt)){
log.info("请求头token为空,返回未登录的信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return;
}
try {
JwtUtils.parseJWT(jwt);
} catch (Exception e) {//jwt解析失败
e.printStackTrace();
log.info("解析令牌失败, 返回未登录错误信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return;
}
log.info("令牌合法, 放行");
chain.doFilter(request, response);
}
}
2、Apifox的使用
![](https://img-blog.csdnimg.cn/direct/a625cebe94f941b09bc1cb6a4c520310.png)
![](https://img-blog.csdnimg.cn/direct/343d7ec4c98a4918b64142a471f542b8.png)
3、Git的继续使用
![](https://img-blog.csdnimg.cn/direct/b5bd5df8a14d453781442ad318426e44.png)
![](https://img-blog.csdnimg.cn/direct/235343d9d1e340e68830a9b18fd13840.png)
![](https://img-blog.csdnimg.cn/direct/c9ae9a5fee6c4f93abf1fbad9005c14a.png)