首先写一个Controller,专门用于获取token的
@Autowired private UserService userService;
@RequestMapping(value = "/token", method = RequestMethod.POST) @ResponseBody public ResponseEntity<TokenResult> getToken(@RequestBody User user) {//TokenResult包括Token和Message两个属性 try { Token token = userService.getToken(user); //Token 包括String token和Date create两个属性 TokenResult tokenResult = new TokenResult(); if (null == token) { tokenResult.setMessage("User authenticate failed."); // 401 return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(tokenResult); } tokenResult.setToken(token); tokenResult.setMessage("User authenticate successful."); // 创建 return ResponseEntity.status(HttpStatus.CREATED).body(tokenResult); } catch (Exception e) { e.printStackTrace(); } return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null); }
UserService类中
public Token getToken(User user) { // 每次生成会顶掉前面的token if ("admin".equals(user.getName()) && "123456".equals(user.getPassword())) {//举个例子 Token token = new Token(); token.setCreate(new Date()); token.setToken(UUID.randomUUID().toString()); TokenManager.userOfToken.put("admin", token);//TokenManager.userOfToken是一个ConcurrentHashMap return token; } return null; }
然后写获取资源的Controller。这里使用@ModelAttribute注解,它所在的Controller每次在进入requestmapping后会先调用@ModelAttribute所在的方法
这个方法就是校验token的
@Autowired private UserService userService; @ModelAttribute("tokenIdValidateResult") public TokenValidateResult validateTokenId(@RequestHeader HttpHeaders headers) { System.out.println("ResourceController.validateTokenId()"); String tokenId = headers.getFirst("X-Auth-Token");//这个是客户端传过来的,客户端要在请求头中写:X-Auth-Token和token值。也就是说X-Auth-Token使我们自定义要求客户端做的 if (StringUtils.isEmpty(tokenId)) { return TokenValidateResult.TOKEN_EMPTY; } for (Token token : TokenManager.userOfToken.values()) { Date date = new Date(); if (tokenId.equals(token.getToken()) && ((date.getTime() - token.getCreate().getTime()) > (30L * 1000))) {// token有效期30秒 return TokenValidateResult.TOKEN_EXPIRED; } else if (tokenId.equals(token.getToken())) { return TokenValidateResult.SUCCESS; } } return TokenValidateResult.TOKEN_NOT_EXIST; }
最后写获取资源的方法
@RequestMapping(value = "{id}", method = RequestMethod.GET) @ResponseBody
//ResponseEntity<?>注意这里泛型用了“?”,这样可以返回你想要的各种结果 public ResponseEntity<?> queryUserById(@PathVariable("id") Long id, @ModelAttribute("tokenIdValidateResult") TokenValidateResult tokenIdValidateResult, @RequestHeader HttpHeaders headers) { try { if (tokenIdValidateResult == TokenValidateResult.SUCCESS) { User user = this.userService.queryUserById(id); if (null == user) { // 资源不存在,响应404 return ResponseEntity.status(HttpStatus.NOT_FOUND).body(null); } // 资源存在,响应200 // return ResponseEntity.status(HttpStatus.OK).body(user); return ResponseEntity.ok(user); } else if (tokenIdValidateResult == TokenValidateResult.TOKEN_EXPIRED) {//验证不通过的情况 return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("token过期"); } else if (tokenIdValidateResult == TokenValidateResult.TOKEN_EMPTY) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("请填写token"); } else if (tokenIdValidateResult == TokenValidateResult.TOKEN_NOT_EXIST) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("token不存在"); } } catch (Exception e) { e.printStackTrace(); } return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null); }
文章参考http://blog.csdn.net/kingmax54212008/article/details/51785634
