============= 后端_登录拦截 ============= 前端-请求->拦截器-请求->控制器->... | 判断是否登录 是| |否 放行 拒绝 1 创建登录拦截器 /ysdblog-api/src/main/java/com/weihome/ysdblog/handler/LoginInterceptor.java: @Slf4j @Component public class LoginInterceptor implements HandlerInterceptor { @Autowired LoginService loginService; /** * 前置拦截处理 * 在执行控制器方法之前执行 * 登录验证 */ @Override public boolean preHandle( HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 若所要访问的不是控制器方法,如静态资源(RequestResourceHandler)等 if (!(handler instanceof HandlerMethod)) return true; // 无需验证,直接放行 // 从请求头中获取令牌 String token = request.getHeader("Authorization"); log.info("---------------- REQUEST ----------------"); log.info("Request URI: {}", request.getRequestURI()); log.info("Request Method: {}", request.getMethod()); log.info("Token: {}", token); log.info("-----------------------------------------"); // 若请求头中没有令牌,即尚未登录 if (StringUtils.isBlank(token)) { Result result = Result.fail( ErrorCode.NO_LOGIN.getCode(), ErrorCode.NO_LOGIN.getMsg()); response.setContentType("application/json;charset=utf-8"); response.getWriter().print(JSON.toJSONString(result)); return false; // 验证失败,拒绝访问 } // 若根据令牌找不到用户,即令牌有误 User user = loginService.findUserByToken(token); if (user == null) { Result result = Result.fail( ErrorCode.TOKEN_ERROR.getCode(), ErrorCode.TOKEN_ERROR.getMsg()); response.setContentType("application/json;charset=utf-8"); response.getWriter().print(JSON.toJSONString(result)); return false; // 验证失败,拒绝访问 } return true; // 验证通过,允许访问 } } 2 启用登录拦截器 /ysdblog-api/src/main/java/com/weihome/ysdblog/config/WebMvcConfig.java: ... public class WebMvcConfig implements WebMvcConfigurer { ... @Autowired private LoginInterceptor loginInterceptor; ... @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(loginInterceptor) .addPathPatterns("/test"); } ... } 3 测试控制器 /ysdblog-api/src/main/java/com/weihome/ysdblog/controller/TestController.java: @RestController @RequestMapping("test") public class TestController { @RequestMapping public Result test() { return Result.success(null); } } 4 运行测试 Postman GET localhost:8888/test Headers 没有Authorization --------------------------- { "code": 90002, "msg": "未登录", "success": false } 后端日志: ---------------- REQUEST ---------------- Request URI: /test Request Method: POST Token: null ----------------------------------------- Postman GET localhost:8888/test Headers Authorization: abcd --------------------------- { "code": 10003, "msg": "令牌有误", "success": false } 后端日志: ---------------- REQUEST ---------------- Request URI: /test Request Method: GET Token: abcd ----------------------------------------- Postman GET localhost:8888/test Headers Authorization: eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDk1ODQyMjcsInVzZXJJZCI6MTUwOTM2MzE2Mjc2MjE4Njc1NCwiaWF0IjoxNjQ4Njk1MTk1fQ.cHFM0rmfQvr6frtWJaC1citGTESGt0b25FOBNwPgdlY --------------------------- { "success": true, "code": 200, "msg": "success", "data": null } 后端日志: ---------------- REQUEST ---------------- Request URI: /test Request Method: GET Token: eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDk1ODQyMjcsInVzZXJJZCI6MTUwOTM2MzE2Mjc2MjE4Njc1NCwiaWF0IjoxNjQ4Njk1MTk1fQ.cHFM0rmfQvr6frtWJaC1citGTESGt0b25FOBNwPgdlY -----------------------------------------