问题描述
在前端vue中设置的自定义请求头参数:token
控制层可以正常获取到自定义请求头参数
拦截器中无法获取
下方是拦截器代码
@Componentpublic class JWTInterceptor implements HandlerInterceptor {private final Logger logger = LoggerFactory.getLogger(this.getClass());@Autowiredprivate AdminUserAuthRedis userAuthRedis;@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {String token = request.getHeader("token");//验证token是否有效boolean verifyUserAuthToken = userAuthRedis.verifyUserAuthToken(token);if (!verifyUserAuthToken) {MvcCodeStatusEnum expireLogin = MvcCodeStatusEnum.EXPIRE_LOGIN;response.sendError(expireLogin.getCode(), expireLogin.getMessage());response.setStatus(expireLogin.getCode());return false;}//用户访问路径验证boolean verifyUserAccessPaths = verifyUserAccessPaths(request, token);if (!verifyUserAccessPaths) {MvcCodeStatusEnum expireLogin = MvcCodeStatusEnum.ACCESS_NO_PERMISSION;response.sendError(expireLogin.getCode(), expireLogin.getMessage());response.setStatus(expireLogin.getCode());return false;}return true;}/*** 检测用户是否有当前访问路径** @param request 服务请求* @param token 用户登陆到token* @return 有权限则返回true*/private boolean verifyUserAccessPaths(HttpServletRequest request, String token) {Set<String> userAccessPaths = userAuthRedis.getUserAccessPaths(token);if (CollectionUtils.isEmpty(userAccessPaths)) {logger.info("无法获取用户授权路径,请重新授权Token");userAuthRedis.clearLoginInfo(token);//路径验证不通过,需要重新登陆授权return false;}String path = request.getServletPath();String lowerCase = System.getProperty("os.name").toLowerCase();// if (lowerCase.startsWith("win")) {// logger.info("本地环境:{} 暂时忽略权限校验!", path);// return true;// }if (!StringUtils.isEmpty(path)) {// 去掉一层前缀后进行校验int index = path.indexOf("/", 1);if (index != -1) {String substring = path.substring(index + 1);if (substring.startsWith("ignore")) {logger.info("接口路径:{} 权限校验忽略!", path);return true;}}}boolean anyMatch = userAccessPaths.stream().filter(x -> !StringUtils.isEmpty(x)).anyMatch(path::endsWith);if (!anyMatch) logger.info("暂未授权的路径 path:{}", path);return anyMatch;}}
解决方案
在注册拦截器配置的时候加上自定义参数名在allowedHeaders中加上token参数名,并且对OPTIONS请求放行
@Configurationpublic class AccessSecurityConfig implements WebMvcConfigurer {private final Logger logger = LoggerFactory.getLogger(this.getClass());@Autowiredprivate JWTInterceptor jwtInterceptor;@Overridepublic void addCorsMappings(CorsRegistry registry) {registry.addMapping("/**").allowCredentials(false).allowedMethods("POST", "GET", "DELETE", "PUT", "OPTIONS").allowedHeaders("token").allowedOrigins("*");}}
