java作为服务端提供api时验证token

package com.lst.classifydeviceapi.filter;  import com.lst.api.enummsg.ReturnMsg; import com.lst.api.utils.JsonUtils; import com.lst.api.utils.TokenUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException;   @Component @WebFilter(urlPatterns = { "/*" }, filterName = "tokenAuthorFilter") public class TokenAuthorFilter implements Filter {      private static Logger logger = LoggerFactory             .getLogger(TokenAuthorFilter.class);       @Override     public void destroy() {      }     @Override     public void doFilter(ServletRequest request, ServletResponse response,                          FilterChain chain) throws IOException, ServletException {         HttpServletRequest req = (HttpServletRequest) request;         HttpServletResponse rep = (HttpServletResponse) response;          //设置允许跨域的配置         // 这里填写你允许进行跨域的主机ip（正式上线时可以动态配置具体允许的域名和IP）         rep.setHeader("Access-Control-Allow-Origin", "*");         // 允许的访问方法         rep.setHeader("Access-Control-Allow-Methods","POST, GET, PUT, OPTIONS, DELETE, PATCH");         // Access-Control-Max-Age 用于 CORS 相关配置的缓存         rep.setHeader("Access-Control-Max-Age", "3600");         rep.setHeader("Access-Control-Allow-Headers","token,Origin, X-Requested-With, Content-Type, Accept");           response.setCharacterEncoding("UTF-8");         response.setContentType("application/json; charset=utf-8");         String token = req.getHeader("token");//header方式         ReturnMsg resultInfo = new ReturnMsg();         boolean isFilter = false;           String method = ((HttpServletRequest) request).getMethod();         if (method.equals("OPTIONS")) {             rep.setStatus(HttpServletResponse.SC_OK);         }else{             if (null == token || token.isEmpty()) {                 resultInfo.setCode("false");                 resultInfo.setMessage("用户授权认证没有通过!客户端请求参数中无token信息");             } else {                 if (TokenUtil.volidateToken(token)) {                     resultInfo.setCode("true");                     resultInfo.setMessage("用户授权认证通过!");                     isFilter = true;                 } else {                     resultInfo.setCode("false");                     resultInfo.setMessage("用户授权认证没有通过!客户端请求参数token信息无效");                 }             }             if (resultInfo.getCode() == "false") {// 验证失败                 try {                     JsonUtils.sendUtilsError(rep,resultInfo.getMessage());                 } catch (Exception e) {                     logger.error("过滤器返回信息失败:" + e.getMessage(), e);                 }             }         }         if (isFilter) {                 logger.info("token filter过滤ok!");                 chain.doFilter(request, response);             }     }     @Override     public void init(FilterConfig arg0) throws ServletException {      }  }  

来源：51CTO

作者：奋斗小牛

链接：https://blog.csdn.net/FORLOVEHUAN/article/details/100887568