From aea8929bf1efcef4dcc34f2311c29748e143b2bb Mon Sep 17 00:00:00 2001 From: xiaohuo <14141624+dsgfhrh@user.noreply.gitee.com> Date: Wed, 29 Oct 2025 20:27:02 +0800 Subject: [PATCH] =?UTF-8?q?10.29=E8=81=8A=E5=A4=A9url=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/WebSocketHandshakeInterceptor.java | 104 +++++++++++++----- 1 file changed, 75 insertions(+), 29 deletions(-) diff --git a/ALOps_sys_backend/alops-framework/src/main/java/com/alops/framework/config/WebSocketHandshakeInterceptor.java b/ALOps_sys_backend/alops-framework/src/main/java/com/alops/framework/config/WebSocketHandshakeInterceptor.java index 5e937dde..9b560764 100644 --- a/ALOps_sys_backend/alops-framework/src/main/java/com/alops/framework/config/WebSocketHandshakeInterceptor.java +++ b/ALOps_sys_backend/alops-framework/src/main/java/com/alops/framework/config/WebSocketHandshakeInterceptor.java @@ -1,16 +1,19 @@ package com.alops.framework.config; import com.alops.common.core.domain.model.LoginUser; +import com.alops.common.utils.StringUtils; import com.alops.framework.web.service.TokenService; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; +import org.springframework.http.server.ServletServerHttpRequest; import org.springframework.stereotype.Component; import org.springframework.web.socket.WebSocketHandler; import org.springframework.web.socket.server.HandshakeInterceptor; +import javax.servlet.http.HttpServletRequest; import java.util.List; import java.util.Map; //拦截器设置,首先在springscrity放行 @@ -20,43 +23,86 @@ public class WebSocketHandshakeInterceptor implements HandshakeInterceptor { @Autowired private TokenService tokenService; - +//Sec-WebSocket-Protocol方式的 +// @Override +// public boolean beforeHandshake(ServerHttpRequest request, +// ServerHttpResponse response, +// WebSocketHandler wsHandler, +// Map attributes) { +// +// try { +// List protocols = request.getHeaders().get("Sec-WebSocket-Protocol"); +// if (protocols == null || protocols.isEmpty()) { +// log.warn("【WS握手失败】未携带Token"); +// return false; +// } +// +// String token = protocols.get(0); +// LoginUser loginUser = tokenService.getLoginUser(token); +// if (loginUser == null) { +// log.warn("【WS握手失败】无效Token"); +// return false; +// } +// +// // 验证并刷新 Token +// tokenService.verifyToken(loginUser); +// +// // 设置返回协议头(必须,否则浏览器报错) +// response.getHeaders().add("Sec-WebSocket-Protocol", token); +// +// // 把用户信息写入 session attributes +// attributes.put("loginUser", loginUser); +// log.info("【WS握手成功】用户:{}", loginUser.getUsername()); +// return true; +// +// } catch (Exception e) { +// log.error("【WS握手异常】", e); +// return false; +// } +// } +//http请求的 @Override - public boolean beforeHandshake(ServerHttpRequest request, - ServerHttpResponse response, - WebSocketHandler wsHandler, - Map attributes) { +public boolean beforeHandshake(ServerHttpRequest request, + ServerHttpResponse response, + WebSocketHandler wsHandler, + Map attributes) { + try { + // 1. 转为 HttpServletRequest 获取参数 + if (!(request instanceof ServletServerHttpRequest)) { + log.warn("【WS握手失败】请求类型非 Servlet"); + return false; + } + HttpServletRequest servletRequest = ((ServletServerHttpRequest) request).getServletRequest(); - try { - List protocols = request.getHeaders().get("Sec-WebSocket-Protocol"); - if (protocols == null || protocols.isEmpty()) { - log.warn("【WS握手失败】未携带Token"); - return false; - } + // 2. 从 URL 参数获取 token + String token = servletRequest.getParameter("token"); + if (StringUtils.isEmpty(token)) { + log.warn("【WS握手失败】未携带Token参数"); + return false; + } - String token = protocols.get(0); - LoginUser loginUser = tokenService.getLoginUser(token); - if (loginUser == null) { - log.warn("【WS握手失败】无效Token"); - return false; - } + // 3. 获取用户 + LoginUser loginUser = tokenService.getLoginUser(token); + if (loginUser == null) { + log.warn("【WS握手失败】无效Token"); + return false; + } - // 验证并刷新 Token - tokenService.verifyToken(loginUser); + // 4. 验证并刷新 Token + tokenService.verifyToken(loginUser); - // 设置返回协议头(必须,否则浏览器报错) - response.getHeaders().add("Sec-WebSocket-Protocol", token); + // 5. 把用户信息写入 session attributes + attributes.put("loginUser", loginUser); + log.info("【WS握手成功】用户:{}", loginUser.getUsername()); - // 把用户信息写入 session attributes - attributes.put("loginUser", loginUser); - log.info("【WS握手成功】用户:{}", loginUser.getUsername()); - return true; + return true; - } catch (Exception e) { - log.error("【WS握手异常】", e); - return false; - } + } catch (Exception e) { + log.error("【WS握手异常】", e); + return false; } +} + @Override public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response,